H12-721 Huawei Certified ICT Professional - Constructing Infrastructure of Security Network exact Exam Questions

Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Last Update 20 hours ago Total Questions : 217

The Huawei Certified ICT Professional - Constructing Infrastructure of Security Network content is now fully updated, with all current exam questions added 20 hours ago. Deciding to include H12-721 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our H12-721 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these H12-721 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Huawei Certified ICT Professional - Constructing Infrastructure of Security Network practice test comfortably within the allotted time.

Question # 41

An administrator can view the IPSec status information and debugging information as follows. What is the most likely fault?

local ike policy does not match the peer ike policy.

local ike remote namet and peer ikename do not match

local ipsec proposal does not match the peer ipsec proposal.

The local security acl or the peer security acl does not match.

Question # 42

The topology diagram of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 [USG9000_A-bfd session-aa] commit [USG9000_A-bfd session-aa] quit What are the correct statements about this segment?

command bfd aa bind peer-ip 1.1.1.2 is used to create a BFD session binding policy for detecting link status.

" [USG9000_A] bfd " is incorrectly configured in this command and should be changed to [USG9000_A] bfd enable to enable BFD function.

[USG9000_A-bfd session-aa] commit is optional. If no system is configured, the system will submit the BFD session log information by default.

The command to bind a BFD session to a static route is also required: [USG9000_A]ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa

Question # 43

The attacker sends a large number of invite messages to the SIP server, causing the SIP server to refuse service. Which layer of the OSI model is this attack based on?

application layer

network layer

transport layer

data link layer

Question # 44

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

bypass deployment dynamic drainage using strict mode

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

adopts " basic mode " . Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

Question # 45

What is the correct statement about the ip-link feature?

ip-link is a function to detect link connectivity

ARP detection mode only supports detecting direct links (or forwarding through Layer 2 devices in the middle)

The firewall sends ICMP or ARP packets to a probe destination address to determine whether the destination address is reachable.

ip-link is associated with VGMP, the ip-link status is down, and the VGMP management group priority is lowered by default.

Question # 46

The SSL VPN authentication login is unsuccessful and the message " Bad username or password " is displayed. Which one is wrong?

username and password are entered incorrectly

user or group filter field configuration error

certificate filter field configuration error

administrator configured a policy to limit the source IP address of the terminal

Question # 47

The network of an enterprise is as follows. At this time, server A cannot access the web service of server B. The administrator performs troubleshooting and finds that there is no problem in the routing mode of firewall A. The corresponding routing table has been established, but the firewall mode of firewall A is set. error. What is the method used by the administrator to troubleshoot the problem?

layering method

segmentation method

replacement method

block method

Question # 48

A user SSL VPN authentication succeeds. The network extension is enabled on the PC. The assigned address has been obtained. The user PC cannot access the resources of the intranet server. Possible reasons?

configuration error in the " client routing mode " configuration

policy restricts user access

device and intranet server are unreachable

The physical interface IP of the D PC overlaps with the address assigned by the VPN.