H12-711_V4.0 Exam Questions

The user group name of the firewall is not allowed to have the same name, and the full path of the organizational structure must be unique.

DDoS attack means that the attacker controls a large number of zombie hosts and sends a large number of attack messages to the attack target, causing link congestion on the network...

If the firewall works in active/standby backup mode, you need to configure the status of all VRRP backup groups on one firewall to active, and configure the status of all VRRP back...

The firewall supports the creation of custom security zones and allows network administrators to implement various special packet detection and security functions based on the secu...

TCP session hijacking is an attack method in which attackers snoop on user messages and forge TCP messages with legal sequence numbers.

Telnet is a remote login service protocol that uses port 23 of the UDP protocol.

Information security violations by corporate employees may cause security threats to corporate networks

The data link layer is located between the network layer and the physical layer and can provide services to IP, IPv6 and other protocols of the network layer. PDUs at the data link...

Use the reset firewal1 session table command to clear all session table information. The end user needs to reinitiate the connection to restart communication.

In a dual-machine hot standby network, if the firewall does not receive the heartbeat message from the peer for five consecutive heartbeat cycles, it will determine that the peer d...

VRRP backup group has three states: Initialize, Master and Backup.

The DMZ security area solves the problem of server placement very well. This security area can place equipment that needs to provide external network services, such as WWW servers,...

Predefined signatures are signatures included in the intrusion prevention signature database. The contents of predefined signatures (except actions) are not fixed and can be create...

When the firewall is used as a bypass detection device, the detection interface needs to be set to a Layer 3 interface. Configuring the bypass detection function on the detection i...

A PKI system consists of four parts: terminal entity, certificate certification authority, certificate registration authority and certificate/CRL repository.

In IPsec, ESP is an encapsulating security payload protocol and only provides data encryption functions.

Huawei equipment saves certificates in PKCS#12 format, which must contain private key information.

A self-signed certificate, also known as a root certificate, is a certificate issued to itself, that is, the issuer and subject names in the certificate are the same.

Against the threat of eavesdropping, digital envelopes can be used to ensure the confidentiality of information.

A router is a network layer device, and its main function is to forward messages between different networks.

UDP is a connection-oriented, reliable transport layer communication protocol.

Only when data flow occurs between different security zones, the security check of the firewall will be triggered and the corresponding security policy will be implemented.

Firewall intrusion prevention signatures are divided into two categories, predefined signatures and custom signatures.

Triplet NAT is an address translation method that simultaneously translates addresses and ports, allowing multiple private network addresses to share one or more public network add...

For ICMP messages, the firewall only supports status detection for Ping echo request messages and Ping echo response messages. Other types of ICMP messages do not perform status de...

SSL is a security protocol that provides secure connections for TCP-based application layer protocols.

In the PKI certificate revocation process, the user needs to send a signed and encrypted email to R& to apply for certificate revocation.

In IPsec VPN, if IKE v1 main mode is used to establish IKE SA, the identity of the peer is verified in messages 5 and 6.

Compared with symmetric encryption algorithms, asymmetric encryption algorithms have a higher security factor.

Digital signature refers to the data obtained by encrypting the digital fingerprint with the sender's own public key.

Multiple security zones can be configured on Huawei firewalls. By default, high-priority security zones can access low-priority security zones.

Level protection objects refer to objects in network security level protection work. They usually refer to systems composed of computers or other information terminals and related...

The fifth-level security protection capability is a dedicated protection level and is generally applicable to extremely important systems in important national fields and departmen...

The firewall considers that data flow within the same security zone does not pose security risks and does not require the implementation of any security policy.

Users can change any configuration of the Local area itself, including adding interfaces to the Local area.

When the administrator configures the user's authentication mode to server authentication and the authorization method to local authorization, the user can go online normally even...

After the firewall enables dual-machine hot backup, when the VGMP group priority of the local firewall is greater than the VGMP group priority of the peer firewall, the VGMP group...

The security factor of digital signatures is very high. Even if an attacker obtains the sender's public key, he cannot spy on the private data.

When the Layer 2 switch receives a unicast frame and the MAC address table entry of the switch is empty, the switch discards the unicast frame.

WAF can accurately control and manage users' online behavior and user traffic.

The scenario for internal enterprise users to access the Internet is as shown in the figure. The user online process includes: The following correct sequence of processes should: 1...

Please sequence the following steps according to the hierarchical protection process.

Please sequence the following digital envelope encryption and decryption processes correctly.

Drag the stages of network security emergency response on the left into the box on the right, and arrange them from top to bottom in order of execution.

Please sequence the following steps regarding the PKI life cycle correctly.

Drag the steps of electronic evidence collection on the left into the box on the right to summarize them, and sort them from top to bottom according to the order of execution.

Please sort the following project implementation steps starting from project launch.

Drag the warning levels of network security emergency response on the left into the box on the right, and arrange them from top to bottom in order of severity from high to low.

Please sort according to the table processing priority of iptables from large to small.

When configuring user single sign-on, if you use the mode of querying the AD server security log, please sort the following authentication processes.