Ultimate Guide to Prepare H12-711-ENU Certification Exam for HCNA-Security in 2021
Use Real H12-711-ENU Dumps - Huawei Correct Answers updated on 2021
NEW QUESTION 54
On the USG series firewall, after the web redirection function is configured, the authentication page cannot be displayed. Which of the following is not the cause of the fault?
- A. Web authentication is not enabled.
- B. The browser SSL version does not match the SSL version of the firewall authentication page.
- C. The port of service of authentication page is set to 8887
- D. The authentication policy is not configured or the authentication policy is incorrectly configured.
Answer: C
NEW QUESTION 55
Which of the following statement is wrong about L2TP VPN?
- A. Belongs to Layer 3 VPN technology
- B. Applicable to business employees dialing access to the intranet
- C. Will not encrypt the data
- D. Can be used in conjunction with IPsec VPN
Answer: A
NEW QUESTION 56
Which of the following is the analysis layer device in the Huawei SDSec solution?
- A. Firehunter
- B. CIS
- C. switch
- D. Agile Controller
Answer: A
NEW QUESTION 57
Both the GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If the area connected to GE1/0/1 can access the area connected to GE1/0/2, which of the following is correct?
- A. Need to configure an interzone security policy
- B. Need to configure the security policy from Local to DMZ
- C. Need to configure security policy from DMZ to local
- D. No need to do any configuration
Answer: D
NEW QUESTION 58
Which of the following descriptions about the action and security profile of the security policy are correct? (Multiple choice)
- A. If the action of the security policy is "prohibited", the device will discard this traffic, and then no content security check will be performed.
- B. If the security policy action is "Allow", the traffic will not match the security profile.
- C. The security profile may not be applied to the security policy that the action is allowed and take effect.
- D. The security profile must be applied to the security policy that is allowed to take effect.
Answer: A,D
NEW QUESTION 59
The scene of internal users access the internet as shown, the subscriber line process are:
1. After authentication, USG allow the connection
2. The user input http://1.1.1.1 to access Internet
3. USG push authentication interface, User =? Password =?
4. The user successfully accessed http://1.1.1.1, equipment create Session table.
5. User input User = *** Password = ***
Which the following procedure is correct?
- A. 2-1-3-5-4
- B. 2-5-3-1-4
- C. 2-3-5-1-4
- D. 2-3-1-5-4
Answer: C
NEW QUESTION 60
Which of the following options can be used in the advanced settings of Windows Firewall? (Multiple choice)
- A. Set connection security rules
- B. Change notification rules
- C. Restore defaults
- D. Set out inbound rules
Answer: A,B,C,D
NEW QUESTION 61
In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following descriptions are correct about the tracking technology? (Multiple Choice)
- A. Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into the tracked IP packets.
- B. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time, sending frequency, number of recipients, shallow email headers, etc.
- C. Link detection technology determines the source of the attack by testing the network connection between the routers.
- D. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data drilling techniques
Answer: A,B,C
NEW QUESTION 62
Which of the following does the encryption technology support for data during data transmission? (Multiple choice)
- A. Controllability
- B. Source verification
- C. Confidentiality
- D. Integrity
Answer: B,C,D
NEW QUESTION 63
On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands is correct?
- A. clear saved-configuration
- B. reset current-configuration
- C. reset running-configuration
- D. reset saved-configuration
Answer: D
NEW QUESTION 64
Which of the following descriptions is wrong about IKE SA?
- A. IKE SA is two-way
- B. IKE is a UDP- based application layer protocol
- C. IKE SA for IPSec SA services
- D. The encryption algorithm used by user data packets is determined by IKE SA.
Answer: D
NEW QUESTION 65
Regarding the HRP master and backup configuration consistency check content, which of the following is not included?
- A. Authentication Policy
- B. Is the heartbeat interface configured with the same serial number?
- C. Next hop and outbound interface of static route
- D. NAT policy
Answer: C
NEW QUESTION 66
Which of the following types of attacks does the DDoS attack belong to?
- A. Traffic attack
- B. Malformed packet attack
- C. Snooping scanning attack
- D. Special message attack
Answer: A
NEW QUESTION 67
In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following descriptions are correct about the tracking technology? (Multiple Choice)
- A. Link test technology determines the source of the attack by testing the network link between the routers
- B. Shallow mail behavior analysis can analyze the information such as sending IP address, sending time, sending frequency, number of recipients, shallow email headers and so on.
- C. Packet Recording Technology marks packets on each passing router by inserting trace data into the tracked IP packets
- D. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data drilling techniques
Answer: A,B,C
NEW QUESTION 68
The administrator wants to create a web configuration administrator, and set the Https device management port number to 20000, and set the administrator to the administrator level. which of the following commands are correct?
- A. Step1: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa manager-user-client001] password cipher
- B. Step1: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-client001] level 15 [USG-aaa-manager-user-client001] password cipher Admin@123
- C. Step1: web-manager enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-client001] password cipher Admin@123
- D. Step1: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-client001] level 1 [USG-aaa-manager-user-client001] password cipher Admin@123
Answer: B
NEW QUESTION 69
After the network attack event occurs, set the isolation area, summary data, and estimated loss according to the plan. Which stage does the above actions belong to the work contents of in the network security emergency response?
- A. Inhibition phase
- B. Recovery phase
- C. Preparation stage
- D. Detection phase
Answer: A
NEW QUESTION 70
Which of the following is not part of a digital certificate?
- A. Private key
- B. Issuer
- C. Public key
- D. Validity period
Answer: A
NEW QUESTION 71
Which of the following are the versions of the SNMP protocol? (Multiple choice)
- A. SNMPv2b
- B. SNMPv3
- C. SNMPv2c
- D. SNMPv1
Answer: B,C,D
NEW QUESTION 72
Digital certificate technology solves the problem that public key owners cannot determine in digital signature technology.
- A. True
- B. False
Answer: A
NEW QUESTION 73
Which of the following are malicious programs? (Multiple choice)
- A. Trojan horse
- B. Virus
- C. worm
- D. Vulnerabilities
Answer: A,B,C
NEW QUESTION 74
......
HCNA-Security -H12-711-ENU Exam-Practice-Dumps: https://www.exam4labs.com/H12-711-ENU-practice-torrent.html