CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Huawei H12-711_V3.0 Dumps Questions Answers

Page: 1 / 18
Total 492 questions
Get H12-711_V3.0 Full Access Download H12-711_V3.0 PDF

HCIA-Security V3.0 Questions and Answers

Question 1

When using the ______ function of SSL VPN, the virtual gateway will assign an intranet IP address to the access user, which is used for the access user to access the P resources of the intranet[fill in the blank]*

Options:

Buy Now
Question 2

in the administratorUSGWhich of the following operations are required during the firewall software version upgrade? (multiple choice)

Options:

A.

Upload firewall version software

B.

Restart the device

C.

Factory reset the device

D.

Specify the software version to be loaded on the next boot

Question 3

The reason why NAPT can realize one-to-many address translation is that the ______ is also translated when the address is translated, so multiple private addresses can share the same public address.[fill in the blank]*

Options:

Question 4

IPThe protocol in the header (protocol) field identifies the protocol used by its upper layer. Which of the following field values indicates that the upper layer protocol isUDPprotocol?

Options:

A.

6

B.

17

C.

11

D.

18

Question 5

When the company's network administrator is performing dual-system hot backup, due to the possibility of inconsistent round-trip paths, if he wants to enable the session fast backup function, the command that needs to be entered is ______[fill in the blank]*

Options:

Question 6

which of the followingIPSec VPNnecessary configuration? (multiple choice)

Options:

A.

configureIKEneighbour

B.

configureIKE SARelated parameters

C.

configureIPSec SARelated parameters

D.

Configure streams of interest

Question 7

What is the corresponding warning level for major network security incidents?

Options:

A.

red alert

B.

Orange Alert

C.

Yellow Alert

D.

blue alert

Question 8

Which of the following descriptions about dual-system hot backup is wrong? ( )[Multiple choice]*

Options:

A.

By default the preemption delay is 60s

B.

Whether it is a Layer 2 or Layer 3 interface, whether it is a service interface or a heartbeat interface, it needs to be added to a security zone

C.

By default, the active preemption function is enabled

D.

Dual-system hot backup function requires license support

Question 9

The firewall imports users locally, and supports importing user information from _____ format files and database dbm files to the local device.[fill in the blank]*

Options:

Question 10

Which of the following statements about electronic evidence sources is false?

Options:

A.

Facsimile data and mobile phone recordings are electronic evidence related to communication technology.

B.

Movies and TV series are electronic evidence related to network technology.

C.

Database operation records and operating system logs are electronic evidence related to computers•

D.

OS logs,e-mail, chat records can be used as a source of electronic evidence

Question 11

Single sign-on function for Internet users, users directlyADServer authentication, the device does not interfere with the user authentication process,ADMonitoring services need to be deployed inUSGequipment, monitoringADAuthentication information of the server

Options:

A.

True

B.

False

Question 12

Business Impact Analysis (BIA) does not include which of the following?

Options:

A.

business priority

B.

Incident handling priority

C.

impact assessment

D.

Risk Identification

Question 13

Admin wants to createwebconfiguration administrator, devicewebaccess port number20000, and the administrator is at the administrator level, which of the following commands is correct?

Options:

A.

B.

C.

D.

Question 14

Please sort from large to small according to the table processing priority of iptables.[fill in the blank]*

Options:

Question 15

The attacker searches the ports currently open by the attacked object by scanning the ports to determine the attack mode. In port scanning attacks, attackers usually use Port Scan attack software to initiate a series of TCP/UDP connections, and determine whether the host uses these ports to provide services according to the response packets. Such network probing is called _____ scanning.[fill in the blank]*

Options:

Question 16

Which of the following options is correct regarding the actions of the security policy and the description of the security profile? (multiple choice)

Options:

A.

Prohibited if the action of the security policy is"prohibit", the device will discard this traffic, and will not perform content security checks in the future.

B.

The security profile can take effect even if the action is allowed under the security policy

C.

The security profile must be applied under the security policy whose action is Allowed to take effect.

D.

If the security policy action is"allow", the traffic will not match the security profile

Question 17

A company's employee account has expired, but the account can still be used to access the company's server. Which security risks do the above scenarios belong to? (multiple choice)

Options:

A.

Manage security risks

B.

access security risk

C.

system security risk

D.

physical security risk

Question 18

IPv6 supports configuring router authorization function on the device, verifying peer identity through digital certificate, and selecting legal device. ( )[Multiple choice]*

Options:

A.

True

B.

False

Question 19

Encryption technology can convert readable information into unreadable information through certain methods.

Options:

A.

True

B.

False

Question 20

at HuaweiSDSecIn the solution, which of the following is an analysis layer device?

