Huawei H12-721 HCIP-Security-CISN Exam Practice Test Instant Access

Question 1

Static fingerprint filtering function, different processing methods for different messages, the following statement is correct?

ATCP/UDP/custom service can extract fingerprints based on the payload (ie the data segment of the message)

BDNS packet extracts fingerprints for Query ID

CHTTP message extracts fingerprint for universal resource identifier URI

DICMP message extracts fingerprint by identifier

Answer : A, C

Note: By configuring a static fingerprint, the packets that hit the fingerprint are processed accordingly to defend against attack traffic. First, the TCP/UDP/custom service can extract fingerprints based on the payload (that is, the data segment of the packet); second, the DNS packet extracts the fingerprint for the domain name; and third, the HTTP packet is extracted for the Uniform Resource Identifier (URI). fingerprint.

Question 2

Using the virtual firewall technology, users on the two VPNs can log in to their private VPNs through the Root VFW on the public network to directly access private network resources. What are the following statements about the characteristics of the VPN multi-instance service provided by the firewall?

Asecurity is high, VPN users access through the firewall authentication and authorization, access after access is to use a separate virtual firewall system to manage users, the resources of different VPN users are completely isolated

BVPN access mode is flexible and reliable. It can support from public network to VPN, and can also support from VPN to VPN.

Cis easy to maintain, users can manage the entire firewall (including each virtual firewall) without a system administrator account with super user privileges.

DThe access control authority is strict. The firewall can control the access rights of the VPN according to the user name and password. This allows different users such as travel employees and super users (need to access different VPN resources) to have different access rights.

Answer : A, B, D

Question 3

According to the capture of the victim host, what kind of attack is this attack?

AARP Flood attack

BHTTP Flood attack

CARP spoofing attack

DSYN Flood attack

Answer : A

Question 4

The static fingerprint filtering function is to defend the attack traffic by configuring a static fingerprint to process the packets that hit the fingerprint. Generally, the anti-DDoS device capture function can be used to input fingerprint information to static fingerprint filtering.

ATRUE

BFALSE

Answer : A

Question 5

The dual-system hot standby networking environment is as shown in the following figure: VRRP group 1 and 2 are added to the VGMP management group, USG_A is the master device, and USG_B is the standby device. When the USG_A has a fault Status, such as power failure, the USG_B status is switched from Slave to Master. After the USG_A is faulty, its status is switched back to Master and the USG_B status is still Master. What is the reason for this now?

ATwo firewalls are in load grouping mode. They are configured as master and slave in the same backup group.

BAfter the fault of the USG_A is restored, the priority of the VRRP backup group is not restored in time.

CAfter the USG_A recovers from the fault, the heartbeat line fails.

Dis not configured hrp track

Answer : C

Question 6

The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.

ATRUE

BFALSE

Answer : B

Question 7

Which of the following methods is used to switch between active and standby links in the IPSec backup and backup system?

Ahot standby

Blink-group

CEth-trunk

Dip-link

Answer : D

Huawei H12-721 HCIP-Security-CISN V3.0 HCIP-Security-CISN Exam Practice Test