New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Huawei H12-724 Dumps Questions Answers

Page: 1 / 14
Total 367 questions

HCIP-Security (Fast track) V1.0 Questions and Answers

Question 1

Which of the following options does not belong to the security risk of the application layer of the TCP/IP protocol stack?

Options:

A.

Virus

B.

Buffer overflow ρ

C.

System vulnerabilities

D.

Port scan

Buy Now
Question 2

What content can be filtered by the content filtering technology of Huawei USG6000 products?

Options:

A.

File content filtering

B.

Voice content filtering

C.

Apply content filtering..

D.

The source of the video content

Question 3

If the regular expression is "abc. de", which of the following will not match the regular expression?

Options:

A.

abcde

B.

abcdde

C.

abclde

D.

abc+de

Question 4

Windows in environment,Agile Controller-Campus After the installation is successful, how to manually start the management center(MC)? (Multiple choice)

Options:

A.

Double click on the desktop"Start Server"The shortcut starts.

B.

choose"Start>all programs> Huawei> MCServer> StartServer.

C.

choose"Start>all programs> Huawei> Agile Controller> Server Startup Config"To manually start the required components.

D.

choose"Start 3 all programs> Huawei> MCServer> Sever Startup Conig",Manually start the required components

Question 5

When the license of Huawei USG6000 product expires, the RBL function will be unavailable, and users can only use the local black and white list to filter junk mail.

155955cc-666171a2-20fac832-0c042c0435

Options:

A.

True

B.

False

Question 6

Which of the following statement on the scanner is wrong?

Options:

A.

When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.

B.

When the terminal NAC Agent uninstall, the scanner can send alarm information.

C.

the scanner by the SNMP protocol to obtain network equipment resources information.

D.

scanner and Policy Center controller linkage scan tasks.

Question 7

Agile Controller-Campus As RADIUS When the server performs authentication, how many ends need to be configured for authentication on the admission control device?

Options:

A.

1812

B.

1813

C.

8443

D.

8080

Question 8

What are the typical technologies of anti-virus engines (multiple choice)

Options:

A.

First package detection technology

B.

Heuristic detection technology

C.

Decryption technology

D.

File reputation detection technology 5

Question 9

In the WLAN wireless access scenario, which of the following network security technologies belong to user access security? (Multiple choice)

Options:

A.

AP Certification

B.

Link authentication

C.

User access authentication

D.

data encryption

Question 10

Regarding the way SACG devices connect to the network, which of the following descriptions are correct? (multiple choice)

Options:

A.

SACG The equipment requires Layer 3 intercommunication with the terminal.

B.

SACG It is usually connected to the core switch equipment and uses policy routing to divert traffic.

C.

SACG Support hanging on non-Huawei devices.

D.

SACG Equipment requirements and Agile Controller-Campus Interoperability on the second floor.

Question 11

Use hardware SACG Access control,,In hardware SACG View the results of the conversation table on the deduction.

Which of the following statements are correct? (Multiple choice)

Options:

A.

192.168.1.0 definitely is Agile Controller-Campus Manager IP address

B.

if 192.126.200.11 Is the server of the post-authentication domain, then IP Address is 192.18.0.1 If your terminal has not passed the authentication, it is possible to access the server.

C.

192.168.100.1 definitely is Agile Controller-Campus Controller IP address.

D.

If in 6 Within minutes of the conversation 192.168.0.19 154->/192.162.0.11: 15080 Not refreshed,IP Address is 192.168.0.119 If the device wants to IP Address is 192.168.200.11 For device communication, the session must be re-established.

Question 12

Part of the reason why the APT attack becomes difficult to defend is that it uses the vulnerabilities to attack. This kind of zero-day hole usually requires flowers

A lot of time to research and analyze and produce corresponding defense methods.

Options:

A.

True

B.

False

Question 13

Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?

1. The Netflow analysis device samples the current network flow;

2. Send a drainage command to the cleaning center;

3. Discover the DDoS attack stream;

4.Netior: analysis equipment sends alarms to ATIC management center

5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;

6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage

7. The cleaning log is sent to the management center to generate a report;

8. The cleaned traffic is sent to the original destination server.

Options:

A.

1-3-4-2-5-6-7-8

B.

1-3-2-4-6-5-7-8

C.

