Huawei H12-721 HCIP-Security-CISN Exam Practice Test Instant Access

Question 1

USG A and USG B are configured with a static BFD session. The following is true about the process of establishing and tearing down a BFD session.

AUSG A and USG B each start the BFD state machine. The initial state is Down and the BFD packet is Down. The value of Your Discriminator is 0.

BAfter the local BFD status of B USG B is Init, if you continue to receive packets with the status Down, you can re-process and update its local status.

CAfter receiving the BFD packet in the init state, C USG B switches the local state to Up.

DAfter the state transition of 'DOWN-->INIT' occurs on D USG A and USG B, a timeout timer is started. If the BFD packet is in the Init or Up state, the local state is automatically switched back to Down.

Answer : C, D

Note: 1. USG A and USG B each start the BFD state machine. The initial state is Down and the BFD packet is Down. For a static BFD session, the value of the Your Discriminator is specified by the user. For the dynamic BFD session, the value of the Your Discriminator is 0. 2. After receiving the BFD packet whose status is Down, the USG B switches to Init. And send a BFD packet with the status of Init. 3. If the local BFD state of USG B is Init, the packets of the received state are Down. 4. The BFD state of USG A is the same as that of USG B. 5. After receiving the BFD packet in the Init state, the local state is switched to Up. 6. The BFD status of USG A changes with USG B. 7. After the state transition of 'DOWN-->INIT' occurs on USG A and USG B, a timeout timer is started. If the BFD packet is in the Init or Up state, the local state is automatically switched back to Down.

Question 2

In the active/standby mode of the USG dual-system hot backup, the service interface works at Layer 3, and the upstream and downstream routers are connected. The administrator checks that the USG_A state has been switched to HRP_M[USG_A] and the USG_B state is also HRP_M[USG_B]. What are the most likely reasons?

Auses the wrong HRP channel interface

BHeartbeat connectivity is problematic

Cdoes not configure session fast backup

Dno hrp enable

Answer : A, B

Question 3

If the IPSec policy is configured in the policy template and sub-policy mode, the firewall applies the policy template first and then applies the sub-policy.

ATRUE

BFALSE

Answer : B

Note: Choose template mode or non-template mode: There are three main modes depending on the characteristics of the peer device: First, remote mobile client access, do not know the client IP address, can not configure remote-address, can only be used Template mode + barbarian mode name authentication; second, communication between two branches, IP address is fixed, non-template mode is used; third, branch office is not fixed IP, then the headquarters uses policy template mode, branch use Strategy mode.

Question 4

The USG_B status is HRP_M[USG_A], and the USG_B status is HRP_S[USG_B]. The status of the USG_A is HRP_M[USG_A]. However, all traffic did not pass USG_A completely, and half of the traffic also passed USG_B.

A[USG_A]hrp ospf-cost adjust-enable [USG_B]hrp ospf-cost adjust-enable

B[USG_B]interface GigabitEthernet 0/0/1 [USG_B- GigabitEthernet 0/0/1]hrp track master
[USG_B]interface GigabitEthernet 0/0/3 [USG_B- GigabitEthernet 0/0/3]hrp track master

Chrp preempt delay 60

DThe address of the heartbeat is not released to OSPF.

Answer : D

Question 5

Site to Site IPSec VPN negotiation failed. Which of the following should be checked? 1. Network connectivity issues; 2. View the establishment of IKE phase 1 security associations and related configurations; 3. View the establishment of IKE phase 2 security associations and related configurations; 4. See if the security ACLs at both ends mirror each other.

A1 4 2 3

B4 2 3 1

C2 3 1 4

D4 1 2 3

Answer : A

Question 6

The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.

ATRUE

BFALSE

Answer : B

Question 7

Which of the following methods is used to switch between active and standby links in the IPSec backup and backup system?

Ahot standby

Blink-group

CEth-trunk

Dip-link

Answer : D

Huawei H12-721 HCIP-Security-CISN V3.0 HCIP-Security-CISN Exam Practice Test