1 / 5

Latest Huawei H12-711-ENU Exam Dumps Questions

H12-711-ENU exam dumps questions from CertQueen can make sure you pass the test easily.

wirygnrhd
Télécharger la présentation

Latest Huawei H12-711-ENU Exam Dumps Questions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. https://www.certqueen.com/H12-711-ENU.html FREE Dumps for Huawei H12-711-ENU Exam 1. To establish TCP connection between client A and server B, in the three-way handshake, B sent A SYN + ACK (seq=b ? ack=a+1), which of the following statements are correct? A. the packet is to confirm the SYN packet of series number b B. the packet is to confirm the SYN packet of serial number a+1 C. B next wish to receive an ACK packet series number of B D. B next wish to receive an ACK packet series number of a+1 Answer: D 2. The address range of rule permit ip source 192.168.11.35 0.0.0.31 is : A. 192.168.11.0-192.168.11.255 B. 192.168.11.32-192.168.11.63 C. 192.168.11.31-192.168.11.64 D. 192.168.11.32-192.168.11.64 Answer: B 3. Which of the following statement about firewall shard cache function are correct? ( multiple choice) A. after configuring fragmentation packet directly forwarding function , firewall does not cache fragmentation packets B. after configuring fragmentation packet directly forwarding function, for fragmentation packet which is not the first piece of fragmented packets, the firewall will forwarding based on inter- domain filtering policy C. fragmented packets will create the session table, also can find the session table when forwarding D. not the first piece of fragment packets, since there is no port number, so fragmented packets directly forwarding function can not generally be used in a NAT environment Answer: AD 4. Which of the following does not belong to UTM (Unified Threat Management) function? A. IPS intrusion defense B. Internet behavior management 1 / 5

  2. https://www.certqueen.com/H12-711-ENU.html C. Terminal security management D. AV gateway anti-virus Answer: C 5. Which of the following components are terminal security system mainly composed of ? ( multiple choice) A. Anti-virus server B. SC control server C. Access control equipment D. SM management server Answer: BCD 6. Symmetric encryption algorithm encryption key and decryption key are the same, asymmetric encryption algorithm encryption key and decryption key are not the same. IPsec in business data encryption and decryption use symmetric encryption algorithm. A. TRUE B. FALSE Answer: A 7. Huawei USG firewall VRRP HELLO packets for multicast packets, it requires each router in the backup group must be able to achieve directly two layer interflow. A. TRUE B. FALSE Answer: A 8. When ARP address resolution, ARP-REPLY packets sent by means of broadcast, hosts are able to receive on the same Layer 2 network , and thus learn the corresponding relations between the IP and MAC address. A. TRUE B. FALSE Answer: B 9. USG state detecting firewall to view Session information as follows: <USG > display firewall session table verbose Current total sessions: 1 icmp VPN: public -- > public Zone: trust -- > untrust Slot: 8 CPU: 0 TTL: 00:00:20 Left: 00:00:19 Interface: GigabitEthernet6/0/0 Nexthop: 107.255.255.10 <--packets: 134 bytes: 8040-- > packets: 134 bytes: 8040 107.229.15.100: 1280-- > 10.228.10.100:2048 2 / 5

  3. https://www.certqueen.com/H12-711-ENU.html Which of the following statement about above information are correct ? ( multiple choice) A. In Trust area host 107.229.15.100 is visiting or have visited Untrust 107.228.10.100 B. the packet is VPN packet C. the follow-up to the firewall packat,need to match the session table and firewall security policy D. the outbound interface of forward direction flow is GigabitEthernet6/0/0 Answer: AD 11. CA (Certificate Authority) certificate used for verifying the user's identity of virtual gateway when SSL communication connection is established, saved in the device side, issued by the CA institution. A. TRUE B. FALSE Answer: A 12. Through display ike sa to see the result as follows, which statements are correct? (Multiple choice) current ike sa number: 1 ------------------------------------------------------------------------- connection-id peer vpn flag phase doi ------------------------------------------------------------------------- 0x1f1 13.2.2.1 0 RD|ST v1? 1 IPSEC 0x6043dc4 Flag meaning RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT A. The first stage ike sa has been successfully established B. The second stage ipsec sa has been successfully established C. ike is using version v1 D. ike is using version v2 Answer: AC 14. Which statement about L2TP message is wrong ? A. L2TP attached on PPP for account authentication B. control message can only be used for the establishment of the tunnel and session connection, maintenance, and transmission control C. Data messages can only be used to encapsulate PPP frame and transmission in tunnels D. Control messages and data messages can provide flow control and congestion control functions Answer: D 15. Which of the following attack does not belong to the network layer attack ? 3 / 5

  4. https://www.certqueen.com/H12-711-ENU.html A. IP spoofing attack B. Smurf attack C. ARP spoofing attack D. ICMP attack Answer: C 16. In VRRP (Virtual Router Redundancy Protocol), the master router periodically sends notification message(HELLO) to the backup router, the backup router is only responsible for monitoring notification message, not to respond. A. TRUE B. FALSE Answer: A 17. Use NAT technology, can only switch the network layer information (IP address) in the data packet . A. TRUE B. FALSE Answer: B 18. ASPF (Application Specific Packet Filter) is a kind of packet filtering based on the application layer, it checks the application layer protocol information and monitor the connection state of the application layer protocol. ASPF by Server Map table achieves a special security mechanism. Which statement about ASPF and Server map table are correct? (Multiple choice) A. ASPF monitors the packets in the process of communication B. ASPF dynamically create and delete filtering rules C. ASPF through server map table realize dynamic to allow multi-channel protocol data to pass D. quintuple server-map entries achieve a similar functionality with session table Answer: ABC 19. Forward in the process of online user management, online user authentication occurs only in the first package process, once the user through the authentication, equipment set up the session table, subsequent packets do not need to be repeated user authentication. A. TRUE B. FALSE Answer: A 20. The attacker by sending ICMP response request, and will request packet destination address set to suffer Internet radio address. Which kind of attack does this behavior belong to? A. IP spoofing attack 4 / 5

  5. https://www.certqueen.com/H12-711-ENU.html B. Smurf attack C. ICMP redirect attack D. SYN flood attack Answer: B 5 / 5 Powered by TCPDF (www.tcpdf.org)

More Related