Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Huawei H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Huawei H12-722 Premium Access     Download Demo    
Page: 1 / 3
Total 177 questions

For the description of the principles of HTTP Flood and HTTPS Flood blow defense, which of the following options are correct? (multiple choice)

A.

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

B.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

C.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

D.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

The processing flow of IPS has the following steps;

1. Reorganize application data

2. Match the signature

3. Message processing

4. Protocol identification

Which of the following is the correct order of the processing flow?

A.

4-1-2-3

B.

1-4-2-3

C.

1-3-2-4

D.

2-4-1-3:

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

① WAF uses the pages in the cache to return to the client;

②WAF compares the watermark of the server page content with the page content in the cache

③Store the content of the page in the cache after learning

④ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user's visit to the website;

For the ordering of these steps, which of the following options is correct?

A.

③④②⑤①

B.

⑤①②④③

C.

②④①⑤③

D.

⑤③④②①

After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

A.

Only packets in one direction pass through the firewall

B.

The same message passes through the firewall multiple times

C.

IPS underreporting

D.

Excessive traffic causes the Bypass function to be enabled

The results of the RBL black and white list query on the firewall are as follows:

Based on the above information only, which of the following statements is correct? (multiple choice)

A.

Mail with source address 10.17.1.0/24 will be blocked

B.

Mail with source address 10.18.1.0/24 will be blocked

C.

Mail with source address 10.17.1.0/24 will be released

D.

Mail with source address 10.18.1.0/24 will be released

When the license of Huawei USG6000 product expires, the RBL function will be unavailable, and users can only use the local black and white list to filter junk mail.

155955cc-666171a2-20fac832-0c042c0435

A.

True

B.

False

If the user's FTP operation matches the FTP filtering policy, what actions can be performed? (multiple choice)

A.

Block

B.

Declare

C.

Alarm

D.

Execution

Regarding the global configuration of file filtering configuration files for Huawei USG6000 products, which of the following descriptions is correct?

A.

File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.

B.

When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type

Detection.

C.

When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.

D.

When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.

In order to protect the security of data transmission, more and more websites or companies choose to use SSL to encrypt transmissions in the stream. About using Huawei NIP6000

The product performs threat detection on (SSL stream boy, which of the following statements is correct?

A.

NIP0OO does not support SSL Threat Detection.

B.

The traffic after threat detection is sent directly to the server without encryption

C.

NIP can directly crack and detect SSL encryption.

D.

After the process of "decryption", "threat detection", and "encryption"

For Huawei USG600 products, which of the following statements about mail filtering configuration is correct?

A.

Cannot control the number of received email attachments

B.

When the spam processing action is an alert, the email will be blocked and an alert will be generated

C.

You can control the size of the attachment of the received mail

D.

Cannot perform keyword filtering on incoming mail

Which of the following options is not a special message attack?

A.

ICMP redirect message attack) 0l

B.

Oversized ICMP packet attack

C.

Tracert packet attack

D.

IP fragment message item

What content can be filtered by the content filtering technology of Huawei USG6000 products?

A.

File content filtering

B.

Voice content filtering

C.

Apply content filtering..

D.

The source of the video content

Since the sandbox can provide a virtual execution environment to detect files in the network, the sandbox can be substituted when deploying security equipment

Anti-Virus, IPS, spam detection and other equipment.

A.

True

155955cc-666171a2-20fac832-0c042c0414

B.

False

Regarding the sequence of the mail transmission process, which of the following is correct?

1. The sender PC sends the mail to the designated SMTP Server.

2. The sender SMTP Server encapsulates the mail information in an SMTP message and sends it to the receiver SMTP Server according to the destination address of the mail

3. The sender SMTP Server encapsulates the mail information in an SMTP message according to the destination address of the mail and sends it to the receiver POP3/MAP Senver

4. The recipient sends an email.

A.

1->2->3

B.

1->2->4,

C.

1->3->2

D.

1->4->3

The administrator has configured file filtering to prohibit internal employees from uploading development files, but internal employees can still upload development files. Which of the following is not allowed Can the reason?

A.

The file filtering configuration file is not referenced in the security policy

B.

File filtering configuration file is incorrect

C.

License is not activated.

D.

The action configuration of the file extension does not match is incorrect

Use BGP protocol to achieve diversion, the configuration command is as follows

[sysname] route-policy 1 permit node 1

[sysname-route-policy] apply community no-advertise

[sysname-route-policy] quit

[sysname]bgp100

155955cc-666171a2-20fac832-0c042c04

29

[sysname-bgp] peer

[sysname-bgp] import-route unr

[sysname- bgpl ipv4-family unicast

[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export

[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community

[sysname-bgp-af-ipv4] quit

[sysname-bgp]quit

Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

A.

Use BGP to publish UNR routes to achieve dynamic diversion.

B.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

C.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

D.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

In the security protection system of the cloud era, reforms need to be carried out in the three stages before, during and after the event, and a closed-loop continuous improvement should be formed.

And development. Which of the following key points should be done in "things"? (multiple choice)

A.

Vulnerability intelligence

B.

Defense in Depth

C.

Offensive and defensive situation

D.

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

The realization of content security filtering technology requires the support of the content security combination license.

A.

True

B.

False

Which of the following options does not belong to the basic DDoS attack prevention configuration process?

A.

The system starts traffic statistics.

B.

System related configuration application, fingerprint learning.

C.

The system starts attack prevention.

D.

The system performs preventive actions.

What are the typical technologies of anti-virus engines (multiple choice)

A.

First package detection technology

B.

Heuristic detection technology

C.

Decryption technology

D.

File reputation detection technology 5

Huawei H12-722 Premium Access     Download Demo    
Page: 1 / 3
Total 177 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved