1. Home
  2. Huawei
  3. H12-721

HCIP-Security-CISN V3.0

Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certification
  • Vendor
    :Huawei
  • Total Questions
    :65 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei Huawei Certification H12-721 Questions & Answers

  • Question 41:

    When using the SSL VPN client, it initiates network expansion "Connect gateway mate lost", what are the causes of this failure? (Choose three answers)

    A. If you are using a proxy server, network extension client proxy server settings wrong.

    B. PC and virtual gateway routing between unreachable TCP .

    C. Network expansion between the client and the virtual gateway connection is blocked by the firewall.

    D. Username and password configuration errors.

  • Question 42:

    HRP technology can achieve an alternate configuration of the firewall that does not need any kind of information, all the configuration information are synchronized to the primary firewall HRP prepared by a firewall, and configuration information is not lost after restart.

    A. TRUE

    B. FALSE

  • Question 43:

    An enterprise branch firewall is configured for NAT. As shown in the figure, USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you need to configure what on USG_B? (Choose two answers)

    A. Configure a NAT Policy, citing the rule to allow the network segment's source and destination IP addresses for the ACL.

    B. Configuration the IKE peer, use name authentication, and remote-address of the interface address on USG_A.

    C. Configure a NAT Policy, where there is first a deny IPsec rule within the enterprise network to protect the data flow from within the headquarters of the network, and then permit the enterprise network to the Internet network data stream.

    D. Configure a IPSec policy template, citing the IKE peer.

  • Question 44:

    In static fingerprint filtering for different packets with different processing methods, which of the following statements is correct? (Choose two answers)

    A. TCP / UDP / custom services can be based on the load (ie, packet data segment) fingerprints.

    B. DNS packets fingerprints for Query ID.

    C. HTTP packets fingerprints for Universal Resource Identifier URI (Uniform Resource Identifier).

    D. ICMP packets through fingerprints identifier.

  • Question 45:

    A user has been successfully authenticated using an SSL VPN. However, users can not access the Web-link resources through the Web server.

    Using the information provided, which of the following is correct?

    A. Network server does not have the Web services enabled.

    B. Virtual Gateway policy configuration error

    C. Virtual connection between the gateway and the network server is not normal

    D. Virtual gateway and network server is unreachable

  • Question 46:

    Below displays the IKE V1 first stage pre-shared key mode during the main mode packet switching crawl. Based on the information shown, the crawl occurs under which packet?

    A. IKE first or second Message

    B. IKE third or fourth Message

    C. IKE fifth or sixth Message

    D. IKE seventh or eighth Message

  • Question 47:

    Interface management information and service control information are transmitted on the same channel.

    A. TRUE

    B. FALSE

  • Question 48:

    IP-link probe packets will be sent to the specified IP address by default when the probe fails three times, enabling this interface if the main link fails.

    A. TRUE

    B. FALSE

  • Question 49:

    Two endpoints cannot build a successful IPsec VPN session. Which of the following firewall configuation errors could be the problem? (Choose three answers)

    A. A device does not have a route to the peer within the network.

    B. A gateway configuration on both ends with the referenced ACL security policy

    C. The gateway configuration on both ends of the IPsec proposal is inconsistent.

    D. Both ends are not configured for DPD.

  • Question 50:

    Which of the following does an IPSec VPN use to encrypt the communication data stream?

    A. Public Key Encryption

    B. Private key encryption

    C. Symmetric key encryption

    D. Pre-shared key encryption

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.