Options:

A.

CIS

B.

Agile Controller

C.

switch

D.

Firehunter

Question 21

Which of the following options isL2TPThe port number used by the packet?

Options:

A.

17

B.

500

C.

1701

D.

4500

Question 22

In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options are correct for the description of tracking technology? (multiple choice)

Options:

A.

Packet logging technology through the tracedIPInsert trace data into packets to mark packets on each router they pass through

B.

Link testing technology determines the information of the attack source by testing the network link between routers

C.

Packet marking technology extracts attack source information by logging packets on routers and then using data drilling techniques

D.

Shallow mail behavior analysis can achieveIPAnalysis of addresses, sent time, sending frequency, number of recipients, shallow email headers, and more.

Question 23

In which of the following scenarios does the firewall generate the Server map table? ( )

Options:

A.

NAT Server is deployed on the firewall

B.

ASPF is deployed on the firewall and forwards the traffic of the multi-channel protocol

C.

When the firewall generates a session table, it will generate a Server-map table

D.

Security policies are deployed on the firewall and traffic is released

Question 24

In symmetric encryption algorithms, the ________ algorithm is used over a data communication channel, browser or network link.[fill in the blank]*

Options:

Question 25

After a network intrusion event occurs, the identity of the intrusion, the source of the attack and other information are obtained according to the plan, and the intrusion behavior is blocked. The above actions belong to PDRR. What are the links in the network security model? (multiple choice)

Options:

A.

Protection link

B.

Detection link

C.

response link

D.

recovery link

Question 26

The digital certificate fairs the public key through a third-party organization, thereby ensuring the non-repudiation of data transmission. Therefore, to confirm the correctness of the public key, only the certificate of the communicating party is required.

Options:

A.

True

B.

False

Question 27

Which of the following are functions of address translation technology?(multiple choice)

Options:

A.

Address translation enables internal network users (privateIPaddress) accessInternet

B.

Address translation allows many hosts on an internal LAN to share oneIPInternet address

C.

Address translation can handle encryptedIPheader

D.

Address translation can shield users on the internal network and improve the security of the internal network

Question 28

TCSECWhich of the following protection levels are included in the standard? (multiple choice)

Options:

A.

Verify protection level

B.

Mandatory protection level

C.

autonomous protection level

D.

Passive protection level

Question 29

existL2TPconfiguration, for the commandTunnel Name, which of the following statements is true? (multiple choice)

Options:

A.

Used to specify the tunnel name of the local end

B.

Used to specify the tunnel name of the peer

C.

both endsTunnel Nnamemust be consistent

D.

If not configuredTunnel Name, the tunnel name is the local system name

Question 30

Which of the following is true about the firewall log when the firewall hard drive is in place?

Options:

A.

Administrators can post content logs to view network threat detection and defense records

B.

Administrators can learn about user security risk behaviors and the reasons for being alerted or blocked through threat logs

C.

Through the user activity log, administrators can obtain information such as user behaviors, searched keywords, and the effectiveness of audit policy configurations.

D.

The administrator can learn the security policy of the traffic hit through the policy hit log, which can be used for fault location when a problem occurs.

Question 31

"Caesar Cipher"Data is mainly encrypted by using a specific specification of stick.

Options:

A.

True

B.

False

Question 32

SIPprotocol usageSDPmessage to establish a session,SDPThe message contains a remote address or a multicast address

Options:

A.

True

B.

False

Question 33

Which of the following are remote authentication methods? (multiple choice)

Options:

A.

RADIUS

B.

Local

C.

HWTACACS

D.

LLDP

Question 34

Security technology has different methods in different technical levels and fields. Which of the following devices can be used for network layer security? (multiple choice)

Options:

A.

Vulnerability Scanning Device

B.

firewall

C.

Anti-DDoSequipment

D.

IPS/IDSequipment

Question 35

Digital signature is to generate digital fingerprint by using hash algorithm, so as to ensure the integrity of data transmission

Options:

A.

True

B.

False

Question 36

firewallGE1/0/1andGE1/0/2mouth belongs toDMZarea, if you want to implementGE1/0/1The connected area is accessibleGE1/0/2Connected area, which of the following is correct?

Options:

A.

needs to be configuredlocalarriveDMZsecurity policy

B.

No configuration required

C.

Interzone security policy needs to be configured

D.

needs to be configuredDMZarrivelocalsecurity policy

Question 37

firewallGE1/0/1andGE1/0/2mouth belongs toDMZarea, if you want to implementGE1/0/1The connected area is accessibleGE1/0/2Connected area, which of the following is correct?

Options:

A.

needs to be configuredLocalarriveDMZsecurity policy

B.

