HCIP-Security-CISN(Huawei Certified ICT Professional - Constructing Infrastructure of Security Network) (H12-721) Free Practice Test

Question 1

Huawei has the following bandwidth policy configuration command on the USG6000:
[USG] traffic-policy
[USG-policy-traffic] profile class1
[USG-policy-traffic-profile-class1] bandwidth maximum-bandwidth whole both 1000
[USG-policy-traffic-profile-class1] bandwidth connection-limit whole both 20
[USG-policy-traffic-profile-class1] quit
[USG-policy-traffic] rule name policy1
[USG-policy-traffic-rule-policy1] source-zone untrust
[USG-policy-traffic-rule-policy1] destination-zone dmz
[USG-policy-traffic-rule-policy1] destination-address 10.10.10.0 mask 255.255.255.0
[USG-policy-traffic-rule-policy1] action cos profile class1
[USG-policy-traffic-rule-policy1] quit
[USG-policy-traffic] rule name policy2
[USG-policy-traffic-rule-policy2] source -zo ne dmz
[USG-policy-traffic-rule-policy2] destination-zone untrust
[USG-policy-traffic-rule-policy2] destination-address 10.10.10.5 mask 255.255.255.255
[USG-policy-traffic-rule-policy2] action no-qos
Which of the following statements are correct? (Multiple choices)

A. When accessing the destination network segment 10.10.10.0/24, traffic will be limited by a maximum of 20 connections.

B. When accessing a host with a destination address of 10.10.10.5 will not be limited by the bandwidth policy

C. When accessing a host with a destination address of 10.10.10.5, the number of connections will be limited

D. When accessing the destination network segment 10.10.10.0/24, it will not be restricted by the maximum number of connections 20

Correct Answer: A,B

Question 2

Which of the following statements about the Radius agreement is correct? (Multiple choices)

A. Authentication and Authorization port number can be 1645

B. Encrypt an account when transferring user accounts and passwords using the Radius protocol

C. The authentication and authorization port number can be 1812

D. Transmission of Radius messages using UDP protocol

Correct Answer: A,C,D

Question 3

To implement the dual-system hot standby function of the USG6000 firewall, which of the following protocols is not required?

A. IGMP

B. VRRP

C. VGMP

D. HRP

Correct Answer: A

Question 4

Which is wrong about the description of the virtual system?

A. If the virtual system function is not enabled, the root system does not exist.

B. Separately running logical device which is divided on the NGFW are called virtual systems.

C. There are two types of virtual systems, the root system and the virtual system on the NGFW.

D. A special virtual system that exists by default on the NGFW is called the root system.

Correct Answer: A

Question 5

Regarding GRE Over IPSec, which of the following statements is wrong?

A. IP header added in the IPSec encapsulation process is the source IP address of the interface to which the IPSec gateway applies the IPSec policy. The destination address is the address of the interface to which the IPSec policy is applied in the IPSec peer.

B. When GRE over IPSec is used between gateways, IPSec encapsulation is performed before GRE encapsulation.

C. The data flow that IPSec needs to protect is the data flow from the GRE starting point to the GRE destination.

D. IP header added in the GR encapsulation process is the source address of the GRE tunnel, and the destination address is the destination address of the GRE tunnel.

Correct Answer: B

Question 6

When IPSec VPN uses digital certificates for authentication, which of the following is not required to verify the validity of digital certificates?

A. Certificate Signing

B. Certificate public key

C. CRL certificate serial number

D. Validity of the certificate

Correct Answer: B

Question 7

Which of the following log categories does the firewall command output, content log, policy hit log, mail filter log, URL filter log, and audit log output from the firewall belong to?

A. System log

B. Business log

C. Session log

D. Packet loss logs

Correct Answer: B

Question 8

Which of the following options is correct for the configuration of a VPN interface bound to a VPN instance?

A. ip binding vpn-instance vpn-id

B. ip binding vpn-id

C. ip binding vpn-instance vpn-instance-name

D. ip binding vpn-id vpn-instance-name

Correct Answer: C

Question 9

IP-Link technology continuously sends ICMP packets or ARP request packets to a specified destination address, and then checks whether an ICMP echo reply packet or ARP reply packet can be received to determine whether the link is faulty.

A. False

B. True

Correct Answer: B

Question 10

As shown in the figure is the firewall hot standby networking environment. In this networking environment, which of the following commands can ensure that the device automatically adjusts the priority of the VGMP management group and automatically performs the active/standby switchover?

A. hrp preempt delay 60

B. hrp interface GigabitEthernet 0/0/2

C. hrp ospf-cost adjust-enable

D. hrp auto-sync config

Correct Answer: C

Question 11

In dual-system hot backup, the backup channel must be the main interface on the interface board. Which type is not supported?

A. GigabitEthernet

B. E1

C. Ethernet

D. vlan-if

Correct Answer: B

Question 12

There are two reliable transmission modes and fast transmission modes for Network Expansion Functions establishing SSL VPN tunnels. Which of the following description about these two methods are wrong?

A. In the fast transmission mode, SSL VPN encapsulates packets using the Quick UDP Internet Connections (QUIC) protocol and uses UDP as the transmission protocol.

B. In the reliable transmission mode, the remote users need to establish an SSL VPN tunnel with the virtual gateway before transmitting data.

C. In the fast transmission mode, the remote users does not need to establish an SSL VPN tunnel with the virtual gateway before transmitting data.

D. In the reliable transmission mode, SSL VPN encapsulates packets using the SSL protocol and uses the TCP protocol as the transmission protocol.

Correct Answer: C

Question 13

The following figure shows the L2TP over IPSec application scenario. The client uses the method of pre-shared-key for IPSec authentication. How to configure the IPSec security policy on the LNS port? (Multiple Choice)

A. Using IKE v1 main mode for negotiation

B. Using IKE v2 for negotiation

C. Configuring IPSec Policy Template

D. Configuring IPSec Security Policy

Correct Answer: B,C

Welcome to TestSimulate

Huawei HCIP-Security-CISN(Huawei Certified ICT Professional - Constructing Infrastructure of Security Network) (H12-721) Free Practice Test