Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Huawei H12-725_V4.0 Dumps Questions Answers

HCIP-Security V4.0 Exam Questions and Answers

Question 1

The Nginx application is deployed on a Linux host. By checking Nginx logs, O&M engineers can obtain the complete URL information submitted by users and determine whether the Linux host is under SQL injection attacks.

Options:

A.

TRUE

B.

FALSE

Buy Now
Question 2

Match the HTTP control items with the corresponding descriptions.

Options:

Question 3

Which of the following statements is false about hot standby networking?(Select All that Apply)

Options:

A.

In load-sharing mode, both firewalls are active. Therefore, if both firewalls synchronize commands to each other, commands may be overwritten or conflict with each other.

B.

In load-sharing mode, both devices process traffic. Therefore, this mode supports more peak traffic than the active/standby or mirroring mode.

C.

In active/standby mode, configuration commands and status information are backed up from the active device to the standby device.

D.

In load-sharing mode, configuration commands can be backed up only from the configuration standby device to the configuration active device.

Question 4

Which of the following statements is true about the outgoing traffic in the firewall virtual system?

Options:

A.

Traffic from the private network interface to the public network interface is limited by the outbound bandwidth.

B.

Traffic from the public network interface to the private network interface is limited by the outbound bandwidth.

C.

Traffic from the private network interface to the public network interface is limited by the inbound bandwidth.

D.

Traffic from the public network interface to the private network interface is limited by the inbound bandwidth.

Question 5

: 52 DRAG DROP

Arrange the steps of the bandwidth management process on firewalls in the correct sequence.

Options:

Question 6

Authentication rules configured on iMaster NCE-Campus support multiple matching conditions, such as matching account information, SSID information, and terminal IP address ranges, so that different authentication rules can be executed for different users.

Options:

A.

TRUE

B.

FALSE

Question 7

IPsec VPN does not support encapsulation of non-IP unicast packets.

Options:

A.

TRUE

B.

FALSE

Question 8

Which of the following actions can be performed when the firewall identifies file anomalies?(Select All that Apply)

Options:

A.

Alarm

B.

Allow

C.

Block

D.

Delete attachment

Question 9

When gateways are connected using GRE over IPsec, the IPsec encapsulation mode must be tunnel mode.

Options:

A.

TRUE

B.

FALSE

Question 10

Which of the following operations can be performed to harden the Windows operating system?(Select All that Apply)

Options:

A.

Periodically check account permissions.

B.

Cancel default sharing.

C.

Restrict the number of users.

D.

Change the default TTL value.

Question 11

Which of the following conditions can be matched by PBR?(Select All that Apply)

Options:

A.

Source IP address

B.

Source security zone

C.

Source MAC address

D.

Application

Question 12

In quota control policies, which of the following can be set for users?(Select All that Apply)

Options:

A.

Limiting the daily online duration

B.

Limiting the total monthly online traffic

C.

Limiting the total daily online traffic

D.

Limiting the total online duration per month

Question 13

Before configuring DDoS attack defense, you must configure different thresholds for defense against different types of attacks. Each threshold can be considered an upper limit for normal network traffic. When the rate of traffic exceeds the pre-configured threshold, the firewall considers it to be attack traffic and takes a corresponding action to defend against it.

Options:

A.

TRUE

B.

FALSE

Question 14

During deployment of Portal authentication, an authentication-free rule profile needs to be configured to ensure Portal pages can be opened on authentication terminals. To achieve this purpose, the following traffic needs to be permitted in the authentication-free rule profile: DNS resolution traffic of user terminals, traffic from user terminals for accessing Portal pages, and traffic from user terminals to the RADIUS server.

Options:

A.

TRUE

B.

FALSE

Question 15

Which of the following statements is false about HTTP behavior?

Options:

A.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the block threshold, the system blocks the uploaded or downloaded file or POST operation.

B.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the alarm threshold, the system generates a log to notify the device administrator and block the behavior.

C.

You can set an alarm threshold and a block threshold to limit the size of the upload file if file upload is allowed.

D.

The POST method of HTTP is commonly used to send information to the server through web pages. For example, use this method when you post threads, submit forms, and use your username and password to log in to a specific system.

Question 16

When an IPsec VPN is established in aggressive mode, AH+ESP can be used to encapsulate packets in NAT traversal scenarios.

Options:

A.

TRUE

B.

FALSE

Question 17

Which of the following statements is false about Eth-Trunk?(Select All that Apply)

Options:

A.

The total bandwidth of an Eth-Trunk interface is the sum of the bandwidths of all its member interfaces. This increases the interface bandwidth.

B.

The physical interfaces that are bundled into an Eth-Trunk interface are its member interfaces.

C.

If a member interface of the Eth-Trunk interface is Down, traffic can still be transmitted through other member interfaces.

D.

The manual mode can detect not only link disconnections but also link faults and incorrect connections.

Question 18

Predefined URL categories on Huawei firewalls reside in the URL category database delivered with the device and do not need to be manually loaded.

Options:

A.

TRUE

B.

FALSE