Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

H12-721 Huawei Certified ICT Professional - Constructing Infrastructure of Security Network Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Huawei H12-721 Huawei Certified ICT Professional - Constructing Infrastructure of Security Network certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 1 / 4
Total 217 questions

What is the correct statement about the Eth-trunk function?

A.

Improve the communication bandwidth of the link

B.

Improve data security

C.

traffic load sharing

D.

Improve the reliability of the link

Static fingerprint filtering function, different processing methods for different messages, the following statement is correct?

A.

TCP/UDP/custom service can extract fingerprints based on the payload (ie the data segment of the message)

B.

DNS packet extracts fingerprints for Query ID

C.

HTTP message extracts fingerprint for universal resource identifier URI

D.

ICMP message extracts fingerprint by identifier

In the hot standby scenario, what is the correct statement about the primary and backup backups?

A.

batch backup is to back up all information in batches after the first negotiation of two devices is completed.

B.

The backup channel must be an interface on the service board and supports GE and Eth-trunk interfaces.

C.

By default, batch backup is turned on.

D.

Real-time backup is a real-time backup of newly created or refreshed data while the device is running.

A network is as follows: The l2tp vpn is established through the VPN Client and the USG (LNS). What are the reasons for the dialup failure?

A.

The tunnel name of the A LNS is inconsistent with the tunnel name of the client.

B.

L2TP tunnel verification failed

C.

0PPP authentication failed, the PPP authentication mode set on the client PC and LNS is inconsistent.

D.

The client PC cannot obtain the IP address assigned to it from the LNS.

In the USG firewall, which two commands can be used to view the running status and memory/CPU usage of the device components (main control board, board, fan, power supply, etc.)?

A.

display device

B.

display environment

C.

display version

D.

dir

71. Which option is incorrect about the HTTP Flood defense principle?

A.

HTTP Flood source authentication

B.

URI detection of destination IP

C.

fingerprint learning

D.

load check

Which of the following statements is true about L2TP over IPSec VPN?

A.

IPSec packet triggers an L2TP tunnel.

B.

L2TP packet triggers IPSec SA

C.

L2TP tunnel is established first

D.

IPSec tunnel is established first

Using the virtual firewall technology, users on the two VPNs can log in to their private VPNs through the Root VFW on the public network to directly access private network resources. What are the following statements about the characteristics of the VPN multi-instance service provided by the firewall?

A.

security is high, VPN users access through the firewall authentication and authorization, access after access is to use a separate virtual firewall system to manage users, the resources of different VPN users are completely isolated

B.

VPN access mode is flexible and reliable. It can support from public network to VPN, and can also support from VPN to VPN.

C.

is easy to maintain, users can manage the entire firewall (including each virtual firewall) without a system administrator account with super user privileges.

D.

The access control authority is strict. The firewall can control the access rights of the VPN according to the user name and password. This allows different users such as travel employees and super users (need to access different VPN resources) to have different access rights.

Which of the following statements is correct about the IKE main mode and the aggressive mode?

A.

All negotiation packets in the first phase of the aggressive mode are encrypted.

B.

All the negotiation packets of the first phase in the main mode are encrypted.

C.

barbarian mode uses DH algorithm

D.

will enter the fast mode regardless of whether the negotiation is successful or not.

Defense against the cache server The main method of DNS request flood is to use the DNS source authentication technology:

A.

TRUE

B.

FALSE

What are the correct descriptions of IPSec and IKE below?

A.

IPSec has two negotiation modes to establish an SA. One is manual (manual) and the other is IKE (isakmp) auto-negotiation.

B.

IKE aggressive mode can choose to find the corresponding authentication key according to the negotiation initiator IP address or ID and finally complete the negotiation.

C.

NAT traversal function deletes the verification process of the UDP port number during the IKE negotiation process, and implements the discovery function of the NAT gateway device in the VPN tunnel. That is, if the NAT gateway device is found, it will be used in the subsequent IPSec data transmission. UDP encapsulation

D.

IKE security mechanisms include DH Diffie-Hellman exchange and key distribution, complete forward security and SHA1 encryption algorithms.

Which of the following security services can a secure multi-instance provide for a virtual firewall?

A.

address binding

B.

blacklist

C.

ASPF

D.

VPN routing

Which is the correct packet encapsulation order for L2TP over IPSec?

A.

The order from the first package to the post package is PPP-->UDP-->L2TP-->IPSec

B.

The order from the first package to the back package is PPP--> L2TP-->UDP--> IPSec

C.

The order of C from pre-package to post-encapsulation is IPSec --> L2TP-->UDP--> PPP

D.

The order of D from pre-package to post-encapsulation is IPSec --> PPP --> L2TP-->UDP

An administrator can view the IPSec status information and Debug information as follows. What is the most likely fault?

A.

local IKE policy does not match the peer IKE policy.

B.

local ike remote name does not match peer ike name

C.

local ipsec proposal does not match the peer ipsec proposal

D.

The local security acl or the peer security acl does not match.

As shown in the following figure, the BFD for OSPF network is as follows: 1. OSPF is running between the three devices: FW_A, FW_B, and FW_C. The neighbors are in the FULL state. The association between BFD and OSPF is complete. BFD is complete. To establish a BFD session, the following instructions are correct?

A.

When link a fails, BFD first senses, and FWA and FWB will converge immediately.

B.

link switching is switched in seconds

C.

FWA processes the neighbor Down event and recalculates the route. The new route is link b.

D.

When link a finds a fault, OSPF automatically converges and notifies BFD.

What are the following attacks that are malformed?

A.

Smurf attack

B.

Fraggle attack

C.

large ICMP packet attack

D.

IP packet attack with routing entries

What is the correct statement about the binding of local users to VPN instances?

A.

local user can be bound to a VPN instance by using the local-user user-name vpn-instance vpn-instance-name command.

B.

By default, the binding between a local user and a VPN instance is implemented.

C.

. After a local user is bound to a VPN instance, the local user can manage the entire firewall.

D.

Local users cannot be bound to VPN instances.

Which attack method is CC attack?

A.

denial of service attack

B.

scan snooping attack

C.

malformed packet attack

D.

System-based vulnerability attacks

When the user's SSL VPN has been successfully authenticated, the user cannot access the Web-link resource. On the Web server, view the information as follows: netstat -anp tcp With the following information, which of the following statements is correct?

A.

intranet server does not open web service

B.

virtual gateway policy configuration error

C.

The connection between the virtual gateway and the intranet server is incorrect.

D.

Virtual gateway and intranet server are unreachable

 

Comparing URPF strict mode and loose mode, which of the following statements is incorrect?

A.

strict mode requires not only the corresponding entry in the forwarding table, but also the interface must match to pass the URPF check.

B.

If the source address of the packet does not exist in the FIB table of the USG, and the default route is configured, the packet will be forwarded through the URPF check.

URPF strict mode is recommended in a

C.

route symmetric environment.

D.

Loose mode does not check whether the interface matches. As long as the source address of the packet exists in the FIB table of the USG, the packet can pass.

Page: 1 / 4
Total 217 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved