Huawei H12-721 HCIP-Security-CISN Exam Practice Test Instant Access

Question 1

By default, GigabitEthernet0/0/0 can be used as an out-of-band management interface in the USG2200 series.

ATRUE

BFALSE

Answer : B

Note: Can be used as an in-band management interface. In-band management: The management control information of the network and the bearer service information of the user network are transmitted through the same logical channel. Out-of-band management: The management control information of the network and the bearer service information of the user network are transmitted on different logical channels.

Question 2

Accessing the headquarters server through the IPSec VPN from the branch computer. The IPSec tunnel can be established normally, but the service is unreachable. What are the possible reasons?

Apacket is fragmented, and fragmented packets are discarded on the link.

BThere is load sharing or dual-machine link, which may be inconsistent with the back and forth path.

Croute oscillating

DDPD detection parameters are inconsistent at both ends

Answer : A

Question 3

A user wants to limit the maximum bandwidth of the 192.168.1.0/24 network segment to 500M, and limit all IP addresses in the network segment to maintain a bandwidth of 1M. How should I configure a current limiting policy for this requirement?

AConfigure per-IP traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

BConfigure overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 1M.

CConfigure the overall traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

DConfigure the overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 500M. Then use the per-IP traffic limiting to ensure that the server bandwidth is 1M.

Answer : D

Question 4

In dual-system hot backup, the backup channel must be the primary interface on the interface board. Which type is not supported?

AEthernet

BGigabitEthernet

CE1

DVlan-if

Answer : C

Question 5

The PC A in the Trust zone is 192.168.3.1. You cannot access the Internet server in the Untrust zone. The configuration between the Trust zone and the Untrust zone is as follows. What are the most likely causes of the following faults?

Asecurity policy application direction configuration error, should be outbound

BSince the firewall default packet-filter is deny is executed first, the subsequent policies are not executed.

Cpolicy source 192.168.3.0 0.0.0.255 configuration error, need to be modified to policy source 192.168.3.0 0.0.255.255

Dpolicy destination any configuration error, a clear destination IP address must be established

Answer : A

Question 6

With regard to the Radius agreement, what are the following statements correct?

Auses the UDP protocol to transmit Radius packets.

Bauthentication and authorization port number can be 1812

CEncrypt the account when transferring user accounts and passwords using the Radius protocol

Dauthentication and authorization port number can be 1645

Answer : A, B, D

Question 7

As shown in the figure, the Eth-trunk function is required to bind the interface. On this basis, if you need to implement the load balancing function of each interface, you need to add the following configuration command?

A[USG] load-balance interface eth-trunk 1 packet-all

B[USG]interface eth-trunk 1 [USG-eth-trunk 1] load-balance packet-all

C[USG] load-balance interface eth-trunk 1 src-dst-ip

D[USG]interface eth-trunk 1 [USG-eth-trunk 1] load-balance src-dst-ip

Answer : B

Huawei HCIP-Security-CISN V3.0 H12-721 HCIP-Security-CISN Exam Practice Test