A Review Of Downloadable H12-711 Pdf Exam

NEW QUESTION 1
Which of the following descriptions about IKE SA is wrong?

• A. IKE SA is two-way
• B. IKE is a UDP- based application layer protocol
• C. IKE SA servers for IPSec SA
• D. The encryption algorithm used by user data packets isdetermined by IKE SA.

Answer: D

NEW QUESTION 2
Which of the following is not the certificate save file format supported by the USG6000 series?

• A. PKCS#12
• B. DER
• C. PEM
• D. PKCS#

Answer: D

NEW QUESTION 3
In Huawei SDSec solution, which layer of equipment does the firewall belong to?

• A. Analysis layer
• B. Control layer
• C. Executive layer
• D. Monitoring layer

Answer: C

NEW QUESTION 4
Which of the following options is not the part of the quintet?

• A. Source IP
• B. Source MAC
• C. Destination IP
• D. Destination Port

Answer: B

NEW QUESTION 5
After the firewall uses the hrp standby config enable command to enable :he standby device configuration function allthe information that can be backed up can be directly configured on the standby device, and the configuration on the standby device can be synchronized to the active device.

• A. True
• B. False

Answer: A

NEW QUESTION 6
Both A and B communicate data. If an asymmetric encryption algorithm is used for encryption, when A sends data to B. which of the following keys will be used for data encryption?

• A. A public key
• B. A private key
• C. public key
• D. B private key

Answer: C

NEW QUESTION 7
Which of the following protocols can guarantee the confidentiality of data transmission? (Multiple Choice)

• A. Telnet
• B. SSH
• C. FTP
• D. HTTPS

Answer: BD

NEW QUESTION 8
When the USG series firewall hard disk is irplace, which of the following logs can be viewed? (Multiple Choice)

• A. Operation log
• B. Business log
• C. Alarm information
• D. Threat log

Answer: ABCD

NEW QUESTION 9
Which of the following are parts of the PKI architecture? (Multiple Choice)

• A. End entity
• B. Certification Authority
• C. Certificate Registration Authority
• D. Certificate Storage organization

Answer: ABCD

NEW QUESTION 10
Which of the following mechanisms are used in the MAC flooding attack? (Multiple choice)

• A. MAC learning mechanism of the switch
• B. forwarding mechanism of the switch
• C. ARP learningmechanism
• D. Number of MAC entries is limited

Answer: ABCD

NEW QUESTION 11
Which of the following is the correct descriptionof the investigation and evidence collection?

• A. Evidence is not necessarily required during the investigation
• B. Evidence obtained by eavesdropping is also valid
• C. In the process of all investigation and evidence collection, there are law enforcement agencies involved.
• D. Document evidence is required in computer crime

Answer: C

NEW QUESTION 12
Which of the following types of attacks does the DDoS attack belong to?

• A. Snooping scanning attack
• B. Malformed packet attack
• C. Special message attack
• D. Traffic attack

Answer: D

NEW QUESTION 13
Digital signature is to achieve the integrity of data transmission by using a hash algorithm to generate digital fingerprints.

• A. True
• B. False

Answer: A

NEW QUESTION 14
Which of the following attacks is not a malformed message attack?

• A. Teardrop attack
• B. Smurf attack
• C. TCP fragment attack
• D. ICMP unreachable packet attack

Answer: D

NEW QUESTION 15
The Protocol field in the IP header identifies the protocol used by the upper layer. Which of the following field values indicates that the upper layer protocol is UDP protocol?

• A. 6
• B. 17
• C. 11
• D. 18

Answer: B

NEW QUESTION 16
In the USG series firewall system view, the device configuration will be restored to the default configuration after the reset saved-configuration command is executed. No other operations are required

• A. True
• B. False

Answer: B

NEW QUESTION 17
Which of the following statement about :he NAT is wrong?

• A. NAT technology can effectively hide the hosts of the LA
• B. it is an effective network security protection technology
• C. Address Translation can follow the needs of users, providing FT
• D. WWW, Telnet and other services outside the LAN
• E. Some application layer protocols earn/ IP address information in the data, but also modify the P address information in the data of the upper layer when they are as NAT
• F. For some non-TC
• G. UDP protocols (such as ICM
• H. PPTP), unable to do the NAT translation

Answer: D

NEW QUESTION 18
When configuring NAT Server on the LSG series firewall, the server-map table will be generated. Which of the following does not belong in the table?

• A. Destination IP
• B. Destination port
• C. Agreement number
• D. Source IP

Answer: D

NEW QUESTION 19
Which of the following description about the group management for VGMP is wrong?

• A. Master/slave status change of VRRP backup group needs to notify its VGMP management group
• B. Theinterface type and number of two firewalls heartbeat port may be different, as long as they can communicate with each other
• C. Periodically sends Hello packets between VGMP of master/slave firewall
• D. master/slave devices exchange packets to understand each other through the heartbeat line, and backup the related commands and status information

Answer: B

NEW QUESTION 20
Regarding SSL VPNtechnology, which of the following options is wrong?

• A. SSL VPN technology can be perfectly applied to NAT traversal scenarios
• B. SSL VPN technology encryption only takes effect on the application layer
• C. SSL VPN requires a dial-up client
• D. SSL VPN technology extends the network scope of the enterprise

Answer: C

NEW QUESTION 21
For the description of ARP spoofing attacks, which the following statements is wrong?

• A. The ARP implementation mechanism only considers the normal interaction of the service and does not verify any abnormal business interactions or malicious behaviors.
• B. ARP spoofing attacks can only be implemented through ARP replies and cannot be implemented throughARP requests
• C. When a host sends a normal ARP request, the attacker will respond preemptively, causing the host to establish an incorrect IP and MAC mapping relationship.
• D. ARP static binding is a solution to ARP spoofing attack
• E. It is mainly applied to scenarios where the network size is small.

Answer: B

NEW QUESTION 22
Which of the following descriptions about the patch is wrong?

• A. Patch is a small program made by the original authorof the software for the discovered vulnerability.
• B. No patching does not affect the operation of the system, so it is irrelevant whether to patch or not.
• C. Patches are generally updated.
• D. Computer users should download and install new patches to protect their systems in a timely manner

Answer: B

NEW QUESTION 23
Which cf the following is correct about the description of SSL VPN?

• A. Can be used without a client
• B. may IPencrypt layer
• C. There is a NAT traversal problem
• D. No authentication required

Answer: A

NEW QUESTION 24
Which of the following attacks does not belong to special packet attack?

• A. ICMP redirect packet attack
• B. ICMP unreachable packet attack
• C. IP address scanning attack
• D. Large ICMP packet attack

Answer: C

NEW QUESTION 25
When the firewall hard disk is in place, which of the following is correct description for the firewall log?

• A. The administrator can advertise the content log to view the detection and defense records of network threats.
• B. The administrator can use the threat logto understand the user's security risk behavior and the reason for being alarmed or blocked.
• C. The administrator knows the user's behavior, the keywords explored, and the effectiveness of the audit policy configuration through the user activity log.
• D. The administrator can learn the security policy of the traffic hit through the policy hit lo
• E. And use it for fault location when the problem occurs.

Answer: D

NEW QUESTION 26
......