Huawei H12-722 Online Practice Questions and Exam Preparation

Huawei H12-722 Online Questions & Answers

• Question 1:

  IPS is an intelligent intrusion detection and defense product. It can not only detect intrusions but also respond in real time through specific response methods to stop the occurrence and development of intrusions, protecting the information system from substantial attacks.

  According to the description of IPS, which of the following items is wrong?

  A. IPS is an intrusion detection system that can block real-time intrusions when found.
  B. IPS unifies IDS and firewall.
  C. IPS must use bypass deployment in the network.
  D. Common IPS deployment modes include in-line deployment.
  C. IPS must use bypass deployment in the network.

• Question 2:

  The user needs of a university are as follows:

  1.The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

  2.The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

  3.At the same time, some pornographic websites in the student area are prohibited.

  The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall.

  How to configure the firewall to meet the above requirements? (Choose Three)

  A. You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements
  B. To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server
  C. In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server
  D. Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites
  A. You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements
  C. In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server
  D. Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

• Question 3:

  In order to protect the security of data transmission, more and more websites and companies choose to use SSL to encrypt transmissions in the stream. Regarding the use of Huawei NIP6000 products to perform threat detection on SSL streams, which of the following statements is correct?

  A. NIP6000 does not support SSL threat detection.
  B. The traffic after threat detection is sent directly to the server without encryption.
  C. NIP can directly decrypt and detect SSL-encrypted traffic.
  D. After the process of "decryption," "threat detection," and "encryption," the traffic is sent securely.
  D. After the process of "decryption," "threat detection," and "encryption," the traffic is sent securely.

• Question 4:

  The results of the RBL black and white list query on the firewall are as follows: Based on the above information only, which of the following statements is correct? (Choose Two)

  

  A. Mail with source address 10.17.1.0/24 will be blocked
  B. Mail with source address 10.18.1.0/24 will be blocked
  C. Mail with source address 10.17.1.0/24 will be released
  D. Mail with source address 10.18.1.0/24 will be released
  C. Mail with source address 10.17.1.0/24 will be released
  D. Mail with source address 10.18.1.0/24 will be released

• Question 5:

  Regarding the statement of the mail protocol, which of the following is correct? (Choose Two)

  A. Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.
  B. Use JIMAP, the client software will download all unread mails to the computer, and the mail server will delete the mails.
  C. With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.
  D. Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.
  A. Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.
  C. With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

• Question 6:

  Regarding the anti-spam local black and white list, which of the following statements is wrong?

  A. The black and white list is matched by extracting the destination IP address of the SMTP connection
  B. The black and white list is matched by the sender's dns suffix
  C. The black and white list is matched by extracting the source IP address of the SMTP connection
  D. If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked
  B. The black and white list is matched by the sender's dns suffix

• Question 7:

  Cloud sandbox refers to deploying the sandbox in the cloud and providing remote detection services for tenants. The process includes:

  1.Report suspicious files

  2.Retrospective attack

  3.Firewall linkage defense

  4.Prosecution in the cloud sandbox

  For the ordering of the process, which of the following options is correct?

  A. 1-3-4-2
  B. 1-4-2-3
  C. 1-4-3-2
  D. 3-1-4-2:
  C. 1-4-3-2

• Question 8:

  Regarding the file filtering technology in the USG6000 product, which of the following options is wrong?

  A. It can identify the application that carries the file, the file transfer direction, the file type and the file extension.
  B. Even if the file type is modified, it can also identify the true type of the file
  C. It can identify the type of files transmitted by itself, and can block, alert and announce specific types of files.
  D. It supports filtering the contents of compressed files after decompression.
  C. It can identify the type of files transmitted by itself, and can block, alert and announce specific types of files.

• Question 9:

  When the Anti-DDoS system finds the attack flow, the system will redirect the attack flow to the cleaning device. After the cleaning device cleans it, the flow is re-injected back to the original link. Which of the following options does not belong to the methods of re-injection?

  A. Policy routing back annotation
  B. GRE back annotation
  C. MPLS LSP back injection
  D. BGP back-annotation
  D. BGP back-annotation

• Question 10:

  The virus signature database on the device needs to be continuously upgraded from the security center platform. Which of the following is the website of the security center platform?

  A. sec. huawei. com.
  B. support.huaver: com
  C. www. huawei. com
  D. security.. huawei. com
  A. sec. huawei. com.