Huawei H12-721 HCIP-Security-CISN Exam Practice Test Instant Access

Question 1

In the L2TP over IPSec application scenario, the USG device encrypts the original data packet with IPSec and then encapsulates the packet with L2TP.

ATRUE

BFALSE

Answer : B

Note: In L2TP over IPSec, packets are encapsulated with L2TP and then encrypted with IPSec. Authentication--L2TP is completed, encryption--IPSec is completed, and there is no direct relationship between authentication and encryption.

Question 2

According to the dual-system hot backup network diagram, what are the correct descriptions in the following dual-system hot backup preemption function?

AVRRP backup group itself has a preemption function. As shown in the figure, after USG_A fails and recovers, USG_A will use the preemption function to change to the master state again.

BThe preemption function of the V VGMP management group is similar to that of the VRRP backup group. When the faulty backup group in the management group recovers, the management group priority will be restored.

CBy default, when the preemption delay is 0, the preemption is never preempted.

DAfter the VRRP backup group is added to the VGMP management group, the original preemption function on the backup group will be invalid.

Answer : A, B, D

Question 3

When using the Radius server to authenticate users, (the topology is as shown below), not only must the username and password be stored on the Radius server, but the username and password must also be configured on the firewall.

ATRUE

BFALSE

Answer : A

Question 4

IP address scanning attack defense not only prevents ICMP packet detection target addresses, but also prevents TCP/UDP scanning detection target addresses.

ATRUE

BFALSE

Answer : A

Question 5

IPSec VPN uses digital certificates for authentication. It has the following steps: 1. verify the certificate signature; 2. find the certificate serial number in the CRL; 3. share the entity certificate between the two devices; 4. verify the validity period of the certificate; . Establish a VPN tunnel. Which of the following is correct?

A3 2 1 4 5

B1 3 2 4 5

C3 1 4 2 5

D2 4 3 1 5

Answer : C

Question 6

The NAT/ASPF log in the session log and the DPI traffic monitoring log provide a ''binary'' output technology for this type of log. The use of binary input output can greatly reduce the impact on system performance, but The binary form output needs to be configured with the elog log management system.

ATRUE

BFALSE

Answer : A

Question 7

Which of the following technologies can enhance the security of mobile users accessing the company's intranet VPN solution?

ASSL

BPPPoE

CGRE

DL2TP

Answer : A

Huawei H12-721 HCIP-Security-CISN V3.0 HCIP-Security-CISN Exam Practice Test