Huawei H12-721 HCIP-Security-CISN Exam Practice Test Instant Access

Question 1

With regard to the Radius agreement, what are the following statements correct?

Auses the UDP protocol to transmit Radius packets.

Bauthentication and authorization port number can be 1812

CEncrypt the account when transferring user accounts and passwords using the Radius protocol

Dauthentication and authorization port number can be 1645

Answer : A, B, D

Question 2

The network of an enterprise is as follows. At this time, server A cannot access the web service of server B. The administrator performs troubleshooting and finds that there is no problem in the routing mode of firewall

AThe corresponding routing table has been established, but the firewall mode of firewall A is set. error. What is the method used by the administrator to troubleshoot the problem?

Alayering method

Bsegmentation method

Creplacement method

Dblock method

Answer : D

Question 3

The following figure shows the data packets captured during the pre-shared key mode master mode exchange process in the first phase of IKE V1. Which packet is captured below?

AIKE first message or second message

BIKE third message or fourth message

CIKE fifth message or sixth message

DIKE seventh message or eighth message

Answer : A

Question 4

Load balancing implements the function of distributing user traffic accessing the same IP address to different servers. What are the main technologies used?

Avirtual service technology

Bserver health test

Cdual hot standby technology

Dstream-based forwarding

Answer : A, B, D

Note: There are three main technologies for implementing load balancing: one is virtual service technology; the other is server health detection; the third is flow-based forwarding.

Question 5

What are the possible reasons why the firewall 2 IPSec VPN cannot be established successfully?

Adevice does not have a route to the intranet

B. The ACL referenced by the security policy configured on the gateways at both ends is incorrect.

CThe IPSec proposal configured on the gateways at both ends is inconsistent.

Dis not configured with DPD at both ends

Answer : A, B, C

Note: DPD (dear peer detection) can detect various abnormal states that may exist in the peer device in time.

Question 6

When configuring the USG hot standby, (assuming the backup group number is 1), the configuration command of the virtual address is correct?

Avrrp vrid 1 vitual-ip ip address master

Bvrrp vitual-ip ip address vrid 1 master

Cvrrp vitual-ip ip address master vrid 1

Dvrrp master vitual-ip address vrid 1

Answer : A

Question 7

On the following virtual firewall network, the USG unified security gateway provides leased services to the enterprise. The VPN instance vfw1 is leased to enterprise

AThe networking diagram is as follows. The PC C of the enterprise A external network user needs to access the intranet DMZ area server B through NAT. To achieve this requirement, what are the following key configurations?

A[USG] ip vpn-instance vfw1 vpn-id

B[USG] ip vpn-instance vfw1 [USG-vpn-vfw1] route-distinguisher 100:1 [USG-vpn-vfw1] quit

C[USG] nat server zone vpn-instance vfw1 untrust global 2.1.2.100 inside 192.168.1.2 vpn-instance vfw1

D[USG]nat address-group 1 2.1.2.5 2.1.2.10 vpn-instance vfw1

Answer : A, A, B, C

key configuration: First, create/delete VPN instance [undo] ip vpn-instance vpn-instance-name [vpn-id vpn-id] Second, specify the route ID for the VPN instance route-distinguisher vpn-route-distinguisher

Huawei H12-721 HCIP-Security-CISN V3.0 HCIP-Security-CISN Exam Practice Test