1-3-4-2-6-5-8-7

D.

1-3-24-6-5-8-7

Question 14

Regarding the file source set in the software management, which of the following descriptions is correct?

Options:

A.

When the file source is an internal data source, when distributing software, the business manager will only send the path of the data source of the software to be distributed to Any Office

B.

When the file source is an external data source, Any 0fce will obtain the software to be distributed.

C.

External data sources cannot distribute files from FTP-type file servers.

D.

The Microsoft Windows file sharing server uses the UNC (Universal Naming Conversion) path (beginning with "\\") to provide waiting. The path to distribute the software.

Question 15

In the Huawei USG6000 product, after creating or modifying the security configuration file, the configuration content will not take effect immediately: you need to click the "Prompt" in the upper right corner of the interface.

"Hand in" to activate.

Options:

A.

True

B.

False

Question 16

Regarding computer viruses, which of the following options is correct?

Options:

A.

Patching the system can completely solve the virus intrusion problem

B.

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

C.

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

D.

All computer viruses must be parasitic in files and cannot exist independently

Question 17

The results of the RBL black and white list query on the firewall are as follows:

Based on the above information only, which of the following statements is correct? (multiple choice)

Options:

A.

Mail with source address 10.17.1.0/24 will be blocked

B.

Mail with source address 10.18.1.0/24 will be blocked

C.

Mail with source address 10.17.1.0/24 will be released

D.

Mail with source address 10.18.1.0/24 will be released

Question 18

Which of the following descriptions are correct for proxy-based anti-virus gateways? (multiple choice)

Options:

A.

The detection rate is higher than the flow scanning method

B.

System overhead will be relatively small

C.

Cache all files through the gateway's own protocol stack

D.

More advanced operations such as decompression, shelling, etc. can be performed

Question 19

Huawei NIP6000 products provide carrier-class high-reliability mechanisms from multiple levels to ensure the stable operation of equipment.

Which of the following options belong to the network reliability? (multiple choice)

Options:

A.

Dual machine hot backup

B.

Power supply. 1+1 redundant backup

C.

Hardware Bypass

D.

Link-group

Question 20

If a company wants to detect image files, Shellcode code files and PDF files, which of the following types of sandboxes can be used? (More

155955cc-666171a2-20fac832-0c042c0420

select)

Options:

A.

PDF heuristic sandbox

ja$

B.

PE heuristic sandbox

C.

Web heuristic sandbox

D.

Heavyweight sandbox (virtual execution)

Question 21

If the user's FTP operation matches the FTP filtering policy, what actions can be performed? (multiple choice)

Options:

A.

Block

B.

Declare

C.

Alarm

D.

Execution

Question 22

Which of the following options is not a defense against HTTP Flood attacks?

Options:

A.

HTTP Flood source authentication

B.

HTTP source statistics

C.

URI source fingerprint learning function

D.

Baseline learning

Question 23

Intrusion detection is a network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following

What is the content of the intrusion detection knowledge base?

Options:

A.

Complete virus sample

B.

Complete Trojan Horse

C.

Specific behavior patterns

D.

Security Policy

Question 24

After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

Options:

A.

Only packets in one direction pass through the firewall

B.

The same message passes through the firewall multiple times

C.

IPS underreporting

D.

Excessive traffic causes the Bypass function to be enabled

Question 25

About in WLAN User isolation technology is used in the networking environment. Which of the following statements is wrong?

Options:

A.

User isolation between groups means that users in different groups cannot communicate, but internal users in the same group can communicate

B.

Isolation within a user group means that users within the same group cannot communicate with each other.

C.

The user isolation function is related to the same AP Layer 2 packets between all wireless users on the Internet cannot be forwarded to each other

D.

Intra-group isolation and inter-group isolation cannot be used at the same time

Question 26

In a centralized networking, the database, SM server, SC server, and AE server are all centrally installed in the corporate headquarters. This networking method is suitable. It is used for enterprises with a wide geographical distribution of users and a large number of users.

Options:

A.

True

B.

False

Question 27

Identity authentication determines whether to allow access by identifying the identity of the access device or user.

Options:

A.

True

B.

False

Question 28

In the Agile Controller-Campus solution, which device is usually used as the hardware SACG?

Options:

A.

router

B.

switch

C.

