H12-721 Dumps
H12-721 Braindumps H12-721 Real Questions H12-721 Practice Test
H12-721 Actual Questions
killexams.com
HCNP-Security-CISN (Huawei Certified Network Professional
- Constructing Infrastructure of Security Network)
https://killexams.com/pass4sure/exam-detail/H12-721
Shown below is an IPSec standby scenario, with main link A and backup link B. Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we want to ensure that the primary and redundant backup link via IP-Link is configured.
Which of the following is the correct cstatic routeonfiguration from the headquarters to the branch office?
A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2
An enterprise branch firewall is configured for NAT. As shown in the figure, USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you need to configure what on USG_B? (Choose two answers)
Configure a NAT Policy, citing the rule to allow the network segment’s source and destination IP addresses for the ACL.
Configuration the IKE peer, use name authentication, and remote-address of the interface address on USG_A
Configure a NAT Policy, where there is first a deny IPsec rule within the enterprise network to protect the data flow from within the headquarters of the network, and then permit the enterprise network to the Internet network data stream.
Configure a IPSec policy template, citing the IKE peer.
In the Enterprise netowrk shown below, Server A and Server B can not access Web services. Troubleshooting has found that there is firewall routing module and that there is a problem with the routing table in USG_A An enterprise network follows, then Server A Server B can not access Web services, administrators troubleshoot and found no firewall routing module A problem has been to establish the appropriate routing table, but Firewall A firewall module is provided with wrong.
What troubleshooting method should be used?
stratification
Break Law
substitution method
Block Method
An SSL VPN user authenticates, has enabled network expansion on the PC, and has been assigned an IP addresses. However, the user can not access resources within theintermal network server. Which of the following are possible reasons for this? (Choose three)
Configuration error in the "Routing Client mode" configuration.
User access is limited
The network server is unreachable.
The PC's physical interface and assigned VPN addresses overlap.
SSL VPN authentication is successful, and with the use of the file-sharing feature, you can view the directories and files, but you can not upload, delete, or rename files. What are possible reasons? (Choose two answers)
If the file server for NFS, the user's UID and GID attribute does not allow users to upload, delete or rename the file operation.
If the type of file server for SMB, the user currently logged on to the file share resource has only read permission and no write access.
The SSL firewall configuration file sharing feature allows only viewing.
Some TCP connections between the gateway and the virtual file server are blocked by the firewall.
A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to PC2, and the USG processes fragmented packets, which modes can be used to do this? (Choose three answers)
fragment cache
slice discarded
fragmentation direct forwarding
slicing defense
In IP-link, how many successive packets must not be recived for it to be considered a failure, by default?
1 times
2 times
3 times
5 times
With Blacklist, which part of the packets are examined to determine there is an attack?
The source address
destination address
Source Port
destination port
Which statement about IP-link features are correct? (Choose three answers)
IP-link is a link connectivity detection function
ARP detection methods only support direct link
Firewalls will send ICMP or ARP packets to determine if the destination address is reachable to the destination address of a probe
With IP-link and associated VGMP, when the IP-Link status becomes down, VGMP lowers the default priority management group by 3.
Refer to the following load balancing configuration: [USG] slb enable
[USG] slb
[USG-slb] rserver 1 rip 10.1.1.3 weight 32
[USG-slb] rserver 2 rip 14.1.1.4 weight 16
[USG-slb] rserver 3 rip 10.1.1.5 weight 32 [USG-slb] group test
[USG-slb-group-test] metric srchash [USG-slb-group-test] add rserver 1 [USG-slb-group-test] add rserver 2 [USG-slb-group-test] add rserver 3
Which of the following statements is correct? (Choose two answers)
The load balancing algorithm is the polling algorithm.
The configuration is a complete load balancing configuration.
Values of weight determine which data stream path should be used, the smaller weight values should correspond to the real server that has less processing capacity.
Weight is the weight of a real weight.
About BFD detection mechanism, the following statement is correct? (Choose two answers)
BFD control packets are encapsulated in TCP packets
BFD provides two detection modes: asynchronous and synchronous mode
After the establishment of a BFD session, both systems periodically send BFD control packets
At the beginning of the session, the two sides negotiate through the control system carried in the packet parameters
An attacker sends a large number of SIP INVITE messages to the server, leading to a denial of service attack on the SIP server.
This attack occurs on which layer of the seven layer OSI model?
Application Layer
Network Layer
Transport Layer
Data Link Layer