Latest Dec-2021 Huawei H12-711 Dumps Updated 290 Questions
PDF Download Free of H12-711 Valid Practice Test Questions
NEW QUESTION 43
Regarding the relationship and role of VRRPA/GMP/HRP. which of the following statements are correct?(Multiple choice)
- A. VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switchover.
- B. VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment.
- C. VGMP group in the active state may include the VRRP group in the standby state.
- D. HRP is responsible for data backup during hot standby operation
Answer: A,B,D
NEW QUESTION 44
Which of the following is true about the description of SSL VPN?
- A. May encrypt to IP layer
- B. There is a NAT traversal problem
- C. No authentication required
- D. Can beused without a client
Answer: D
NEW QUESTION 45
Which of the following is not included in the design principles of the questionnaire?
- A. Consistency
- B. Integrity
- C. Openness
- D. Specificity
Answer: A
NEW QUESTION 46
The following security policy command, representatives of the meaning:
- A. banned from trust region access to untrust region and the destination address is 10.1 0 0/16 segment all hosts ICMP message
- B. banned from trust region access to untrust region and the source address is10.2.10.10 host to all the hosts ICMP message
- C. banned from trust region access to untrust region and the source address is 10.1 0 0/16 segment all the hosts ICMP message
- D. banned from trust region access to untrust region and the destination address is 10 1 10 10 host ICMP message
Answer: C
NEW QUESTION 47
Which of the following is the encryption technology used by digital envelopes?
- A. Symmetric encryption algorithm
- B. Asymmetric encryption algorithm
- C. Stream encryption algorithm
- D. Hash algorithm
Answer: B
NEW QUESTION 48
Which of the following are the necessary configurations of IPSec VPN? (Multiple Choice)
- A. Configuring IPSec SA related parameters
- B. Configuring IKE neighbors
- C. Configure IKE SA related parameters
- D. Configure the stream of interest
Answer: A,B,C,D
NEW QUESTION 49
What is the difference between network address porttranslation (NAT) and conversion-only network address (No- PAT)? (Multiple Choice)
- A. After NATP conversion, for external network users, all messages are from the same IP address or several IP addresses.
- B. No-PAT supports protocol address translation at the network layer
- C. No-PAT only supports protocol address translationat the application layer.
- D. NAPT only supports protocol address translation at the network layer.
Answer: A,B
NEW QUESTION 50
Through display ike sa to see the result as follows, which statements are correct? (Multiple choice)
- A. The first stage ike sa has been successfully established
- B. ike is using version v1
- C. ike is using version v2
- D. The second stage ipsec sa has been successfully established
Answer: A,B
NEW QUESTION 51
Which of thefollowing 3re the versions of the SNMP protocol? (Multiple choice)
- A. SNMPv2b
- B. SNMPv2c
- C. SNMPvl
- D. SNMPv3
Answer: B,C,D
NEW QUESTION 52
A company employee account authority expires, but can still use the account to access the company server.
What are the security risks of the above scenarios? (Multiple Choice)
- A. Access security risk
- B. System security risk
- C. Physical security risk
- D. Managing security risk
Answer: A,B,D
NEW QUESTION 53
Which of the following statements is wrong about the firewall gateway's anti-virus response to the HTTP protocol?
- A. When the gateway device blocks the HTTP connection, push the web page to the client andgenerate a log.
- B. Alarm mode device only generates logs and sends them out without processing the files transmitted by the HTTP protocol.
- C. Response methods include announcement and blocking
- D. Blocking means that the device disconnects from the HTTP server and blocks file transfer.
Answer: C
NEW QUESTION 54
Regarding the firewall security policy, which of the following options are wrong?
- A. Adjust the order of security policies without saving the configuration file.
- B. When configuring the security policy name, you cannot reuse the samename.
- C. If the security policy is permit, the discarded message will not accumulate the number of hits.
- D. The number of security policy entries of Huawei USG series firewalls cannot exceed 128.
Answer: C
NEW QUESTION 55
In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following descriptions are correct about the tracking technology? (Multiple Choice)
- A. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data drilling techniques
- B. Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into the tracked IP packets.
- C. Link detection technology determines the source of the attack by testing the network connection between the routers.
- D. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time, sending frequency, number of recipients, shallow email headers, etc.
Answer: B,C,D
NEW QUESTION 56
After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can bedirectly configured on the standby device, and the configuration on the standby device can be synchronized to the active device.
- A. False
- B. True
Answer: B
NEW QUESTION 57
Which of the following is the port number used by L2TP packets?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 58
Except built-in Portal authentication, firewall also supports custom Portal authentication, when using a custom Portalauthentication, no need to deploy a separate external Portal sever.
- A. False
- B. True
Answer: A
NEW QUESTION 59
Which of the following is not included in the steps of tie safety assessment method?
- A. Penetration test
- B. Questionnaire survey
- C. Data analysis
- D. Manualaudit
Answer: C
NEW QUESTION 60
Which of the following description is correct about the sort of the call setup process for L2TP corridors?
1. L2TP tunnel
2. PPP connection
3. LNS authenticates users
4. Users access intranet resources
5. Establish an L2TP session
- A. 1->5->3->2->4
- B. 2->1->5->3->4
- C. 1->2->3->5->4
- D. 2->3->1->5->4
Answer: A
NEW QUESTION 61
Data analysis technology is to find and -natch keywords or key ohrases in the acquired data stream or information flow, and analyze: he correlation of time. Which of the following is not an evidence analysis technique?
- A. Spam tracking technology
- B. Techniques for discovering the connections between different evidences
- C. Document Digital Abstract Analysis Technology
- D. Password deciphering, data decryption technology
Answer: A
NEW QUESTION 62
Digital certificates are fair to public keys through third-party agencies, thereby ensuring the non-repudiation of data transmission. Therefore, to confirm the correctness of the public key, only the certificate of the communicating party is needed.
- A. False
- B. True
Answer: A
NEW QUESTION 63
Regarding SSL VPNtechnology, which of the following options is wrong?
- A. SSL VPN requires a dial-up client
- B. SSL VPN technology can be perfectly applied to NAT traversal scenarios
- C. SSL VPN technology extends the network scope of the enterprise
- D. SSL VPN technology encryption only takes effect on the application layer
Answer: A
NEW QUESTION 64
......
H12-711 Test Engine files, H12-711 Dumps PDF : https://www.prep4king.com/H12-711-exam-prep-material.html
