This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ]

Export date:Thu Nov 7 7:28:31 2024 / +0000 GMT

___________________________________________________


Title: [Apr 01, 2024] 100% Real & Accurate H12-711 Questions with Free and Fast Updates [Q148-Q172]

---------------------------------------------------



 [Apr 01, 2024] 100% Real & Accurate H12-711 Questions with Free and Fast Updates
Self-Study Guide for Becoming an HCIA-Security V3.0 Expert


Huawei H12-711 exam comprises of 60 multiple-choice questions that need to be answered within 90 minutes. The questions are designed to test the technical knowledge and practical skills of candidates in the field of network security. H12-711 exam is conducted online, and candidates need to register through Huawei's website to take it. Moreover, the exam results are declared within three business days from the date of the exam.
 


NEW QUESTION 148Which of the following attacks does not belong to special packet attack?
 ICMP redirect packet attack
 ICMP unreachable packet attack
 IP address scanning attack
 Large ICMP packet attack
NEW QUESTION 149Which of the following descriptions is wrong about IKE SA?
 IKE SA is two-way
 IKE is a UDP-based application layer protocol
 IKE SA for IPSec SA services
 The encryption algorithm used by user data packets is determined by IKE SA.
NEW QUESTION 150Which types of encryption technology can be divided into? (Multiple Choice)
 Symmetric encryption
 Asymmetric encryption
 Fingerprint encryption
 Data encryption
NEW QUESTION 151As shown in the figure, a NAT server application scenario is configured when the web configuration mode is used.Which of the following statements are correct? (Multiple choice)
 When configuring an interzone security policy, set the source security zone to Untrust and the target security zone to DMZ.
 When configuring NAT Server, the internal address is 10.1.1.2 and the external address is 200.10.10.1.
 When configuring an interzone security policy, set the source security zone to DMZ and the target security zone to Untrust.
 When configuring NAT Server, the internal address is 200.10.10.1 and the external address is 10.1.1.2.
NEW QUESTION 152Which of the following statement about :he NAT is wrong?
 NAT technology can effectively hide the hosts of the LAN. it is an effective network security protection technology
 Address Translation can follow the needs of users, providing FTP. WWW, Telnet and other services outside the LAN
 Some application layer protocols earn/ IP address information in the data, but also modify the P address information in the data of the upper layer when they are as NAT
 For some non-TCP. UDP protocols (such as ICMP. PPTP), unable to do the NAT translation
NEW QUESTION 153Firewall update signature database and Virus database online through security service center, requires the firewall can connect to the Internet first, and then need to configure the correct DNS addresses.
 TRUE
 FALSE
NEW QUESTION 154Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are correct? (Multiple choice)
 VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switchover.
 VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment.
 HRP is responsible for data backup during hot standby operation.
 VGMP group in the active state may include the VRRP group in the standby state.
NEW QUESTION 155Which of the following are the main implementations of gateway anti-viru3? (Multiple choice)
 Agent scanning method
 Stream scanning method
 Package inspection method
 File killing method
NEW QUESTION 156Which of the following statement about the NAT is wrong?
 NAT technology can effectively hide the costs of the LAN; it is an effective network security protection technology
 Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services outside the LAN
 Some application layer protocols carry IP address information in the data, but also modify the IP address information in the data of the upper layer when they are as NAT
 For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do the NAT translation
NEW QUESTION 157When the session authentication mode is used to trigger the firewall’s built-in Portal authentication, the user does not actively perform identity authentication, advanced service access, and device push “redirect” to the authentication page.
 True
 False
NEW QUESTION 158What do VLAN port types include? (Choose three.)
 Access Port
 Trunk port
 Hybrid port
 Ethernet port
NEW QUESTION 159Which of the following options belong to the necessary configuration for the firewall double hot standby scenario? (Multiple Choice)
 hrp enable
 hrp mirror session enable
 hrp interface interface-type interface-number
 hrp preempt [delay interval]
