• Home
  • Articles
  • 2022 H12-721 dumps review - Professional Quiz Study Materials [Q75-Q99]

2022 H12-721 dumps review - Professional Quiz Study Materials [Q75-Q99]

Share

2022 H12-721 dumps review - Professional Quiz Study Materials

H12-721 Test Prep Training Practice Exam Questions Practice Tests

NEW QUESTION 75
HTTP Flood attacks refer indirectly to the target server to initiate a large number of HTTP packets to burden the server so that it can not respond to normal requests.
Through the interface rate limit function, HTTP flood attacks can be prevented.

  • A. FALSE
  • B. TRUE

Answer: B

 

NEW QUESTION 76
In the networking environment of dual-system hot backup and ip-link, which of the following configurations is the key configuration for ip-link and dual-system hot backup?

  • A. hrp track ip-link 1 master
  • B. hrp track ip-link 1 slave
  • C. hrp mirror ip-link 1
  • D. ip-link check enable

Answer: A

 

NEW QUESTION 77
Shown below is an IPSec standby scenario, with main link A and backup link B.
Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we want to ensure that the primary and redundant backup link via IP-Link is configured.

Which of the following is the correct cstatic routeonfiguration from the headquarters to the branch office?

  • A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
    [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2
  • B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
    [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
  • C. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
    [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
  • D. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
    [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2

Answer: C

 

NEW QUESTION 78
On the IP-MAC address binding, when both IP and MAC packets that match, it will go to the next processing firewall whereas the packet is discarded if IP and MAC does not match.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 79
A virtual system is a plurality of mutually independent logical devices divided on a single physical device. Each virtual system is equivalent to a real device and has its own interface, address set, user/group, routing table entries, and policies. It can also be configured and managed by a virtual system administrator.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 80
IPSec tunnel can use GRE over IPSec to propagate multicast packets.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 81
After a new virtual system is created on the firewall, the virtual system does not have any security zone. The administrator needs to plan the configuration by self.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 82
In static fingerprint filtering for different packets with different processing methods, which of the following statements is correct? (Choose two answers)

  • A. ICMP packets through fingerprints identifier.
  • B. DNS packets fingerprints for Query ID.
  • C. HTTP packets fingerprints for Universal Resource Identifier URI (Uniform Resource Identifier).
  • D. TCP / UDP / custom services can be based on the load (ie, packet data segment) fingerprints.

Answer: C,D

 

NEW QUESTION 83
When the ip-link link health check is performed, if it is unable to receive the message several times in the absence of the link, it will be considered as a link failure.

  • A. 3 times
  • B. 1 time
  • C. 5 times
  • D. 2 times

Answer: A

 

NEW QUESTION 84
After the link-group is configured on the device, use the display link-group 1 command to obtain the following information. What information can I get?

  • A. GigabitEthernet 0/0/1 is forcibly converted to fault state because other interfaces in the group are faulty.
  • B. GigabitEthernet 0/0/2 interface has failed.
  • C. GigabitEthernet 0/0/1 has failed.
  • D. GigabitEthernet 0/0/2 is forcibly converted to fault state because other interfaces in the group are faulty.

Answer: C,D

 

NEW QUESTION 85
When an attack occurs, the attacked host (1.1.1.1) captured the results below. What type of attack is this?

  • A. WinNuke
  • B. Land Attack
  • C. Ping of Death attack
  • D. Smurf attack

Answer: D

 

NEW QUESTION 86
As shown in Figure BFDS for SPF networking scenarios:
1. Run OSPF between FW_A, FW_B and FW_C. All three devices are neighbors.
2. To reach FULL neighbor state, configure OSPF BFD and linkage. BFD finished creating BFD sessions.
Which of the following statements are correct? (Choose two answers)

  • A. When a link fails, BD first perception, FWA and FWB will soon converge
  • B. FWA deal with neighbors Down event, re-route calculation, a new route for the link b
  • C. Link switch toggles the seconds level
  • D. When a link fails, OSPF convergence and automatic notification BD

Answer: A,B

 

NEW QUESTION 87
The ACK flood attack is defended by the load check. The principle is that the cleaning device checks the payload of the ACK packet. If the payloads are all consistent (if the payload content is all 1), the packet is discarded.

  • A. FALSE
  • B. TRUE

Answer: B

Explanation:
Explanation
Note: ACK Flood defense principle: First, when the ACK packet rate exceeds the threshold, start session check: (If the cleaning device checks that the ACK packet does not hit the session, there are 2 processing modes, (strict mode - - The strict mode is recommended in the network where the route is deployed. If the cleaning device does not check the established session, the device discards the packet. The basic mode: When the bypass is deployed, the device is cleaned before the session is established. The session is not detected. In this case, the basic mode is recommended. That is, when the ACK packet rate exceeds the threshold for a period of time, the session check is started. The device first passes several ACK packets to establish a session.
Check the session to determine whether to discard the packet. Second, if the cleaning device checks the ACK packet to hit the session, check the session creation reason). The second is that the load check is performed by the cleaning device to check the payload of the ACK packet. If the payloads are all consistent (if the payload content is all 1), the packet is discarded. The third is to check the reason for the session creation if the cleaning device checks that the ACK packet hits the session. The fourth is if the session is by SYN or SYN- If the ACK packet is built, the packet is allowed to pass. If the session is created by another packet (for example, an ACK packet), the packet inspection result is checked. The packet with the correct sequence number is allowed to pass, and the incorrect packet is discarded. The payload check can be enabled only if
"session check" is enabled, and the payload check is performed on the packets passed by the session check.

