H12-711試験無料問題集（290題）「Huawei HCIA-Security V3.0 認定」

出題：1

Which of the following is not part of a digital certificate?

A. Public key

B. Issuer

C. Validity period

D. Private key

正解：D 解答を投票する

出題：2

The Protocol field in the IP header identifies the protocol used by the upper layer.
Which of the following field values indicates that the upper layer protocol is UDP protocol?

A. 11

B. 6

C. 18

D. 17

正解：D 解答を投票する

出題：3

Which of the following are correct regarding the matching conditions of the security policy? (Multiple choice)

A. "The source security zone" is an optional parameter in the matching condition.

B. "Apply" in the matching condition is an optional parameter

C. "Time period" in the matching condition is an optional parameter

D. "Service" is an optional parameter in the matching condition

正解：A,B,C,D 解答を投票する

出題：4

In the USG series firewall, which of the following commands can be used to query the NAT translation result?

A. display nat translation

B. display firewall nat translation

C. display current nat

D. display firewall session table

正解：D 解答を投票する

出題：5

When the following conditions occur in the VGMP group, the VGMP message will not be sent to the peer end actively?

A. Dual hot backup function enabled

B. Manually switch the active and standby status of the firewall.

C. Session table entry changes

D. Firewall service interface failure

正解：C 解答を投票する

出題：6

Which of the following statements about IPSec SA is true?

A. IPSec SA is two-way

B. IPSec SA is one-way

C. used to generate an encryption key

D. Used to generate a secret algorithm

正解：B 解答を投票する

出題：7

On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands is correct?

A. reset running-configuration

B. reset saved-configuration

C. clear saved-configuration

D. reset current-configuration

正解：B 解答を投票する

出題：8

The European TCSEC Code is divided into two modules, Function and Evaluation, which are mainly used in the military, government and commercial fields.

A. True

B. False

正解：A 解答を投票する

出題：9

Which of the following description are correct about the security policy action and security configuration file? (Multiple Choice)

A. The security configuration file must be applied to the security policy that is allowed to take effect.

B. If the action of the security policy is "prohibited", the device will discard this traffic and will not perform content security check later.

C. If the security policy action is "Allow", the traffic will not match the security configuration file.

D. The security configuration file can be applied without being applied to the security policy allowed by the action.

正解：A,B 解答を投票する

出題：10

Which of the following is not included in the Corporate Impact Analysis (BIA)?

A. Impact assessment

B. Business priority

C. Accident handling priority

D. Risk identification

正解：A 解答を投票する

出題：11

Which of the following attacks is not a malformed packet attack?

A. Teardrop attack

B. TCP fragmentation attack

C. ICMP unreachable packet attack

D. Smurf attack

正解：C 解答を投票する

出題：12

In the USG series firewall, you can use the ______ function to provide well-known application services for non-known ports.

A. MAC and IP address binding

B. Port mapping

C. Packet filtering

D. Long connection

正解：B 解答を投票する

出題：13

Execute the command on the firewall and display the following information. which of the following description is correct? (Multiple Choice) HRP_A [USG_A] display vrrp interfaceGigabitEthernet 0/0/1 GigabitEthernet0/0/1 | Virtual Router 1 VRRP Group: Active state: Active Virtual IP: 202.38.10.1 Virtual MAC: 0000-5e00-0101 Primary IP: 202.38.10.2 PriorityRun: 100 PriorityConfig: 100 MasterPriority: 100 Preempt: YES Delay Time: 10

A. Will not switch when the primary device fails

B. This firewall VRID is 1 the VRRP priority to backup group 100

C. The status of this firewall VGMP group is Active.

D. This firewall G1 / 0/1 virtual interface IP address 202.30.10.2

正解：B,C 解答を投票する

出題：14

Some applications, such as Oracle database application, there is no data transfer for a long time, so that firewall session connection is interrupted, thus resulting in service interruption, which of the following technology can solve this problem?

A. Configure default session aging time

B. Optimization of packet filtering rules

C. Turn fragment cache

D. Configure a long business connection

正解：D 解答を投票する

出題：15

After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can be directly configured on the standby device, and the configuration on the standby device can be synchronized to the active device.

A. True

B. False

正解：A 解答を投票する

出題：16

If the company structure has undergone a practical change, it is necessary to retest whether the business continuity plan is feasible.

A. True

B. False

正解：A 解答を投票する

出題：17

Security technology has different approaches at different technical levels and areas. Which of the following devices can be used for network layer security protection? (Multiple choice)

A. Firewall

B. IPS/IDS equipment

C. Anti-DDoS equipment

D. Vulnerability scanning device

正解：A,B,C 解答を投票する

出題：18

Digital signatures are used to generate digital fingerprints by using a hashing algorithm to ensure the integrity of data transmission.

A. True

B. False

正解：A 解答を投票する

出題：19

Which of the following statement is wrong about NAT?

A. Some application layer protocols carry IP address information in the data, but also to modify the data in the upper layer of the IP address information when they make NAT

B. Configure a NAT address pool in the source NAT technology. You can configure only one IP address in the address pool.

C. Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services outside the LAN

D. For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do NAT.

正解：D 解答を投票する

H12-711試験無料問題集「Huawei HCIA-Security V3.0 認定」