Huawei H12-721 HCIP-Security-CISN Exam Questions Instant Access

Question 1

As shown in the figure, the Eth-trunk function is required to bind the interface. On this basis, if you need to implement the load balancing function of each interface, you need to add the following configuration command?

A[USG] load-balance interface eth-trunk 1 packet-all

B[USG]interface eth-trunk 1 [USG-eth-trunk 1] load-balance packet-all

C[USG] load-balance interface eth-trunk 1 src-dst-ip

D[USG]interface eth-trunk 1 [USG-eth-trunk 1] load-balance src-dst-ip

Answer : B

Question 2

What are the possible reasons why the firewall 2 IPSec VPN cannot be established successfully?

Adevice does not have a route to the intranet

B. The ACL referenced by the security policy configured on the gateways at both ends is incorrect.

CThe IPSec proposal configured on the gateways at both ends is inconsistent.

Dis not configured with DPD at both ends

Answer : A, B, C

Note: DPD (dear peer detection) can detect various abnormal states that may exist in the peer device in time.

Question 3

USG dual-machine hot standby must meet certain conditions and can be used below. What are the following statements correct?

Amajor and backup equipment must have the same product model

BThe software version of the active and standby devices must be the same.

CThe interface IP of the active and standby devices must be the same.

DThe primary device must be configured, and the standby device does not require any configuration.

Answer : A, B

Question 4

An enterprise network is as follows. At this time, server A cannot access server B. The administrator performs troubleshooting. It finds that server A can access firewall A, but cannot access firewall B. What is the method for administrators to use to troubleshoot problems?

Alayering method

Bsegmentation method

Creplacement method

Dblock method

Answer : D

Question 5

When an attack occurs, many packets are found on the attacked host (1.1.129.32) as shown in the figure. According to the analysis of the attack, what kind of attack is this attack?

ASmurf

BLand

CWinNuke

DPing of Death

Answer : B

Note: Land attack: It is to set the source address and destination address of the TCP SYN packet to the IP address of a certain victim. This will cause the victim to send a SYN-ACK message to its own address, which in turn will send back an ACK message and create an empty connection, each of which will remain until timeout. Various victims react differently to Land attacks, many UNIX hosts will crash, and NT hosts will become extremely slow.

Question 6

A certain network is as follows: LAN----G0/0/0 USG G0/0/1 ----Server. After the administrator analyzes the Attarcker on the LAN network connected to G0/0/0, if you want to prevent ARP flood attacks, limit the ARP traffic to 100 packets/minute. Which is the correct configuration?

Afirewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/0 max-rate 100

Bfirewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/0 max-rate 6000

Cfirewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/1 max-rate 100

Dfirewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/1 max-rate 6000

Answer : B

Note: In ARP Flood attack prevention, the unit that restricts traffic is pps (package/second). From this point of view, there is no correct answer. This question appeared in the exam. From the results, it should limit the ARP traffic by 100 packets/second instead of 100 packets/minute. The correct answer should be A.

Question 7

Which of the following is the correct description of the SMURF attack?

AThe attacker sends an ICMP request with the destination address or the source address as the broadcast address, causing all hosts or designated hosts of the attacked network to answer, eventually causing the network to crash or the host to crash.

BThe attacker sends the SYN-ACK message to the attacker's IP address.

CThe attacker can send UDP packets to the network where the attacker is located. The source address of the packet is the address of the attacked host. The destination address is the broadcast address or network address of the subnet where the attacked host resides. The destination port number is 7 or 19.

DThe attacker uses the network or the host to receive unreachable ICMP packets. The subsequent packets destined for this destination address are considered unreachable, thus disconnecting the destination from the host.

Answer : A

Note: B-Land attack; C-Faggle attack: use UDP port 7 (ECHO) - respond to received content and port 19 (Chargen) will generate a character stream after receiving UDP message; D- special ICMP unreachable packet attack in packet attack

Huawei HCIP-Security-CISN V3.0 H12-721 HCIP-Security-CISN Exam Questions