No configuration required

C.

Interzone security policy needs to be configured

D.

needs to be configuredDMZarrivelocalsecurity policy

Question 38

Regarding the description of vulnerability scanning, which of the following is false?

Options:

A.

Vulnerability scanning is a network-based technology for remotely monitoring the security performance vulnerabilities of target networks or hosts, and can be used to conduct simulated attack experiments and security audits.

B.

Vulnerability scanning is used to detect whether there are vulnerabilities in the target host system, generally scanning the target host for specific vulnerabilities

C.

Vulnerability scanning is a passive preventive measure that can effectively avoid hacker attacks

D.

can be based onpingScan and port scan results for vulnerability scanning

Question 39

Which of the following is not a key technology of antivirus software?

Options:

A.

Shelling technology

B.

self protection

C.

format the disk

D.

Update virus database in real time

Question 40

Which of the following options is correct regarding the description of firewall hot standby? (multiple choice)

Options:

A.

When the dual-system backup function needs to be provided in multiple areas on the firewall, it is necessary to configure multipleVRRPbackup group

B.

require the same firewall on the sameVGMPmanagement group ownedVRRPBackup group status remains consistent

C.

Firewall dual-system hot backup requires session table,MACInformation such as tables and routing tables are synchronized and backed up between the master device and the slave device

D.

VGMPto guarantee allVRRPConsistency of backup group switching

Question 41

VGMPIn which of the following situations occurs in the group, the group will not actively send the message to the peerVGMPmessage/

Options:

A.

Dual-system hot backup function enabled

B.

Manually switch the active and standby status of the firewall

C.

Firewall service interface failure

D.

Session table entry changes

Question 42

Which of the following options is not part of the quintuple range?

Options:

A.

sourceIP

B.

sourceMAC

C.

PurposeIP

D.

destination port

Question 43

existUSGseries firewall, you can use. The function provides well-known application services for non-well-known ports.

Options:

A.

Port Mapping

B.

MACandIPaddress binding

C.

packet filtering

D.

Long connection

Question 44

Which of the following types of encryption technology can be divided into? (multiple choice)

Options:

A.

Symmetric encryption

B.

Symmetric encryption

C.

fingerprint encryption

D.

data encryption

Question 45

existVRRP(Virtual Router Redundancy Protocol) group, the primary firewall regularly sends notification messages to the backup firewall, and the backup firewall is only responsible for monitoring notification messages and will not respond

Options:

A.

True

B.

False

Question 46

Which of the following is true about the security policy configuration command?

Options:

A.

prohibited fromtrustRegional accessuntrustarea and the destination address is10.1.10.10hostICMPmessage

B.

prohibited fromtrustRegional accessuntrustarea and the destination address is10.1.0.0/16All hosts on the segmentICMPmessage

C.

prohibited fromtrustRegional accessuntrustregion and the source address is10.1.0.0/16All hosts from the network segmentICMPmessage

D.

prohibited fromtrustRegional accessuntrustregion and the source address is10.2.10.10All hosts from hostICMPmessage

Question 47

For the process of forwarding session header packets between firewall domains, there are the following steps:

1, look up the routing table

2, find the inter-domain packet filtering rules

3, lookup session table

4, find the blacklist

Which of the following is in the correct order?

Options:

A.

1->3->2->4

B.

3->2->1->4

C.

3->4->1->2

D.

4->3->1->2

Question 48

Which of the following options is not included in the survey respondents in the security assessment method?

Options:

A.

network system administrator

B.

security administrator

C.

HR

D.

Technical director

Question 49

Intrusion Prevention System (IPS) is a defense system that can block in real time when an intrusion is detected

Options:

A.

True

B.

False

Question 50

For network security incidents that occur, remote emergency response is generally adopted first. If the problem cannot be solved for the customer through remote access, after confirmation by the customer, go to the local emergency response process

Options:

A.

True

B.

False

Question 51

In digital signature technology, we usually encrypt the digital fingerprint with the sender's ( ). (fill in the blank)

Options:

Question 52

An engineer needs to back up the firewall configuration. Now he wants to use a command to view all the current configurations of the firewall. May I ask the command he uses is ____[fill in the blank]*

Options:

Question 53

Because NAT technology can realize one-to-many address translation. So with NAT technology, there is no need to worry about insufficient IPv4 addresses.

Options:

A.

True

B.

False

Question 54

Which of the following options are available for IPSec VPN peer authentication?

Options:

A.

Digital signature

B.

Digital certificate

C.

Digital envelope

D.

asymmetric key

Question 55

The TCP/IP protocol stack packet encapsulation includes: Which of the following describes the encapsulation order (sort order: ABDC)

Options:

A.

