Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Ace the Huawei H12-721 Exam: Ultimate Preparation Guide

Questions 11

Virtual firewall technology can achieve overlapping IP addresses.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 12

Which of the following is incorrect about IKE V1 and IKE V2?

Options:

A.

IKE V2 establishes a pair of IPSec SAs. Normally, an IKE SA and a pair of IPSec SAs can be completed by exchanging 4 messages twice.

B.

IKE V2 does not have the concept of master mode and barb mode

C.

To establish a pair of IPSec SAs, only 6 messages need to be exchanged in the IKE V1 master mode.

D.

When the IPSec SA established by D IKE V2 is greater than one pair, each pair of SAs needs only one additional exchange, that is, two messages can be completed.

Buy Now
Questions 13

According to the capture of the victim host, what kind of attack is this attack?

Options:

A.

ARP Flood attack

B.

HTTP Flood attack

C.

ARP spoofing attack

D.

SYN Flood attack

Buy Now
Questions 14

The Haiwei Secoway VPN client initiates an L2TP connection. The source port of the L2TP packet is 1710 and the port 1710 of the destination port.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 15

When an attack occurs, the result of packet capture on the attacked host (1.1.1.1) is as shown in the figure. What kind of attack is this attack?

H12-721 Question 15

Options:

A.

Smurf attack

B.

Land attack

C.

WinNuke attack

D.

Ping of Death attack

Buy Now
Questions 16

When using the SSL VPN client to start the network extension, the prompt "Connection gateway failed", what are the possible reasons for the failure?

Options:

A.

If the proxy server is used, the proxy server settings of the network extension client are incorrect.

B.

The route between the B PC and the virtual gateway is unreachable.

C.

TCP connection between the network extension client and the virtual gateway is blocked by the firewall

D.

username and password are incorrectly configured

Buy Now
Questions 17

Both AH and ESP protocols of IPSec support NAT traversal

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 18

The traffic limiting policy feature only supports the number of connections initiated by the specified IP or the number of connections received.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 19

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

Options:

A.

bypass deployment dynamic drainage using strict mode

B.

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

C.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

D.

adopts "basic mode". Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

Buy Now
Questions 20

Which of the following attacks is a SYN Flood attack?

Options:

A.

attacker sends a large number of SYN packets, which causes a large number of incomplete TCP connections to occupy the resources of the attacker.

B.

means that the attacker and the attacked object normally establish a TCP full connection, but there is no subsequent message.

C.

means that the attacker sends a large number of ICMP packets, such as ping, to the attacker.

D.

means that the attacker occupies the link bandwidth of the server by sending a large number of UDP packets to the attacker.

Buy Now