This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Thu Dec 26 15:31:10 2024 / +0000 GMT ___________________________________________________ Title: [Apr 01, 2024] 100% Real & Accurate H12-711 Questions with Free and Fast Updates [Q148-Q172] --------------------------------------------------- [Apr 01, 2024] 100% Real & Accurate H12-711 Questions with Free and Fast Updates Self-Study Guide for Becoming an HCIA-Security V3.0 Expert Huawei H12-711 exam comprises of 60 multiple-choice questions that need to be answered within 90 minutes. The questions are designed to test the technical knowledge and practical skills of candidates in the field of network security. H12-711 exam is conducted online, and candidates need to register through Huawei's website to take it. Moreover, the exam results are declared within three business days from the date of the exam.   NEW QUESTION 148Which of the following attacks does not belong to special packet attack?  ICMP redirect packet attack  ICMP unreachable packet attack  IP address scanning attack  Large ICMP packet attack NEW QUESTION 149Which of the following descriptions is wrong about IKE SA?  IKE SA is two-way  IKE is a UDP-based application layer protocol  IKE SA for IPSec SA services  The encryption algorithm used by user data packets is determined by IKE SA. NEW QUESTION 150Which types of encryption technology can be divided into? (Multiple Choice)  Symmetric encryption  Asymmetric encryption  Fingerprint encryption  Data encryption NEW QUESTION 151As shown in the figure, a NAT server application scenario is configured when the web configuration mode is used.Which of the following statements are correct? (Multiple choice)  When configuring an interzone security policy, set the source security zone to Untrust and the target security zone to DMZ.  When configuring NAT Server, the internal address is 10.1.1.2 and the external address is 200.10.10.1.  When configuring an interzone security policy, set the source security zone to DMZ and the target security zone to Untrust.  When configuring NAT Server, the internal address is 200.10.10.1 and the external address is 10.1.1.2. NEW QUESTION 152Which of the following statement about :he NAT is wrong?  NAT technology can effectively hide the hosts of the LAN. it is an effective network security protection technology  Address Translation can follow the needs of users, providing FTP. WWW, Telnet and other services outside the LAN  Some application layer protocols earn/ IP address information in the data, but also modify the P address information in the data of the upper layer when they are as NAT  For some non-TCP. UDP protocols (such as ICMP. PPTP), unable to do the NAT translation NEW QUESTION 153Firewall update signature database and Virus database online through security service center, requires the firewall can connect to the Internet first, and then need to configure the correct DNS addresses.  TRUE  FALSE NEW QUESTION 154Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are correct? (Multiple choice)  VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switchover.  VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment.  HRP is responsible for data backup during hot standby operation.  VGMP group in the active state may include the VRRP group in the standby state. NEW QUESTION 155Which of the following are the main implementations of gateway anti-viru3? (Multiple choice)  Agent scanning method  Stream scanning method  Package inspection method  File killing method NEW QUESTION 156Which of the following statement about the NAT is wrong?  NAT technology can effectively hide the costs of the LAN; it is an effective network security protection technology  Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services outside the LAN  Some application layer protocols carry IP address information in the data, but also modify the IP address information in the data of the upper layer when they are as NAT  For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do the NAT translation NEW QUESTION 157When the session authentication mode is used to trigger the firewall’s built-in Portal authentication, the user does not actively perform identity authentication, advanced service access, and device push “redirect” to the authentication page.  True  False NEW QUESTION 158What do VLAN port types include? (Choose three.)  Access Port  Trunk port  Hybrid port  Ethernet port NEW QUESTION 159Which of the following options belong to the necessary configuration for the firewall double hot standby scenario? (Multiple Choice)  hrp enable  hrp mirror session enable  hrp interface interface-type interface-number  hrp preempt [delay interval] NEW QUESTION 160Which of the following is not a hash algorithm?  MD5  SHA1  SM1  SHA2 NEW QUESTION 161Which of the following are the necessary configurations of IPSec VPN? (Multiple Choice)  Configuring IKE neighbors  Configure IKE SA related parameters  Configuring IPSec SA related parameters  Configure the stream of interest NEW QUESTION 162What is the nature of information security in “Implementation of security monitoring and management of information and information systems to prevent the illegal use of information and information systems”?  Confidentiality  Controllability  Non-repudiation  Integrity NEW QUESTION 163Intrusion prevention system technical characteristics include (Multiple choice)  Online mode  Real-time blocking  Self-learning and adaptive  Straight road deployment NEW QUESTION 164The GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If the area connected to GE1/0/1 can accessthe area connected to GE1/0/2, which of the following is correct?  Need to configure local to DMZ security policy  No need to do any configuration  Need to configure an interzone security policy  Need to configure DMZ to local security policy NEW QUESTION 165Execute the command on the firewall and display the following information. which of the following description is correct? (Multiple Choice) HRP_A [USG_A] display vrrp interfaceGigabitEthernet 0/0/1 GigabitEthernet0/0/1 | Virtual Router 1 VRRP Group: Active state: Active Virtual IP: 202.38.10.1 Virtual MAC: 0000-5e00-0101 Primary IP: 202.38.10.2 PriorityRun: 100 PriorityConfig: 100 MasterPriority: 100 Preempt: YES Delay Time: 10  The status of this firewall VGMP group is Active.  This firewall G1 / 0/1 virtual interface IP address 202.30.10.2  This firewall VRID is 1 the VRRP priority to backup group 100  Will not switch when the primary device fails NEW QUESTION 166Which of the following is used to encrypt digital fingerprints in digital signature technology?  sender public key  sender private key  Receiver public key  Receiver private key NEW QUESTION 167IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data  True  False NEW QUESTION 168Which of the following is correct about firewall IPSec policy?  By default, IPSec policy can control unicast packets and broadcast packets.  By default, IPSec policy can control multicast.  By default, IPSec policy only controls unicast packets.  By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets 。 NEW QUESTION 169The single-point login function of the online user, the user authenticates directly to the AD server, and the device does not interfere with the user authentication process. The AD monitoring service needs to be deployed on the USG device to monitor the authentication information of the AD server.  True  False NEW QUESTION 170Winch of the following is the encryption technology used in digital envelopes?  Symmetric encryption algorithm  Asymmetric encryption algorithm NEW QUESTION 171In the current network it has deployed other authentication system, device registration function by enabling a single point, reducing the user to re-enter the password.What are correct about single sign-on statements? (Multiple choice)  device can identify the user through the authentication of the identity authentication system, user access, the device will not push authentication pages, to avoid further asked to enter a username / password  AD domain single sign-on is only one deployment model  Although not require to enter a user password, but the authentication server needs to interact with the user password and devices used to ensure that certification through discussion  AD domain single sign-on login can be mirrored data stream synchronized manner to the firewall NEW QUESTION 172Which ofthe following are the standard port numbers for the FTP protocol? (Multiple choice)  20  21  23  80  Loading … Huawei H12-711 certification exam consists of 60 multiple-choice questions that need to be completed within 90 minutes. The passing score for the exam is 60%, and the exam is available in both English and Chinese. H12-711 exam can be taken at any Huawei Authorized Learning Partner (HALP) or at a Pearson VUE testing center.   H12-711 Study Guide Realistic Verified H12-711 Dumps: https://www.examslabs.com/Huawei/HCNA-Security/best-H12-711-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-04-01 16:44:17 Post date GMT: 2024-04-01 16:44:17 Post modified date: 2024-04-01 16:44:17 Post modified date GMT: 2024-04-01 16:44:17