Firewall

D.

IPS

Question 29

Regarding MAC authentication and MAC bypass authentication, which of the following descriptions are correct? (multiple choice)

Options:

A.

The biggest difference between the two is MAC Bypass authentication belongs to 802 1X Certification, while MAC Certification does not belong to 802 1X Certification.

B.

If a network can connect to dumb terminals(printer,IP telephone), The text may be connected to a portable computer, please use MAC Bypass authentication:First try 802 1X Authentication, try again if authentication fails MAC Certification

C.

If a network will only connect to dumb terminals(printer,IP telephone),please use MAC Certification in order to shorten the certification time.

D.

MAC Authentication MAC One more bypass authentication 802 In the instrument certification process, the open time is longer than MAC The bypass authentication time is long.

Question 30

The following is the 802.1X access control switch configuration:

[S5720]dot1x authentication-method eap

[S5720-GigabitEthernet0/0/1] port link-type access

[S5720-GigabitEthemet0/0/1] port default vlan 11

[S5720-GigabitEthernet0/0/1] authentication dot1x

Assuming that GE0/0/1 is connected to user 1 and user 2 through the HUB, which of the following options is correct?

Options:

A.

After user 1 is authenticated, user 2 can access network resources without authentication

B.

User 1 and User 2 must be individually authenticated before they can access network resources

C.

GE0/0/1 does not need to enable dot1X

D.

Neither user 1 nor user 2 can pass the authentication and access network resources.

Question 31

Which of the following descriptions about the black and white lists in spam filtering is wrong? c

Options:

A.

Set local blacklist and whitelist: Both blacklist and whitelist can be configured at the same time, or only one of them can be configured.

B.

In the "Whitelist" text box, enter the P address and mask of the SMTP Server to be added to the whitelist. You can enter multiple IP addresses, one IP address

Address one line. v

C.

Enter the IP address and mask of the SMITP Server to be added to the blacklist in the "Blacklist" text box, you can enter multiple IP addresses, one IP

Address one line.

D.

The priority of the blacklist is higher than that of the whitelist.

Question 32

The analysis and processing capabilities of traditional firewalls at the application layer are weak, and they cannot correctly analyze malicious codes that are mixed in the flow of allowed application teaching: many Attacks or malicious behaviors often use the firewall's open application data flow to cause damage, causing application layer threats to penetrate the firewall

A True

B. False

Options:

Question 33

Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices

Options:

A.

Enhanced mode refers to the authentication method using verification code.

B.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

C.

The enhanced mode is superior to the basic mode in terms of user experience.

D.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Question 34

According to different reliability requirements, centralized networking can provide different reliability networking solutions. Regarding these solutions, which of the following descriptions are correct? (Multiple choice)

Options:

A.

Basic networking includes deploying one SM Server, one SC Server, one DB and a AE server.

B.

AE In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SC server.

C.

SC In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SM server.

D.

DB In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup DB..

Question 35

Visitors can access the network through their registered account. Which of the following is not an account approval method?

Options:

A.

Exemption from approval

B.

Administrator approval

C.

Receptionist approval

D.

Self-approved by visitors

Question 36

In Portal authentication, which of the following parameters must be configured on the switch? (Multiple choice)

Options:

A.

Portal server IP

B.

Portal page URL

C.

shared-key

D.

Portal Protocol version

Question 37

When a guest needs to access the network through an account, which of the following methods can be used to access? (Multiple choice)

Options:

A.

Create new account

B.

Use existing social media accounts

C.

No authentication, no account required

D.

Scan public QR code

Question 38

On WIDS functional WLAN Regarding the judgment of illegal devices in the network, which of the following statements are correct? (Multiple choice)

Options:

A.

all Ad-hoc The device will be directly judged as an illegal device

B.

Not this AC Access AP Is illegal AP

C.

Not this AC Access STA Is illegal STA

D.

Not this AC Access STA,Also need to check access AP Does it contain law

Question 39

Which of the following options is not a cyber security threat caused by weak personal security awareness?

Options:

A.

Disclosure of personal information

B.

Threats to the internal network

C.

Leaking corporate information

D.

Increasing the cost of enterprise network operation and maintenance

Question 40

There are two types of accounts on the Agile Controller-Campus: one is a local account and the other is an external account.

