Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Ace the Huawei H12-721 Exam: Ultimate Preparation Guide

Questions 1

To ensure the normal forwarding of large traffic, a network administrator of a company uses two firewalls to implement hot standby. As shown in the following figure, when the configuration is complete, it is found that when A of the two firewalls fails, the data stream being transmitted before the fault has been seriously lost, but the newly transmitted data stream can work normally after the fault. What could be the cause of this phenomenon?

H12-721 Question 1

Options:
A.

The HRP preemption time configured on the firewall is smaller than the convergence time of OSPF.

B.

is not configured to adjust the COST value of OSPF according to the HRP status.

C.

The session fast backup function is not configured on the USG. The packets cannot be forwarded normally if the back and forth paths are inconsistent.

D.

does not enable hrp track on the upstream and downstream interfaces of the firewall.

Huawei H12-721 Premium Access
Questions 2

Two USG firewalls failed to establish an IPSec VPN tunnel through the NAT traversal mode. Run the display ike sa command to view the session without any UDP 500 session. What are the possible reasons?

Options:
A.

public network route is unreachable

B.

Intermediate line device disables UDP port 500

C.

Intermediate line device disables UDP 4500 port

D.

Intermediate line device disables ESP packets

Questions 3

The SSL VPN authentication is successful, but the Web-link resources cannot be accessed. What is the correct one?

Options:
A.

server does not open web service

B.

policy restricts user access

C.

device and intranet server are unreachable

D.

SSL VPN users reach the maximum limit

Questions 4

Which of the following is the correct description of the SMURF attack?

Options:
A.

The attacker sends an ICMP request with the destination address or the source address as the broadcast address, causing all hosts or designated hosts of the attacked network to answer, eventually causing the network to crash or the host to crash.

B.

The attacker sends the SYN-ACK message to the attacker's IP address.

C.

The attacker can send UDP packets to the network where the attacker is located. The source address of the packet is the address of the attacked host. The destination address is the broadcast address or network address of the subnet where the attacked host resides. The destination port number is 7 or 19.

D.

The attacker uses the network or the host to receive unreachable ICMP packets. The subsequent packets destined for this destination address are considered unreachable, thus disconnecting the destination from the host.

Questions 5

What are the possible reasons why the firewall 2 IPSec VPN cannot be established successfully?

Options:
A.

device does not have a route to the intranet

B.

. The ACL referenced by the security policy configured on the gateways at both ends is incorrect.

C.

The IPSec proposal configured on the gateways at both ends is inconsistent.

D.

is not configured with DPD at both ends

Questions 6

Comparing URPF strict mode and loose mode, which of the following statements is incorrect?

Options:
A.

strict mode requires not only the corresponding entry in the forwarding table, but also the interface must match to pass the URPF check.

B.

If the source address of the packet does not exist in the FIB table of the USG, and the default route is configured, the packet will be forwarded through the URPF check.

URPF strict mode is recommended in a

C.

route symmetric environment.

D.

Loose mode does not check whether the interface matches. As long as the source address of the packet exists in the FIB table of the USG, the packet can pass.

Questions 7

The topology diagram of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 [USG9000_A-bfd session-aa] commit [USG9000_A-bfd session-aa] quit What are the correct statements about this segment?

H12-721 Question 7

Options:
A.

command bfd aa bind peer-ip 1.1.1.2 is used to create a BFD session binding policy for detecting link status.

B.

"[USG9000_A] bfd" is incorrectly configured in this command and should be changed to [USG9000_A] bfd enable to enable BFD function.

C.

[USG9000_A-bfd session-aa] commit is optional. If no system is configured, the system will submit the BFD session log information by default.

D.

The command to bind a BFD session to a static route is also required: [USG9000_A]ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa

Questions 8

The server health check mechanism is enabled on the USG firewall of an enterprise to detect the running status of the back-end real server (the three servers are Server A, Server B, and Server C). When the USG fails to receive the response from Server B multiple times. When the message is received, Server B will be disabled and the traffic will be distributed to other servers according to the configured policy.

Options:
A.

TRUE

B.

FALSE

Questions 9

Which of the following is a disadvantage of L2TP VPN?

Options:
A.

working on layer 2 cannot be routed

B.

must use L2TP Over IPSec to use

C.

has no authentication function

D.

no encryption

Questions 10

The ip-link principle is to continuously send ICMP packets or ARP request packets to the specified destination address, and check whether the ICMP echo reply or ARP reply packet of the destination IP response can be received.

Options:
A.

TRUE

B.

FALSE