HUAWEI H12-711_V3.0 Free Practice Questions

NEW QUESTION 1

For the process of forwarding session header packets between firewall domains, there are the following steps:
* 1, look up the routing table
* 2, find the inter-domain packet filtering rules
* 3, lookup session table
* 4, find the blacklist
Which of the following is in the correct order?

• A. 1->3->2->4
• B. 3->2->1->4
• C. 3->4->1->2
• D. 4->3->1->2

Answer: C

NEW QUESTION 2

Which of the following is not a major form of computer crime?

• A. Implant the Trojan horse on the target host
• B. Hacking the target host
• C. Personal questionnaires using a computer
• D. Using scanning tools to collect network information without permission

Answer: C

NEW QUESTION 3

When the company network administrator configures dual-system hot backup, (fill in the blank) configure the status of VRRP backup group l as Active, and configure the virtual IP address as 10.1.1.1/24
system-view
[sysname] interface GigabitEthernet 0/0/1
[sysname-GigabitEthernet0/0/l] ( ), the command to be typed in the blank is (please fill in the complete command in all lowercase)

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

Which of the following descriptions about the main implementation of single sign-on is wrong? ( )[Multiple choice]*

• A. Accept PC message mode
• B. Query the AD server security log mode
• C. Query the syslog server mode
• D. Firewall monitors AD authentication packets

Answer: C

NEW QUESTION 5

After the firewall detects a virus, which of the following will release the virus? ( )[Multiple choice]*

• A. Not a protocol supported by the firewall
• B. Hit apply exception
• C. The source IP hits the whitelist
• D. Hit virus exception

Answer: D

NEW QUESTION 6

Which of the following options is not part of the quintuple range?

• A. sourceIP
• B. sourceMAC
• C. PurposeIP
• D. destination port

Answer: B

NEW QUESTION 7

Which of the following areFTPThe standard port number of the protocol? (multiple choice)

• A. 20
• B. twenty one
• C. twenty three
• D. 80

Answer: AB

NEW QUESTION 8

During the process of establishing IPSec VPN between peers FW_A and FW_B, two types of security associations need to be established in two stages. In the first stage, ______ is established to verify the identity of the peers.[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

Drag the warning level of the network security emergency response on the left into the box on the right, and arrange it from top to bottom in order of severity.[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

Which of the following is network address port translation (NAPT) and only translate network addresses (No-PAT) difference?

• A. go throughNo-PATAfter conversion, for external network users, all packets come from the sameIPaddress
• B. No-PATOnly supports protocol port translation at the transport layer
• C. NAPTOnly supports protocol address translation at the network layer
• D. No-PATSupports protocol address translation at the network layer

Answer: D

NEW QUESTION 11

The administrator wishes to clear the current session table. Which of the following commands is correct? (
)[Multiple choice]*

• A. display session table
• B. display firewall session table
• C. reset firewall session table
• D. clear firewall session table

Answer: C

NEW QUESTION 12

UDPA port scan is when an attacker sends a zero byte lengthUDPmessage to a specific port of the target host, if the port is open, it will return aICMPPort reachable data packets.

• A. True
• B. False

Answer: B

NEW QUESTION 13

Which of the following statements about the PKI life cycle is correct?

• A. Certificate renewal: When the certificate expires and the key is leaked, the PKI entity must replace the certificat
• B. The purpose of renewal can be achieved by re-applying, or it can be automatically renewed using SCEP or CPv2 protocol.
• C. Certificate download: The PKI entity downloads the issued certificate to the RA server through SCEP or CIPvz protocol, or through DAP.HIITP or out-of-band mode, download the issued certificate.
• D. Certificate issuance: When a PKI entity applies for a local certificate from a CA, if there is an RA, the RA will first review the identity information of the PKI entit
• E. After the verification is passed, the RA will send the application information to the CA.
• F. Certificate application: certificate application, namely certificate registration, is a PKI entity introducing itself to the CA and obtaining a certificate

Answer: ABCD

NEW QUESTION 14

Regarding the single sign-on supported by the firewall, which one of the following is not included?

• A. RADIUS.Single sign-on
• B. ISM single sign-on
• C. AD single sign-on
• D. HWTACACS single sign-on

Answer: D

NEW QUESTION 15

Which of the following options are malicious programs? (multiple choice)

• A. Trojan horse
• B. Vulnerability
• C. worm
• D. Virus

Answer: ACD

NEW QUESTION 16

An employee of a company accesses the internal web server of the company through the firewall. The web page of the website can be opened by using a browser, but the reachability of the web server is tested by using the Ping command, and it shows that it is unreachable. What are the possible reasons?

• A. The security policy deployed on the firewall allows the TCP protocol, but not the ICMP protocol
• B. The web server is down
• C. The security policy deployed on the firewall allows the HTTP protocol, but not the ICMP protocol
• D. The interface of the firewall connecting to the server is not added to the security zone

Answer: C

NEW QUESTION 17
......