 

NEW QUESTION 88
With Blacklist, which part of the packets are examined to determine there is an attack?

  • A. The source address
  • B. Source Port
  • C. destination port
  • D. destination address

Answer: A

 

NEW QUESTION 89
The Huawei abnormal flow cleaning solution must be deployed in an independent testing center.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 90
Load balancing to ensure that the same user traffic will access the IP address assigned to different servers uses what technology? (Choose three answers)

  • A. Server Health Check
  • B. Virtual Services Technology
  • C. Flow-based forwarding
  • D. Hot Standby Technology

Answer: A,B,C

 

NEW QUESTION 91
A network is shown below.

A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn. What are valid reasons for this failure? (Choose three answers)

  • A. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.
  • B. L2TP tunnel authentication failed.
  • C. LNS tunnel tunnel name change is inconsistent with the client name.
  • D. Client PC can not obtain an IP address assigned to it from the LNS.

Answer: A,B,D

 

NEW QUESTION 92
Which part of the attack packet is matched by the blacklist to achieve attack prevention?

  • A. destination port
  • B. source port
  • C. source address
  • D. destination address

Answer: C

 

NEW QUESTION 93
In the TCP/IP protocol, the TCP protocol provides a reliable connection service, which is implemented using a
3-way handshake. First handshake: When establishing a connection, the client sends a SYN packet (SYN=J) to the server and enters the SYN_SENT state, waiting for the server to confirm; the second handshake: the server receives the SYN packet and must send an ACK packet (ACK=1) To confirm the SYN packet of the client, and also send a SYN packet (SYN=K), that is, the SYN-ACK packet, the server enters the SYN_RCVD state; the third handshake: the client receives the SYN-ACK packet of the server. Send the acknowledgement packet ACK (SYN=2 ACK=3) to the server. After the packet is sent, the client and server enter the ESTABUSHED state and complete the handshake. Regarding the three parameters in the 3-way handshake process, which one is correct?

  • A. 1=J+1 2=J 3=K+1
  • B. 1=J+1 2=J+1 3=K+1
  • C. 1=J 2=K+1 3=J+1
  • D. 1=J+1 2=K+1 3=J+1

Answer: D

 

NEW QUESTION 94
The load balancing function is configured on the USG firewall for three FTP servers. The IP addresses and weights of the three physical servers are 10.1.13/24 (weight 16); 10.1.1.4/24 (weight 32); 10.1.1.5 /24 (weight
16), and the virtual server address is 202.152.26.123/24. A PC with the host address of 202.152.26.3/24 initiates access to the FTP server. Run the display firewall session table command on the firewall to check the configuration. Which of the following conditions indicates that the load balancing function is successfully implemented?

  • A. <USG>display firewall session table Current total sessions: 3 ftp VPN: ftp VPN: public
    202.152.26.3:3327--> 202.152.26.123:21[10.1.1.3:21] ftp VPN: public-->public 202.152.
    26.3:3327-->10.1.1.4:21 ftp VPN:public-->public 202.152.26.3:3327-->10.1.1.4:21 ftp VPN:public-->public 202.152.26.3:3327-->10.1. 1.5:21
  • B. <USG>display firewall session table Current total sessions: 1 ftp VPN: public-->public
    202.152.26.3:3327-->10.1.1.4:21
  • C. <USG>display firewall session table Current total sessions: 1 ftp VPN:
    202.152.26.3:3327-->202.152.26.123:21
  • D. <USG>display firewall session table Current total sessions:3 ftp VPN: public 202.152.26.3:3327-->
    202.152.26.123:21[10.1.1.3:21] ftp VPN:public-->public 202.152.26.3:3327
    -->202.152.26.123:21[10.1.1.4:21] ftp VPN: public-->public
    202.152.26.3:3327-->202.152.26.123:21[10.1.1.5:21]

Answer: D

 

NEW QUESTION 95
In the hot standby scenario, what is the correct statement about the primary and backup backups?

  • A. The backup channel must be an interface on the service board and supports GE and Eth-trunk interfaces.
  • B. Real-time backup is a real-time backup of newly created or refreshed data while the device is running.
  • C. By default, batch backup is turned on.
  • D. batch backup is to back up all information in batches after the first negotiation of two devices is completed.

Answer: A,B,D

Explanation:
Explanation
Note: The automatic backup command is enabled by default on the USG. Used in dual-system hot standby network

 

NEW QUESTION 96
In hot standby, what is the number of cycles does not receive the HRP HELLO packet from the peer end, the Slave peer considers the peer end to be faulty?

  • A. Five
  • B. Three
  • C. Two
  • D. One

Answer: B

 

NEW QUESTION 97
What are the correct statements about link-group below?

  • A. support interface board hot swap
  • B. supports interface state management across switches
  • C. supports remote interface state management
  • D. supports interface state management across interface boards

Answer: A,D

 

NEW QUESTION 98
The virtual system instance bound to the interface by the ip binding vpn-instance vpn-instance name is generated as the virtual system is created.

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 99
......

Exam Questions Answers Braindumps H12-721 Exam Dumps PDF Questions: https://troytec.itpassleader.com/Huawei/H12-721-dumps-pass-exam.html

Related Articles

more
Huawei H12-721 Certification Practice Exam
0
0
0
0