H12-721-ENU exam

Figure shows the data flow direction of power bypass interface in the Bypass working mode and non-bypass working mode, on the working process of power bypass interface.

Which of the following statements is correct? (Choose 2 Answers)

A. When the interface operates in the non-bypass state, traffic flows from the GE0 interface to the USG through Router_A and flows from the GE1 interface to Router_B after the USG process.

B. When the interface works in the Bypass state, the traffic flows from the GE0 interface to the USG through Router_A. The USG flows from the GE1 interface to Router_B directly without any processing.

C. When the firewall requires security priority, the uplink and downlink services are not interrupted when the interface operates in the Bypass state. So that the device can be maintained in the Bypass state.

D. Power Bypass interface can only work in the two-layer model, with circuit bypass function.

View Answer

Answer: AB

In the solution of Huawei abnormal flow cleaning, in the scene of bypass deployment, which drainage program can be used? (Choose 3 Answers)
A . Dynamic routing drainage
B . Static policy routing drainage
C . Static routing drainage
D . MPLS VPN

View Answer

Answer: ABC

When the user’s SSL VPN has been authenticated successfully, the user can not access the Web-link resource, view the information through the Web server as follows:

According to the above information, which of the following statement is correct?
A . Intranet server does not open Web service
B . Virtual gateway policy configuration error
C . The connection between the virtual gateway and the intranet server is not normal
D . The routing of virtual gateway and intranet server is unreachable

View Answer

Answer: A

In an Eth-Trunk interface, traffic load balancing can be achieved by configuring different weights on each member link.
A . TRUE
B . FALSE

View Answer

Answer: A

DHCP snooping function needs to maintain the binding table, what contents of the binding table are included? (Select 3 Answers)
A . MAC
B . Vlan
C . Interface
D . DHCP Server 的 IP

View Answer

Answer: ABC

What is the correct statement about IPsec and IKE? (Choose 3 Answers)
A . IPsec has two ways to establish an alliance, one is manual, one is IKE auto-negotiation (isakmp).
B . IKE aggressive mode can choose to negotiate the IP address or ID of the initiator to check the find the corresponding authentication and complete the negotiation finally.
C . The NAT across function deletes the verification process of UDP port number during the IKE negotiation. At the same time, the discovery function of the NAT gateway device in the VPN tunnel is implemented. That is, if the NAT gateway device is discovered, then the after IPsec data transmission use UDP encapsulation.
D . IKE security mechanisms include DH Diffie-Hellman switching and key distribution, perfect forward security (PFS) and SHA1, etc. encryption algorithm.

View Answer

Answer: ABC

Man-in-the-middle attack means that the middleman completes the data exchange between the server and the client. In the server’s view, all the messages are from or sent to the client; in the client’s view, all the messages are also from or sent to the server side. If a hacker uses a man-in-the-middle attack, the hacker will send at least two packets as shown to implement the attack.

The following descriptions are about the packet 1 and the packet 2 fields, which is correct? (Choose 2 Answers)
A . Data Package 1 ：
Source IP 1.1.1.1
Source MAC C-C-C
Destination IP 1.1.1.2
Destination Mac B-B-B
B . Data Package 1 ：
Source IP 1.1.1.3
Source MAC C-C-C
Destination IP 1.1.1.2
Destination Mac B-B-B
C . Data Package 2 ：
Source IP 1.1.1.2
Source MAC C-C-C
Destination IP 1.1.1.1
Destination Mac A-A-A
D . Data Package 2 ：
Source IP 1.1.1.3
Source MAC C-C-C
Destination IP 1.1.1.1
Destination Mac A-A-A

View Answer

Answer: AC

One network is shown as below:

PC establish l2tp vpn through the vpn client and USG (LNS), what are possible reasons of dial-up failure? (Select 3 Answers)
A . The tunnel name of the LNS is not consistent with the client’s.
B . L2TP tunnel authentication failed.
C . PPP authentication fails, the PPP authentication mode set on the client PC and LNS is not consistent.
D . The client PC can not obtain the IP address assigned to it from the LN

View Answer

Answer: BCD

According to the daul hot standby network diagram, the following are the descriptions about the daul hot standby preemption function, which are correct? (Select 3 Answers)

A . VRRP backup group itself has preemption function. In the figure, when USG_A fails and is restored, USG_A will use the preemption function to back into master state.
B . The preemption function of the VGMP management group is similar to the VRRP backup group. When the faulty backup group in the management group recovers, the priority of the management group is restored.
C . By default, the preemption delay is 0 and never preempts.
D . When the VRRP backup group is added to the VGMP management group, the original preemption function on the backup group will be invalid. The preemption takes action or not must be determined by the VGMP management group.

View Answer

Answer: ABD

On the TCP proxy and TCP reverse source detection, which statement is correct? (Select 3 Answers)
A . Both TCP proxy and TCP reverse source detection can prevent SYN Flood.
B . The principle of TCP agent is that the device acts as a proxy between the two ends of the TP connection, when one of the ends connects, it must first complete the TCP three-way handshaking with the device.
C . Useing TCP proxy attack defense must open the state detection mechanism.
D . TP Reverse source detection detects the source IP by sending Reset message.

View Answer

Answer: ABC