H12-721 Dumps H12-721 Braindumps H12-721 Real Questions H12-721 Practice Test H12-721 Actual Questions Huawei H12-721 HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) https://killexams.com/pass4sure/exam-detail/H12-721 QUESTION: 89 Shown below is an IPSec standby scenario, with main link A and backup link B. Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we want to ensure that the primary and redundant backup link via IP-Link is configured. Which of the following is the correct cstatic routeonfiguration from the headquarters to the branch office? A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1 [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2 C. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1 [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2 D. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1 [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2 Answer: C QUESTION: 90 An enterprise branch firewall is configured for NAT. As shown in the figure, USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you need to configure what on USG_B? (Choose two answers) 39 A. Configure a NAT Policy, citing the rule to allow the network segment’s source and destination IP addresses for the ACL. B. Configuration the IKE peer, use name authentication, and remote-address of the interface address on USG_A C. Configure a NAT Policy, where there is first a deny IPsec rule within the enterprise network to protect the data flow from within the headquarters of the network, and then permit the enterprise network to the Internet network data stream. D. Configure a IPSec policy template, citing the IKE peer. Answer: B, C QUESTION: 91 In the Enterprise netowrk shown below, Server A and Server B can not access Web services. Troubleshooting has found that there is firewall routing module and that there is a problem with the routing table in USG_A An enterprise network follows, then Server A Server B can not access Web services, administrators troubleshoot and found no firewall routing module A problem has been to establish the appropriate routing table, but Firewall A firewall module is provided with wrong. 40 What troubleshooting method should be used? A. stratification B. Break Law C. substitution method D. Block Method Answer: D QUESTION: 92 An SSL VPN user authenticates, has enabled network expansion on the PC, and has been assigned an IP addresses. However, the user can not access resources within theintermal network server. Which of the following are possible reasons for this? (Choose three) A. Configuration error in the "Routing Client mode" configuration. B. User access is limited C. The network server is unreachable. D. The PC's physical interface and assigned VPN addresses overlap. Answer: A, B, C QUESTION: 93 SSL VPN authentication is successful, and with the use of the file-sharing feature, you can view the directories and files, but you can not upload, delete, or rename files. What are possible reasons? (Choose two answers) A. If the file server for NFS, the user's UID and GID attribute does not allow users to upload, delete or rename the file operation. B. If the type of file server for SMB, the user currently logged on to the file share resource has only read permission and no write access. C. The SSL firewall configuration file sharing feature allows only viewing. D. Some TCP connections between the gateway and the virtual file server are blocked by the firewall. Answer: A, B 41 QUESTION: 94 A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to PC2, and the USG processes fragmented packets, which modes can be used to do this? (Choose three answers) A. fragment cache B. slice discarded C. fragmentation direct forwarding D. slicing defense Answer: A, B, C QUESTION: 95 In IP-link, how many successive packets must not be recived for it to be considered a failure, by default? A. 1 times B. 2 times C. 3 times D. 5 times Answer: C QUESTION: 96 With Blacklist, which part of the packets are examined to determine there is an attack? A. The source address B. destination address C. Source Port D. destination port Answer: A QUESTION: 97 Which statement about IP-link features are correct? (Choose three answers) 42 A. IP-link is a link connectivity detection function B. ARP detection methods only support direct link C. Firewalls will send ICMP or ARP packets to determine if the destination address is reachable to the destination address of a probe D. With IP-link and associated VGMP, when the IP-Link status becomes down, VGMP lowers the default priority management group by 3. Answer: A, B, C QUESTION: 98 Refer to the following load balancing configuration: [USG] slb enable [USG] slb [USG-slb] rserver 1 rip 10.1.1.3 weight 32 [USG-slb] rserver 2 rip 14.1.1.4 weight 16 [USG-slb] rserver 3 rip 10.1.1.5 weight 32 [USG-slb] group test [USG-slb-group-test] metric srchash [USG-slb-group-test] add rserver 1 [USG-slb-group-test] add rserver 2 [USG-slb-group-test] add rserver 3 Which of the following statements is correct? (Choose two answers) A. The load balancing algorithm is the polling algorithm. B. The configuration is a complete load balancing configuration. C. Values of weight determine which data stream path should be used, the smaller weight values should correspond to the real server that has less processing capacity. D. Weight is the weight of a real weight. Answer: C, D QUESTION: 99 About BFD detection mechanism, the following statement is correct? (Choose two answers) A. BFD control packets are encapsulated in TCP packets B. BFD provides two detection modes: asynchronous and synchronous mode 43 C. After the establishment of a BFD session, both systems periodically send BFD control packets D. At the beginning of the session, the two sides negotiate through the control system carried in the packet parameters Answer: C, D QUESTION: 100 An attacker sends a large number of SIP INVITE messages to the server, leading to a denial of service attack on the SIP server. This attack occurs on which layer of the seven layer OSI model? A. Application Layer B. Network Layer C. Transport Layer D. Data Link Layer Answer: A 44 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG