H12-721 Exam Questions
260 real H12-721 exam questions with expert-verified answers and explanations. Page 1 of 6.
- Question #1
In an enterprise network, USG A and USG B have established an IPsec VPN. The administrator needs to simulate traffic from server A to server B to test the connection. What ping com...
- Question #2
An enterprise network deployed USG series firewalls, and they need to achieve per-user Telnet / SSH login to the USG and only the commands authorized by the server should be allowe...
- Question #3
Which of the following is a correct description of IKE? (Choose three answers)
- Question #4
Malformed packet attack techniques would use some legitimate data packets; these packets are of a legitimate application type.
- Question #5
When the firewall is working in a hot standby load balancing networking environment, if the behavior of a router and firewall is down while working in routing mode, you need to con...
- Question #6
The USG supported HRP backup options are which of the following? (Choose three answers)
- Question #7
With the USG firewall, which two commands can be used to view equipment components (control board, fans, power supplies, etc.) run state and memory / CPU usage? (Choose two answers...
- Question #8
You are able to ping the IP address of the IPSec tunnel peer and trigger a successful IPSec tunnel by doing this, but the IPSec tunnel can not be established from within an interna...
- Question #9
HTTP Flood attacks refer indirectly to the target server to initiate a large number of HTTP packets to burden the server so that it can not respond to normal requests. Through the...
- Question #10
Which of the following regarding HTTP Flood defense is not correct?
- Question #11
Establishing an IPsec tunnel is unsuccessful. The following is the debug output: %% 01IKE/4/WARNING (I): phase2: proposal mismatch, please check ipsec proposal configuration. 0.344...
- Question #12
An IPsec VPN connection established by two USG firewalls in NAT traversal mode fail to see any information from the "display ike sa" command. Neither session information nor UDP po...
- Question #13
Which of the following is the role of Message5 and Message6 with the main mode IKE negotiation process?
- Question #14
In the firewall DDos attack prevention technology, the Anti-DDoS prevents attacks based on what?
- Question #15
In the IKE V1 pre-shared key mode capture shown, what data is shown in the main role?
- Question #16
DDos attacks work through the network to the target (usually a server, such as DNS server, WEB server) and sends a small amount of abnormal packets of non-traffic, so that the atta...
- Question #17
In the TCP / IP protocol, TCP protocol provides reliable connectivity service using three-way handshake to achieve. The first handshake: establish a connection, the client sends a...
- Question #18
The IKE first stage main mode negotiation process includes the following information? (Choose three answers)
- Question #19
In-Band management and port management control information and business information is transmitted on the same channel.
- Question #20
ESP verifies only the IP payload in NAT traversal, but the ESP port information will be encrypted causing the layer 4 information to be unusable with PAT. Using the IPsec NAT trans...
- Question #21
A Site to Site IPsec VPN tunnel negotiation has been lost. How can you view the IKE Phase 2 security associations, established connections, and configurations? (Choose two answers)
- Question #22
Which command can be used to set the virtual IP address of VRRP group 1 when you configure USG hot backup?
- Question #23
Which of the following statements about VRRP and VGMP packets are correct? (Choose 2 answers)
- Question #24
The key steps to configure virtual firewalls include the following: 1. Configure the IP address of the interface 2. Create a VPN instance and the VPN instance of the specified rout...
- Question #25
Which of the following statements are true about Link-group? (Choose two answers)
- Question #26
In USG2200 series of products, GigabitEthernet 0/0/0 is the band management interface by default.
- Question #27
When using manual IPsec negotiation, if there is a NAT device on the network then we need to use NAT traversal.
- Question #28
In USG equipment, which statement is correct on current-configuration files and saved- configuration profile? (Choose two answers)
- Question #29
ACK Flood attacks use botnets to send a large number of ACK packets and impacts the network bandwidth, resulting in network link congestion. If a large number of attack packets are...
- Question #30
Which statement is correct regarding the IP address scanning attack prevention principle? (Choose three answers)
- Question #31
On the IP-MAC address binding, when both IP and MAC packets that match, it will go to the next processing firewall whereas the packet is discarded if IP and MAC does not match.
- Question #32
Certain users want to limit the maximum bandwidth for network 192.168.1.0/24 500M, and limit the need for all IP addresses network segment to get 1M bandwidth. How should you confi...
- Question #33
Which of the following are malformed packet attacks? (Choose two answers)
- Question #34
After BFD session is established, control packets are sent periodically to each other. If a system does not receive the packet sent by peer within the detection time, it is assumed...
- Question #35
Dual hot standby, when the client does not receive packets sent by slave, after how many HRP HELLO packets, HRP would think that peer has failed or is dead.
- Question #36
Which of the statement is correct after going through the output of the command "display ike sa" which is shown below?
- Question #37
The picture below shows that the IKE V1 first stage pre-shared key mode. Which of the following statement is correct?
- Question #38
Figure 1 is the first to be attacked host. A packet capture screenshots is shown in line no 132, Figure 2 is a screenshot of attacked first host with line no. 133 packet capture. A...
- Question #39
For a virtual service technology, which of the following statements is correct?
- Question #40
In a Firewall device through the source legality verification technology that defends SYN Flood attacks, the device receives a SYN packet, sending SYN-ASK probe packet and SYN pack...
- Question #41
In Defense gate FIN / RST Flood attack method, conversation is checked. The workflow is that when the door FIN / RST packet rate exceeds the threshold; it discards packets, and the...
- Question #42
Connection status data to be backed up by HRP functions include two of the following. (Choose two answers)
- Question #43
A user using L2TP over IPsec vpn client appropriated by the company's LNS gets dialing failure. But in the LNS through debug ike all, and debug L2TP all did not show any informatio...
- Question #44
About L2TP over IPsec VPN, which of the following statements is correct? (Choose two answers)
- Question #45
Which of the following attack types includes CC attacks??
- Question #46
Enabling DHCP Snooping feature avoids Bogus DHCP Server attacks. Which of the following statements is correct?
- Question #47
Which of the following techniques can enhance the security of the mobile users to access the corporate network VPN solutions?
- Question #48
In the dual hot standby network diagram shown below, figure PC1 gateway address should be the IP address of the main contact with the device, namely 10.100.10.2/24.
- Question #49
SSL VPN authentication is successful, but it can not access the Web-link resources. Which statement is correct? (Choose three answers)
- Question #50
At headquarters - when configuring branching structure IPsec VPN network (pre-shared key + wells NAT traversal case), IKE Peer needs to be referenced to the ipsec policy templates....