H12-711_V4.0 Exam Questions

The advantages of symmetric key encryption are high efficiency, simple algorithm, low system overhead, and suitable for encrypting large amounts of data.

After the dual-machine hot standby configuration is completed, you can execute the display hrp state command to view the dual-machine hot standby status, including local and peer d...

The communicating parties in different security zones will exchange messages, so the direction of a traffic should be determined based on the first message that initiates the traff...

Regardless of whether the heartbeat cable is directly connected, the active and backup firewalls need to configure the security policy between the domain where the heartbeat interf...

Triplet NAT allows external devices to actively access the internal PC through the translated address and port. The firewall allows such access packets to pass even if no correspon...

SSH realizes the connection between the SSH client and the server by establishing a secure tunnel in the network. SSH uses a symmetric key to encrypt data.

The intrusion prevention predefined signature has four default actions, namely release, alarm, blocking and adding to the blacklist.

When users in the external network access the internal server, use the two-way NAT function to simultaneously convert the source and destination addresses of the packets, which can...

HTTPS adds a TLS layer to HTTP to provide authentication, encryption and integrity verification for data transmission.

The sub-interface function can be enabled on the firewall interface G0/0/1 and can be divided into different VLANs, but the sub-interface cannot be added to the security zone.

TCP needs to complete the three-way handshake process when establishing a connection, and needs to wave four times when ending the session.

Server-map is used to store a mapping relationship. This mapping relationship can be a data connection relationship negotiated by control data, or it can be an address mapping rela...

In IPsec transmission mode, the AH and ESP headers are inserted before the original IP header, so that the internal IP address can be completely hidden, making security higher.

When the firewall enables ASPF and generates the Server-map table, if a data connection matches the Server-map entry, it can be forwarded normally by the firewall, and a session is...

L2TP VPN is suitable for scenarios where employees on business trips access through VPN dial- up. Employees can access the corporate intranet through remote dialing from any place...

DH algorithm is an asymmetric encryption and decryption algorithm and is generally used by both parties to negotiate a symmetric encryption key.

Although different interfaces of the switch send and receive data independently, they cannot effectively isolate the conflict domains in the network.

Deploying HiSec Insight in the enterprise network can effectively discover potential threats and advanced threats in the network, and achieve network-wide security situation awaren...

SSL VPN is a VPN technology that realizes remote secure access. Encryption only takes effect on the application layer, and users do not need to use a VPN client, so it has wide app...

GRE, as a Layer 2 VPN encapsulation technology, can solve the transmission problem of heterogeneous networks.

If there are multiple levels of CAs in the PKI system, a CA hierarchy will be formed. The top-level CA is the root CA, which has a CA "self-signed" certificate.

When forwarding unicast data, the Layer 2 switch needs to decapsulate the Layer 3 header of the message before forwarding it.

The hash algorithm is collision-resistant, that is, if you input different data, the output Hash value cannot be the same.

FTP protocol is used to realize file transfer between local and remote hosts. It is mainly used for version upgrade, log download, file transfer and configuration storage. It adopt...

The function of the security policy in the firewall is to inspect the data flow passing through the firewall. Only legal data flow that conforms to the security policy can pass the...

By default, Huawei firewall does not enable Telnet login function.

By default, the firewall does not authenticate the data flows passing through it. You need to configure the authentication policy to filter out the data flows that need to be authe...

In a networking environment where the round-trip paths of packets are inconsistent, the firewall may only receive subsequent packets during the communication process, but not the f...

If G0/0/1 is added to the Trust security zone, the network connected to the G0/0/1 interface is considered to belong to the security zone, and the G0/0/1 interface itself belongs t...

There is no priority between custom signatures and predefined signatures. When traffic hits both custom signatures and predefined signatures, the final action will be based on the...

Intrusion prevention is a security mechanism that analyzes network traffic, detects intrusions (including buffer overflow attacks, Trojans, worms, etc.), and terminates intrusions...

If a user/IP address is considered untrustworthy, the user/IP address can be added to the blacklist, and the device will discard all packets from or sent to these users/IP addresse...

In the firewall forwarding process, the matching order of the Server-map entries generated by the ASPF/NAT ALG function precedes the security policy. After the data packet matches...

Intrusion prevention signatures are used to describe the characteristics of attack behavior in the network. Firewalls detect and prevent attacks by comparing data flows with intrus...

Even if the DHCP message matches the firewall authentication policy, authentication will not be triggered.

VPN is a virtual private network, which is used to build a private virtual network on a public network and transmit private network traffic in this virtual network.

In a PKI system, the CA certificate cannot be a self-signed certificate.

The keys used by the IPsec encryption and authentication algorithms can be configured manually or dynamically negotiated through the Internet Key Exchange IKE protocol.

When IPsec VPN technology uses the ESP security protocol and transmission mode to encapsulate data packets, ESP will encrypt the IP packet header.

The firewall security group supports up to three levels of nesting, namely parent security group, security group, and child security group.

If the firewall performs packet-by-packet inspection on all packets, it will cause a large consumption of device resources and a sharp decline in performance. Therefore, the firewa...

Asymmetric encryption algorithms can only use the public key to encrypt data and the private key to decrypt data, and the process is irreversible.

The data flow between security domains is directional, including inbound and outbound.

The purpose of information security is to protect the hardware, software and data in the system from accidental or malicious reasons, and to ensure the continuous, reliable and nor...

Mutual access between users in the same firewall area does not require permission from the security policy.

In dual-machine hot backup, the heartbeat interfaces of the two firewalls must be directly connected, not through an intermediate device.

The Server-map entries generated by the firewall when forwarding multi-channel protocols will age according to the aging time of various protocols if there is no traffic hit.

Network security situational awareness is the ability to dynamically and holistically gain insight into security risks based on the environment. It uses technologies such as data f...

The DMZ area in the firewall usually places some server equipment that provides public access.

SH3 is a commercial algorithm compiled by the State Cryptozoology Administration. It is used for digital signature and verification, message authentication code generation and veri...