Which of the following is not a local account?

Options:

A.

Ordinary account

B.

Guest account

C.

Anonymous account

D.

Mobile certificate account

Question 41

When using the misuse check technology, if the normal user behavior is successfully matched with the intrusion feature knowledge base, it will be falsely reported.

Options:

A.

True

B.

False

Question 42

The administrator has configured file filtering to prohibit internal employees from uploading development files, but internal employees can still upload development files. Which of the following is not allowed Can the reason?

Options:

A.

The file filtering configuration file is not referenced in the security policy

B.

File filtering configuration file is incorrect

C.

License is not activated.

D.

The action configuration of the file extension does not match is incorrect

Question 43

When performing terminal access control, the authentication technology that can be used does not include which of the following options?

Options:

A.

8021X Certification

B.

SACG Certification p2-

C.

Bypass authentication

D.

Portal Certification

Question 44

Regarding the description of the ACL used in the linkage between SACG equipment and the TSM system, which of the following statements is correct!?

Options:

A.

default ACL The rule group number can be arbitrarily specified.

B.

default ACL The rule group number can only be 3999.

C.

due to SACG Need to use ACL3099-3999 To pick TSM The rules issued by the system, so in the configuration TSM Before linkage, you need to ensure these ACL Not referenced by other functions.

D.

The original group number is 3099-3999 of ACL Even if it is occupied, it can be successfully activated TSM Linkage.

Question 45

The main attack prevention technologies of Huawei USG6000 products include: source detection, fingerprint learning and associated defense.

Options:

A.

True

B.

False

Question 46

Which of the following options cannot be triggered MAC Certification?

Options:

A.

ARP Message

B.

DHCP Message P

C.

DHCPv6 Message

D.

ICMP Message

Question 47

URL filtering technology can perform URL access control on users according to different time objects and address objects to achieve precise management of users.

The purpose of the Internet behavior.

Options:

A.

True

B.

False

Question 48

View on the switch Agile Controller-Campus The policy issued by the server is as follows:

For this strategy, which of the following options are correct? (Multiple choice)

Options:

A.

Common_ user Users can access Internet www H.

B.

VIP Users can access Internet w H.

C.

VIP Can visit Mail Server H.

D.

Common user Users can access Mail_ Sever resource.

Question 49

Regarding the description of intrusion detection technology, which of the following statements is correct?

Options:

A.

It is impossible to detect violations of security policies.

B.

It can detect all kinds of authorized and unauthorized intrusions.

C.

Unable to find traces of the system being attacked.

D.

is an active and static security defense technology.

155955cc-666171a2-20fac832-0c042c0425

Question 50

The following is a hardware SACG increase firewall configuration, which statement below is true?

Options:

A.

Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

B.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.

C.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.

D.

Main IP is the Policy Center reaches the next-hop firewall device interface address

Question 51

An enterprise has a large number of mobile office employees, and a mobile office system needs to be deployed to manage the employees. The number of employees in this enterprise exceeds 2000 People, and the employees’ working areas are distributed all over the country. In order to facilitate management, which deployment method is adopted?

Options:

A.

Centralized deployment

B.

Distributed deployment

C.

Hierarchical deployment

D.

Both centralized deployment and distributed deployment are possible

Question 52

In the terminal security all-round defense system, use PPT-PDCA The model can effectively implement terminal security defense. Which of the following options does not belong to PPT Model?

Options:

A.

technology

B.

Process

C.

organization

D.

plan

Question 53

Which of the following options is not a challenge brought by mobile office?

Options:

A.

The mobile office platform is safe and reliable and goes online quickly.

B.

Users can access the network safely and quickly.

C.

Unified terminal management and fine control.

D.

Network gateway deployment

Question 54

In order to increase AP The security can be AC Going online AP Perform authentication. Currently Huawei AC What are the supported authentication methods? (Multiple choice)

Options:

A.

MAC Certification

B.

Password authentication

C.

Not certified:

D.

SN Certification

Question 55

There are three roles in the XMPP protocol: server, gateway, and client. Corresponding to the free mobility solution: Agile Controller-Campus as For the server, Huawei USG6000 series firewall acts as the gateway; the agile switch acts as the client.

Options:

A.

True

B.

False

Page: 1 / 14
Total 367 questions