H12-721 Exam Questions

With the Huawei abnormal flow cleaning solution, deployed at the scene of a bypass, dynamic routing drainage occurs without human intervention. When an abnormality is detected, the...

Which of the following statements is wrong regarding IPsec?

Malformed packet attack techniques would use some legitimate packet data for network reconnaissance or testing. These packets are legitimate for the application type; while normal...

Which of the following statements is correct about the blacklist? (Choose three answers)

In a stateful standby failover switchover what will the firewall do? (Choose two answers)

In L2TP over IPsec scenarios, The USG device will first use the original data packet that is encrypted using IPsec, and then encapsulates the data packets using L2TP.

The Huawei abnormal flow cleaning solution must be deployed in an independent testing center.

Regarding IKE DPD, which statement is incorrect?

Refer to the following hot standby and IP-link linkage networking environment shown below: Which configuration will enable hot standby configuration key linkage?

Virtual firewall technology does not include which of the following characteristics?

The two FWs are interconnected by IPSec. The display ike sa is executed in FW_A. The result is shown as following. Which of the following statements are correct? (Multiple Choices)

In the IDC room, a Huawei USG6000 series firewall can be divided into several virtual systems. Then, the root firewall administrator generates virtual system administrators to mana...

Shown below is an IPSec standby scenario, with main link A and backup link B. Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we want to ensure that...

An enterprise branch firewall is configured for NAT. As shown in the figure, USG_B is the NAT gateway. In order to exhablish an IPSec VPN to USG_B, you need to configure what on US...

In the Enterprise network shown below, Server A and Server B can not access Web services. Troubleshooting has found that there is firewall routing module and that there is a proble...

An SSL VPN user authenticates, has enabled network expansion on the PC, and has been assigned an IP addresses. However, the user can not access resources within the internal networ...

SSL VPN authentication is successful, and with the use of the file-sharing feature, you can view the directories and files, but you can not upload, delete, or rename files. What ar...

A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to PC2, and the USG processes fragmented packets, which modes can be used to do this? (Choose three answers)

In IP-link, how many successive packets must not be received for it to be considered a failure, by default?

With Blacklist, which part of the packets are examined to determine there is an attack?

Which statement about IP-link features are correct? (Choose three answers)

Refer to the following load balancing configuration: [USG] slb enable [USG] slb [USG-slb] rserver 1 rip 10.1.1.3 weight 32 [USG-slb] rserver 2 rip 14.1.1.4 weight 16 [USG-slb] rser...

About BFD detection mechanism, the following statement is correct? (Choose two answers)

An attacker sends a large number of SIP INVITE messages to the server, leading to a denial of service attack on the SIP server. This attack occurs on which layer of the seven layer...

Interface management information and service control information are transmitted on the same channel.

In DDos attack prevention technology, the firewall will not establish the session table for packets, if the session has been established for packets that were directly released.

About the description of the process of network expansion, which statement is wrong?

As shown in the figure is the firewall hot standby networking environment. In this networking environment, which of the following commands can ensure that the device automatically...

Which statement is correct regarding load checks and fingerprint learning with UDP Flood defenses.

When there is a lot BFD sessions in a system, in order to prevent periodic OFD control packets from affecting the normal operation of the system, you can use what mode of BFD?

Three FTP servers are configured with load balancing on a USG firewall. The address and weights of the three real servers are 10.1.1.3/24 (weight 16), 10.1.1.4/24 (weight 32), 10.1...

Which of the following attack is SYN Flood attack?

In a Link-group with three physical interfaces, when either one of the interfaces fail, which of the following descriptions of what happens is correct? (Choose two answers)

Load balancing to ensure that the same user traffic will access the IP address assigned to different servers uses what technology? (Choose three answers)

USG firewall supports which of the load balancing algorithms? (Choose three answers)

When using the Radius server to authenticate users, you need to configure the corresponding username and password on both the Radius server and the firewall.

The bandwidth management function only supports limiting the number of connections initiated by a specified IP.

Which of the following does an IPSec VPN use to encrypt the communication data stream?

In IKE V1 stage 1 pre-shared key with Main Mode exchange process, the SA is established after which messages?

A USG firewall can be divided into several virtual firewalls, and allows the root firewall administrator to manage the virtual firewall administrators allowed access to each virtua...

What is the correct order for packet encapsulation with L2TP?

USG5000A has an IPSEC connection to USG5000B and the "display ike sa" command was performed on USG5000A: Based on the output shown, which of the following is correct?

USG_A and USG_B are in a hot standby configuration as shown below. The current session table show 1,500+ sessions, and when a switchover occurs there is a period of traffic interru...

In the FTP networ diagram shown below, you want to use the external control port of 21000 on the FTP Server, but the FTP clients can not access the FTP Server. You have ruled packe...

With IP address scanning attack prevention, not only can it be used to prevent the ICMP packet destination address detection, it can also prevent the use of TCP / UDP scanning prob...

The USG limited flow policy configuration is as follows: [USG] car-class class1 type shared [USG-shared-car-class-class1] car 1000 [USG-shared-car-class-class1] quit [USG-traffic-p...

A network is as follows: LAN---------------G0/0/0 USG G0/0/1--------------Server. After administrators analyze a possible attack on the LAN networking G0/0/0 connection and want to...

As shown below, the address pool for domain abc is the L2TP VPN user's address pool. Based on the information, which of the following statements is wrong?

After the firewall creates a new security instance, the firewall does not have any security zones assigned to the new instance and the administrator needs to configure them.

In a Dual hot standby SSL VPN scenario as shown, the network administrator has enabled SSL extensions. Which of the following information about the configuration of SSL VPN functio...