H12-725_V4.0 Exam Questions

Virtual systems realize mutual access through virtual interfaces, and the link layer and protocol layer of the virtual interface are always Up.

The firewall virtual system can not only isolate routing, but also achieve business isolation.

In the face of applications such as P2P downloading and online video, the traditional method of limiting bandwidth is no longer able to cope with evasion solutions such as long-ter...

In the same group of parent-child policies, the current limiting method can only be "set uplink and downlink bandwidth separately" or "set uplink and downlink total bandwidth" at t...

Deploying multiple links at the enterprise exit can improve the reliability of the user network.

Policy routing can be associated with IP-Link or BFD to determine the availability of policy routing based on the status check results of IP-Link or BFD.

IPSec VPN uses symmetric keys to encrypt business data.

In a point-to-multipoint scenario, and the headquarters address is fixed and the branch address is not fixed, it is recommended to use IPSec policy template method to establish VPN...

SSL VPN works between the transport layer and the network layer and does not change the IP header and TCP header.

When configuring policy routing traffic diversion, you need to configure it on both the traffic diversion device and the cleaning device.

File filtering not only identifies the type of files received, it can even filter based on the direction in which the files were transferred.

The application behavior control function of Huawei firewall can accurately control users' HTTP behavior, FTP behavior and IM behavior.

A Linux host has deployed an Nginx application. By viewing Nginx related logs, the operation and maintenance engineer can obtain the complete URL information submitted by the user,...

Enterprises deploy access control technology to control the behavior of employees, but cannot control the behavior of visitors.

When configuring a third-party access device on iMaster NCE-Campus, the authentication and accounting key, authorization key, terminal IP address list, etc. need to be configured i...

As shown in the figure, the firewall dual-machine hot backup load is deployed uniformly. For the Trust: area, two VRPP backup groups need to be deployed. One group has firewall A a...

For multi-level policies, the firewall first matches the parent policy, and then matches the sub- policy until it matches the sub-policy that can be matched at the last level.

When GRE over IPSec is used to connect between gateways, the IPSec encapsulation mode can only be tunnel mode.

As shown in the figure, if firewall A actively initiates IKE negotiation, you only need to configure the security policy on firewall A, and no configuration is required on firewall...

The predefined URL categories in Huawei firewall are preset categories that come with the factory and do not require users to manually load them.

IPS devices can intercept viruses, Trojans or malicious codes that exploit unknown vulnerabilities to spread and attack, and protect key office data such as privacy, identity, and...

When responding to network attacks, it is only necessary to deploy security devices (such as firewalls, IPS, etc.) at the Internet exit. There is no need to deploy security devices...

If 802.1x authentication is used, the user needs to install the client or use the system's own client to initiate 802.1x authentication.

In IPSec VPN transmission mode, neither AH nor ESP supports NAT traversal.

When configuring authorization rules on iMaster NCE-Campus, multiple authentication methods are supported, including: user access authentication, HAC authentication, and device man...

The 802.1X protocol is a port-based network access control protocol. Its authentication messages and data messages can be separated through logical interfaces to improve security.

SYN scanning technology generally does not leave scanning traces on the target host, and does not require root privileges of the target host.

The SYN Flood attack mainly achieves the purpose of denial of service by initiating large-traffic access and consuming network bandwidth.

Anti-DDoS detection center supports traffic detection technology based on Netflow.

In a dual-machine hot standby network, in order to ensure the consistency of link switching, Huawei firewall implements device status management based on VGMP groups.

In the access authentication scheme, authorization information is divided into two categories: authorization information issued by the server and authorization information under th...

iMaster NCE-Campus has a built-in LDAP module, which can be used as an LDAP server and supports connection with access devices through the LDAP protocol.

The virtual system administrator of the firewall can only enter the configuration interface of the virtual system to which it belongs, and the services that can be configured and v...

The signature filter of IPS is a set of conditions for a series of signatures. Any signature that meets one of the filter conditions can match the signature filter.

Even if the firewall is configured with content filtering, if it is not referenced correctly in the security policy, content that should be blocked can still be transmitted normall...

The remote query server provides larger URL classification information. If the URL classification cannot be queried in the predefined URL classification cache, you can continue the...

Turn on the email filtering function to detect viruses carried in emails.

DDoS attack is a distributed DoS attack.

When deploying an Anti-DDoS defense system in a straight line, reliability needs to be considered to prevent single points of failure.

UDP Flood attack initiates large traffic access and occupies protocol stack resources, thereby achieving the purpose of the server refusing to provide services to normal users.

When configuring DDoS attack defense, you need to configure defense thresholds for various attacks. This threshold can be regarded as the upper limit of normal traffic in the netwo...

SSLVPN users can support login without authentication.

As shown in the figure, in this scenario, both communicating parties (ie, firewall A and firewall B) need to enable NAT traversal.

Administrators need to make reasonable calculations when allocating resources to the firewall virtual system. This avoids the situation where a virtual system occupies too many res...

If IPS equipment adopts Layer 2 bypass detection deployment method, it can only monitor business traffic and cannot achieve real-time protection.

URL filtering can perform better access control than DNS filtering, effectively reducing the traffic of HTTP messages on the entire network.

Email content filtering can not only filter out anonymous emails, but also control the permissions of intranet users to send or receive emails by checking the email content.

In addition to affecting normal email reading, spam may also contain viruses and other harmful information.

Single packet attacks, DoS and DDoS attacks can all cause denial of service.

Relative to IPSec network layer control, SSL All VPN access control is based on the application layer, and its level of subdivision can reach the URL or file level, which can great...