H12-721 Exam Questions

Virtual firewall technology can be implemented using IP address overlap.

As shown in Figure, firewall is in stateful failover networking environment. Which of the following command enables the device to automatically adjust VGMP management priority, and...

As shown below for the L2TP over IPsec scenarios, the client uses pre-shared-key manner IPsec authentication. Which of the statements are correct to implement IPSec Security policy...

USG remote capture device configuration functions in a way that the device can grab packets downloaded to the device. Users can download to a local service via FTP and use Firewall...

As shown below, the trust area has two PC machines, PC1 10.1.1.1, PC2 10.1.155.1 and the Untrust zone has one server 10.2.2.2. PC1 can not access 10.2.2.2, 10.2.2.2 and PC2 activel...

Which of the following state indicates that the BFD session has been successfully established?

With regard to virtual gateway type and shared exclusive type, which of the following statement is correct? (Choose three answers)

A static BFD session is configured between USG A and USG B. Which of the following statements about BFD session creation and removal are correct? (Select 2 Answers)

An administrator to view the status information and IPsec Debug information is shown below. After going through the output, what is the most likely reason for failure?

On the USG in hda1 ;/ we need to delete directories on sslconfig.cfg. Which of the following commands is needed to complete this operation?

URPF main function is to prevent network attacks based on the destination address spoofing.

The mechanism of source authentication defense against HTTPS flood attacks is that the anti- DDoS device, instead of the SSL server, initiates the TCP three-way handshake with the...

The server health monitoring mechanisms detects the backend server on a company's true USG firewall (three servers to Server A, Server B, and Server C) is running. When the USG rep...

With regard to the firewall configuration interface binding VPN instance, which configuration is correct?

When using Radius server to authenticate users, (topology diagram shown below) we not only need to ensure that the user name and password for the account exists on the Radius serve...

The VGMP HELLO packets default time is 1 second, that is, when the end of the three HELLO Slave cycle range, if packets do not received HELLO packets sent to the client, it will co...

In an IPsec VPN, which statement is incorrect about aggressive mode versus main mode?

In standby IPsec link backup scenarios like the one shown below, you can use the link IPsec tunneling technology.

The USG series product dual-system hot backup does not involve the ______ protocol.

Which statement is correct regarding the Eth-trunk function? (Choose three answers)

After the device is configured with Link-group, use the display link-group 1 command to get the following information: What information do you get from the above output? (Choose tw...

If a data stream has been established in the firewall session and you modify the data corresponding packet filtering policy, how will the firewall perform?

USG device can be factory reset by holding down the Reset button for 1-3 seconds to recover the console password.

Limiting policies can limit which of the following objects? (Choose two answers)

To establish IPsec VPN Security, ACL rules should mirror each other. This is the general requirement at both ends in Huawei firewall environment.

Network attacks include flood attacks, scanning and sniffing attacks, malformed-packet attacks, and special-packet attacks.

USG GE0/0/0 firewall interface IP address is 192.168.0.1/24 and the firewall act as a FTP server. PC host IP address is 192.168.0.2/24, firewall GE0/0/0 interfaces to the host PC i...

USG hot standby must meet certain conditions before use. Which of the following statements are correct? (Choose two answers)

The below information indicates that the real server is forced to USG unhealthy state and the real server 4.4.4.4 is currently in unhealthy state.

The network administrator of a company uses firewalls in hot standby mode in order to forward larger traffic. Network diagram shows that when the configuration is complete, Out of...

What are the three elements of abnormal flow cleaning solution? (Choose three answers)

In IPsec standby backup scenarios shown below, the gateway B is using IPsec tunneling technology and gateway A build IPsec VPN.

An attack will fake a source server to send a large number of SYN-ACK packet to the target network or server. If the packet destination port is a TCP service port to be attacked, i...

Load balancing has the following configuration: [USG] sIb enable [USG] sIb [USG-slb] rserver 1 rip 10.1.1.3 weight 32 [USG-slb] rserver 2 rip 10.1.1.4 weight 16 [USG-slb] rserver 3...

In the hot standby scenarios, which statement is correct about the standby equipments? (Choose three answers)

Huawei abnormal flow cleaning solution is characterized by relatively straight bypass deployment. Which of the statement is correct?

Which of the following are flow-type attacks? (Choose two answers)

When using digital certificates for authentication in IPsec VPN, it should adopt IKE main mode negotiation and validation of certificate is completed in the 5th 6th packet of the p...

USG two ways to build a firewall to Site IPsec VPN through the Site, when viewing a USGA state as follows: display ipsec statistics the security packet statistics: input / output s...

In defense FIN / RST Flood attack method, conversation is checked. The workflow is when the FIN / RST packet rate exceeds the threshold, discarded packets, and then start the conve...

In the dual-system hot backup networking environment as shown in the standby firewall also need to configure NAT function, assuming that the external address of the VRRP backup gro...

The anti-DDoS device can implement traffic blocking or limiting to defend against attacks if the service learning function discovers that certain services do not run on the network...

An enterprise network flow is shown below. Server A can not access the server B, administrators troubleshoot and found that server A can access the firewall A, but can not access t...

As shown in Figure Eth-Trunk functionality with binding, if the need is to implement each interface-by-packet load balancing feature, you need to run which of the following configu...

Hot Standby networking environment is shown in Figure 1 and 2 backup group joined VGMP management group, USG_A main equipment, USG_B as a backup device. When USG_A is in failed sta...

In the standby link IPsec backup application scenarios, which of the following ways is used by the standby link switch?

Administrators can create a vfw1 and vfw2 with multiple instances to provide security services for firms A and B on the root firewall. It can be configured between vfw1 regional se...

Static fingerprint filtering function is configured through static fingerprints. Fingerprints on the packets hit the appropriate treatment, and thus attack traffic defense. General...

According to the victim host capture shown in Figure, What type of attack is this?

IPSec NAT traversal is not supported in IKE main mode and aggressive mode of IP addresses + pre-shared key authentication mode, because the pre-shared key authentication requires t...