H12-721 Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certifications
  • Vendor
    :Huawei
  • Total Questions
    :245 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei H12-721 Online Questions & Answers

  • Question 51:

    What do we want to achieve with Virtual firewalls on a single physical firewall device where we create virtual multiple logical firewalls and multiple instances? (Choose three answers)

    A. Security multiple instances
    B. VPN multi-instance
    C. configure multiple instances
    D. exchange multiple instances

  • Question 52:

    After the firewall creates a new security instance, the firewall does not have any security zones assigned to the new instance and the administrator needs to configure them.

    A. TRUE
    B. FALSE

  • Question 53:

    When configured behind a firewall stateful failover, in the Web configuration interface, select "System> High Reliability> hot standby", click "Check HRP configuration consistency" corresponding "check" button.

    Pop-up window, as shown, which of the following configurations can solve the problem (assuming heartbeat interface is added to the DMZ zone)?

    A. firewall packet-filter default permit interzone trust locaI
    B. firewall packet-filter default permit interzone trust dmz
    C. firewall packet-filter default permit interzone untrust dmz
    D. firewall packet-filter default permit interzone local

  • Question 54:

    In the firewall DDos attack prevention technology, the Anti-DDoS prevents attacks based on what?

    A. Based on the ability of the application to authenticate the source address of the packet, the application, and the cleaning equipment source by sending probe packets to prevent the attack traffic source.
    B. session-based concurrent connections to the defense, where the new connection or abnormal connections exceeds the threshold levels..
    C. Mainly by fingerprint analysis to study and get traffic capture feature to prevent bots or initiate the attack traffic through a proxy to distinguish normal user access behavior.
    D. By detecting the session using filter scanning packets and special control packets.

  • Question 55:

    An administrator views the status information and IPsec Debug information as follows: What is the most likely reason for failure?

    A. The end ike ike peer strategies and policies do not match
    B. The end ike remote name and peer ike name does not match
    C. The end ipsec proposal and peer ipsec proposal does not match
    D. The end of the Security acl or does not match the peer Security acl

  • Question 56:

    An enterprise network flow is shown below. Server A can not access the server B, administrators troubleshoot and found that server A can access the firewall A, but can not access the firewall B.

    What method will administrators use to troubleshoot this problem?

    A. stratification
    B. Break Law
    C. substitution method
    D. Block Method

  • Question 57:

    IPsec tunneling is used as a backup connection as shown below:

    Which of the following statements are true about the tunnel interface? (Choose two answers)

    A. IPsec security policy should be applied to the tunnel interface
    B. Protocol for the Tunnel Interface must be GRE.
    C. Tunnel interface needs to be configured on the IP address and the IP address of the gateway. The external network IP address of the outgoing interface must be in the same network segment.
    D. Tunnel interfaces can be added to any security zone, provided they have the appropriate inter-domain security policies.

  • Question 58:

    With regard to virtual gateway type and shared exclusive type, which of the following statement is correct? (Choose three answers)

    A. Exclusive monopoly-type virtual gateway IP address.
    B. When the network IP address of tension, it is recommended to use share-based virtual gateway.
    C. Exclusive domain model can be used to access the virtual gateway.
    D. Multiple Shared Web Gateway, distinguished by its IP address.

  • Question 59:

    IPSec with AH and ESP support NAT traversal.

    A. TRUE
    B. FALSE

  • Question 60:

    Which statement is correct regarding the Eth-trunk function? (Choose three answers)

    A. improves communication bandwidth of the link
    B. improves data security
    C. Traffic load balancing
    D. improves the reliability of the link

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.