NEW QUESTION 160Which of the following is not a hash algorithm?
 MD5
 SHA1
 SM1
 SHA2
NEW QUESTION 161Which of the following are the necessary configurations of IPSec VPN? (Multiple Choice)
 Configuring IKE neighbors
 Configure IKE SA related parameters
 Configuring IPSec SA related parameters
 Configure the stream of interest
NEW QUESTION 162What is the nature of information security in “Implementation of security monitoring and management of information and information systems to prevent the illegal use of information and information systems”?
 Confidentiality
 Controllability
 Non-repudiation
 Integrity
NEW QUESTION 163Intrusion prevention system technical characteristics include (Multiple choice)
 Online mode
 Real-time blocking
 Self-learning and adaptive
 Straight road deployment
NEW QUESTION 164The GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If the area connected to GE1/0/1 can accessthe area connected to GE1/0/2, which of the following is correct?
 Need to configure local to DMZ security policy
 No need to do any configuration
 Need to configure an interzone security policy
 Need to configure DMZ to local security policy
NEW QUESTION 165Execute the command on the firewall and display the following information. which of the following description is correct? (Multiple Choice) HRP_A [USG_A] display vrrp interfaceGigabitEthernet 0/0/1 GigabitEthernet0/0/1 | Virtual Router 1 VRRP Group: Active state: Active Virtual IP: 202.38.10.1 Virtual MAC: 0000-5e00-0101 Primary IP: 202.38.10.2 PriorityRun: 100 PriorityConfig: 100 MasterPriority: 100 Preempt: YES Delay Time: 10
 The status of this firewall VGMP group is Active.
 This firewall G1 / 0/1 virtual interface IP address 202.30.10.2
 This firewall VRID is 1 the VRRP priority to backup group 100
 Will not switch when the primary device fails
NEW QUESTION 166Which of the following is used to encrypt digital fingerprints in digital signature technology?
 sender public key
 sender private key
 Receiver public key
 Receiver private key
NEW QUESTION 167IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data
 True
 False
NEW QUESTION 168Which of the following is correct about firewall IPSec policy?
 By default, IPSec policy can control unicast packets and broadcast packets.
 By default, IPSec policy can control multicast.
 By default, IPSec policy only controls unicast packets.
 By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets 。
NEW QUESTION 169The single-point login function of the online user, the user authenticates directly to the AD server, and the device does not interfere with the user authentication process. The AD monitoring service needs to be deployed on the USG device to monitor the authentication information of the AD server.
 True
 False
NEW QUESTION 170Winch of the following is the encryption technology used in digital envelopes?
 Symmetric encryption algorithm
 Asymmetric encryption algorithm
NEW QUESTION 171In the current network it has deployed other authentication system, device registration function by enabling a single point, reducing the user to re-enter the password.What are correct about single sign-on statements? (Multiple choice)
 device can identify the user through the authentication of the identity authentication system, user access, the device will not push authentication pages, to avoid further asked to enter a username / password
 AD domain single sign-on is only one deployment model
 Although not require to enter a user password, but the authentication server needs to interact with the user password and devices used to ensure that certification through discussion
 AD domain single sign-on login can be mirrored data stream synchronized manner to the firewall
NEW QUESTION 172Which ofthe following are the standard port numbers for the FTP protocol? (Multiple choice)
 20
 21
 23
 80
 Loading …






	
	


Huawei H12-711 certification exam consists of 60 multiple-choice questions that need to be completed within 90 minutes. The passing score for the exam is 60%, and the exam is available in both English and Chinese. H12-711 exam can be taken at any Huawei Authorized Learning Partner (HALP) or at a Pearson VUE testing center.
 

H12-711 Study Guide Realistic Verified H12-711 Dumps: https://www.examslabs.com/Huawei/HCNA-Security/best-H12-711-exam-dumps.html


---------------------------------------------------


Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif
https://blog.examslabs.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------




---------------------------------------------------


Post date: 2024-04-01 16:44:17

Post date GMT: 2024-04-01 16:44:17

Post modified date: 2024-04-01 16:44:17

Post modified date GMT: 2024-04-01 16:44:17