Data

B.

TCP/UDP

C.

MAC

D.

IP

Question 56

According to the level protection requirements, which of the following behaviors belong to the scope of information security operation and maintenance management? ( )*

Options:

A.

Participate in information security training

B.

Backup or restore data

C.

Develop an emergency response plan

D.

Security hardening of the host

Question 57

In which of the following scenarios does the firewall generate the Server-map table?

Options:

A.

When the firewall generates a session table, it will generate a Server-map table

B.

ASPF is deployed on the firewall and forwards the traffic of the multi-channel protocol

C.

Security policies are deployed on the firewall and traffic is released

D.

NAT Server is deployed on the firewall

Question 58

_____ Authentication is to configure user information (including local user's user name, password and various attributes) on the network access server. The advantage is that it is fast.[fill in the blank]*

Options:

Question 59

If we do not want to generate a reverse Server Mapi entry when configuring NAT Server, we need to add a parameter when configuring NATServerE. This parameter is ( ) (fill in the blank)

Options:

Question 60

Which of the following attacks is not a cyber attack?

Options:

A.

IP spoofing attack

B.

SmurfI attack

C.

MAC address spoofing attack

D.

ICMP attack

Question 61

Which of the following statements about OSPF is correct?

Options:

A.

Distance Vector Protocol

B.

Good scalability

C.

No loops

D.

Support authentication

Question 62

Regarding NAT technology. Which of the following descriptions is false?

Options:

A.

In Huawei firewalls, source NAT technology refers to the translation of the source address in the IP header of the connection that initiates the connection.

B.

In the Huawei firewall, Easy IP directly uses the public network address of the interface as the translated address, and does not need to configure a NAT address pool.

C.

In Huawei firewalls, the NAT No-PAT technology needs to be implemented by configuring a NAT address pool.

D.

In Huawei firewalls, the only NAT technology with port translation is NAPT.

Question 63

Which of the following does not belong to the block encryption algorithm in the symmetric encryption algorithm?

Options:

A.

RC5

B.

RC4

C.

RC6

D.

RC2

Question 64

If foreign criminals use the Internet to steal my country's state secrets, what kind of early warning will the state initiate?

Options:

A.

Orange Alert

B.

Yellow Alert

C.

Blue Alert

D.

Red Alert

Question 65

( ) Can block discovered network intrusions in real time. (fill in the blank)

Options:

Question 66

Which of the following does not belong to the log format of the firewall? ( )[Multiple choice]

Options:

A.

binary format

B.

netflow format

C.

ASCII encoding format

D.

Syslog format

Question 67

To configure a NAT policy in command line mode, you need to use the .command ( ) in the system view to enter the NAT policy configuration view. (all lowercase) (fill in the blank)

Options:

Question 68

If the company network administrator needs to check the status of the heartbeat interface after configuring the company’s dual-system hot backup, the command he needs to type is ( ) The system view has been entered by default) (fill in the blank)

Options:

Question 69

Database operation records can be used as ___ evidence to backtrack security events.[fill in the blank]*

Options:

Question 70

Which of the following descriptions of the firewall log is wrong?

Options:

A.

The log level Emergency is the most severe level

B.

Alert log level indicates a major abnormality of the device, requiring immediate action

C.

According to the severity level or urgency of the information. The log can be divided into 8 levels. The more serious the information, the greater the log level value.

D.

The ebug log level indicates that it is general information about the normal operation of the device, and the user does not need to pay attention

Question 71

The administrator is connected to the firewall through the G1/0/0 interface (the interface has been added to the Trust Zone). If the administrator is allowed to perform configuration management through the G1/0/0 login image firewall, how to configure the security policy to release flow direction? ( )[Multiple choice]*

Options:

A.

allows traffic from Trust Zone to Trust Zone

B.

allows traffic from the Trust Zone to the Untrust Zone

C.

allows traffic from Local Zone to Local Zone

D.

allows traffic from the Trust Zone to the Local Zone (I)

Question 72

Digital envelope technology means that the sender uses the receiver's public key to encrypt the data and then sends the ciphertext to the receiver.

Options:

A.

True

B.

False

Question 73

The IDS is usually installed on the switch to detect intrusion, and at the same time, it can avoid the single point of failure affecting the normal operation of the network.

Options:

A.

True

B.

False

Exam Detail
Vendor: Huawei
Certification: Huawei Other Certification
Exam Code: H12-711_V3.0
Exam Name: HCIA-Security V3.0
Last Update: Jan 15, 2025
H12-711_V3.0 Question Answers
Page: 1 / 18
Total 492 questions
Get H12-711_V3.0 Full Access Download H12-711_V3.0 PDF