H12-721 Exam Questions
260 real H12-721 exam questions with expert-verified answers and explanations. Page 3 of 6.
- Question #101
When an attack occurs, the attacked host (1.1.128.4) was fooled. Host found many packets as shown. Based on an analysis what type of attack is this?
- Question #102
In the use of virtual firewall technology: The two VPN users can travel over the public network Root VFW, log on to their respective private network VPN and get direct access to th...
- Question #103
In static fingerprint filtering for different packets with different processing methods, which of the following statements is correct? (Choose two answers)
- Question #104
In site to Site IPsec VPN negotiation process, what should be the order of checks? 1. network connectivity problems 2. Establish conditions and configuration View IKE Phase 1 Safet...
- Question #105
Comparing URPF strict mode and loose mode, which of the following statement is incorrect?
- Question #106
When using the SSL VPN client, it initiates network expansion "Connect gateway mate lost", what are the causes of this failure? (Choose three answers)
- Question #107
An enterprise network cutover has just been done. The old network equipment is off the assembly line and the line is now on new network equipment. After operational testing we foun...
- Question #108
HRP technology can achieve an alternate configuration of the firewall that does not need any kind of information, all the configuration information are synchronized to the primary...
- Question #109
L2TP is used between the user and the enterprise server and it transparently transmits packets and sets up the PPP tunneling protocol, which includes which of the following charact...
- Question #110
A USG standby scenario is shown in Figure. The service interface works in three steps, down the line connecting the router through an administrator to view, USG_A status is H RP_M...
- Question #111
If the two sides wish to establish an IPsec VPN tunnel and using just one of the IP addresses, which of the following configuration methods can not be applied in the gateway?
- Question #112
As shown in Figure, firewall is in stateful failover networking environment, the firewall interfaces are in the business routing mode, and up and down are the router with OSPF conf...
- Question #113
Which of the following circumstances where main mode IKE negotiation can not be used? (Choose two answers)
- Question #114
About VRRP packets, which of the following statements is correct? (Choose two answers)
- Question #115
Under preemption and the default.VGMP management group is enabled, the preemption delay is 60s.
- Question #116
In Client-initial mode, it can be seen from the following debug information that L2TP dial husband is lost. What is most likely cause of failure of dial-up?
- Question #117
Under standby scene.USG hot standby, the service interface to work in three, down the line connecting the router through an administrator to view, USG_A state has been switched to...
- Question #118
What do we want to achieve with Virtual firewalls on a single physical firewall device where we create virtual multiple logical firewalls and multiple instances? (Choose three answ...
- Question #119
Which statement is incorrect about IPsec NAT traversal?
- Question #120
When configured behind a firewall stateful failover, in the Web configuration interface, select "System> High Reliability> hot standby", click "Check HRP configuration consistency"...
- Question #121
As shown below, for the L2TP over IPsec scenarios, the following configuration shows how to protect data on the IPsec flow. Which one is correct?
- Question #122
Corporate network administrator for a large data flow, when the USG is out of memory or CPU processing capacity limit is reached, in order to ensure that forwards packets do not ca...
- Question #123
Logging session log NAT / ASPF generated DPI traffic monitoring logs. Logs for this type provide a "binary" output mode. Using binary output can greatly reduce the impact on system...
- Question #124
In the IPsec NAT traversal application scenarios, the firewall must be configured to initiate party NAT traversal, and the other end can not configure firewall NAT traversal relate...
- Question #125
When making hot standby switch, USG Series Firewall service port will send gratuitous ARP scene there. Which deployment mode is used? (Choose two answers)
- Question #126
Scenario: In the virtual firewall technology which is more commonly used in business to provide a phase out of business. If the virtual firewall VFW1 leased to companies A, virtual...
- Question #127
When using optical Bypass Interface, Bypass link has two operating modes, automatic mode and forced mode.
- Question #128
Policy strategy limiting constraints include quintuple, time, user identity and application protocols.
- Question #129
An administrator using the following command to view the state of device components Slot3 board is status abnormal, what are the possible causes? (Choose three answers)
- Question #130
In Hot standby, the backup channel must be the primary interface to the interface board. Which type is not supported?
- Question #131
ACK Flood attacks exploit payload inspection defense. The principle is to clean equipment for ACK packet payload to check if the contents of the full load are consistent (as are al...
- Question #132
Which of the following packets are not sent during IP-link detection? (Choose two answers)
- Question #133
If using a policy template and configuring IPsec policy child policy, the firewall will first apply a policy template, and then it will apply the child policy.
- Question #134
Limiting policy function supports only the number of connections to the specified IP initiated or received to limit the number of connections.
- Question #135
In hot standby environment, there is an event of inconsistent data packets being sent back and forth. Which of the following conditions may cause packet loss? (Choose three answers...
- Question #136
Virtual firewall security services provide multiple instances of the following? (Choose three answers)
- Question #137
After the configuration on NRT Server (no-reverse parameter is not added), the firewall will automatically generate static Server-map entries, the first packet matching Server-map...
- Question #138
BFD static route topology is shown in Figure A. On the firewall, administrator needs to do the following configuration: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind...
- Question #139
BFD static route topology is shown in Figure A. On the firewall, administrator needs to do the following configuration: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind...
- Question #140
Which statement is correct regarding local users with VPN instance bindings?
- Question #141
In hot standby networking environment, two USG's NAT configuration is consistent. When the virtual IP address is in the address of the VRRP backup group, then NAT address pool in t...
- Question #142
No need to use deny rules because of the policy limiting strategy for deny rules without restrictions.
- Question #143
Tracert packet attack occurs when an attacker using TTL returned ________. ICMP timeout packets reach the destination address and return an ICMP time exceeded message back to the s...
- Question #144
Which of the following description about SMURF attacks is correct?
- Question #145
Which of the following protocol packets can not be sent by default in an IPsec tunnel?
- Question #146
Which of the statement is correct about the Eth-trunk function? (Choose three answers)
- Question #147
Which of the following statements is correct one for the dual hot standby in conjunction with IPSec functionality?
- Question #148
What type of packet sent in a VRRP HELLO message?
- Question #149
IPsec VPN using digital certificates for authentication has the following steps: 1. Certificate signature verification 2. Find the certificate serial number in the CRL 3. Both devi...
- Question #150
With regard to the Radius protocol, which of the following statements are correct (choose three answers)