ExamGecko
Search Search Login
Home Home / Huawei / H12-724

Huawei H12-724 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

For the scenario where the authentication server adopts distributed deployment, which of the following descriptions are correct? (multiple choice)
Traditional network single--The strategy is difficult to cope with the current complex situations such as diversified users, diversified locations, diversified terminals, diversified applications, and insecure experience.
Use BGP protocol to achieve diversion, the configuration command is as follows [sysname] route-policy 1 permit node 1 [sysname-route-policy] apply community no-advertise [sysname-route-policy] quit [sysname]bgp100 155955cc-666171a2-20fac832-0c042c04 29 [sysname-bgp] peer [sysname-bgp] import-route unr [sysname- bgpl ipv4-family unicast [sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export [sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community [sysname-bgp-af-ipv4] quit [sysname-bgp]quit Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)
There are two types of accounts on the Agile Controller-Campus: one is a local account and the other is an external account. Which of the following is not a local account?
Regarding the application scenarios of Agile Controller-Campus centralized deployment and distributed deployment, which of the following options are correct? (Multiple select)
Regarding the principle of MAC authentication, which of the following descriptions is wrong?
The relationship between user groups and accounts in user management is stored in a tree on the Agile Controller-Campus. An account belongs to only one user group. Consistent with the corporate organizational structure: If the OU (OnizbonUnit) structure stored in the AD/LDAP server is consistent with the corporate organizational structure, users are stored Under 0OU, when the Agile Controller-Campus synchronizes AD/LDAP server accounts, which synchronization method can be used?
If you are deploying BYOD When the system is installed, use a stand-alone installation SM, Dualmachine installation SC, Stand-alone hardware deployment AE,Which of the following descriptions are correct? (Multiple choice)
Deploying on Windows platform, using SQL Server database About the HA function of Agile Cotoller- Campus, which of the following descriptions Is it correct? (multiple choice)
About the software SACG And hardware SACG Description, which of the following is correct?

Question 21

Report
Export
Collapse

Based on the anti-virus gateway of streaming scan, which of the following descriptions is wrong?

A.
Rely on state detection technology and protocol analysis technology
A.
Rely on state detection technology and protocol analysis technology
Answers
B.
The performance is higher than the agent-based method
B.
The performance is higher than the agent-based method
Answers
C.
The cost is smaller than the agent-based approach
C.
The cost is smaller than the agent-based approach
Answers
D.
The detection rate is higher than the proxy-based scanning method
D.
The detection rate is higher than the proxy-based scanning method
Answers
Suggested answer: D

Question 22

Report
Export
Collapse

Regarding the strong statement of DNS Request Flood attack, which of the following options is correct?

A.
The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source
A.
The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source
Answers
B.
For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify The legitimacy of the source IP.
B.
For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify The legitimacy of the source IP.
Answers
C.
In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process It will consume the TCP connection resources of the OINS cache server.
C.
In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process It will consume the TCP connection resources of the OINS cache server.
Answers
D.
Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.
D.
Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.
Answers
Suggested answer: C

Question 23

Report
Export
Collapse

Regarding the anti-spam response code, which of the following statements is wrong?

A.
The response code will vary depending on the RBL service provider.155955cc-666171a2-20fac832-0c042c046
A.
The response code will vary depending on the RBL service provider.155955cc-666171a2-20fac832-0c042c046
Answers
B.
USG treats mails that match the answer code as spam.
B.
USG treats mails that match the answer code as spam.
Answers
C.
If the response code is not returned or the response code is not configured on the USG, the mail is released.
C.
If the response code is not returned or the response code is not configured on the USG, the mail is released.
Answers
D.
The response code is specified as 127.0.0.1 in the second system.
D.
The response code is specified as 127.0.0.1 in the second system.
Answers
Suggested answer: D

Question 24

Report
Export
Collapse

The configuration command to enable the attack prevention function is as follows; n [FW] anti-ddos syn-flood source-detect [FW] anti-ddos udp-flood dynamic-fingerprint-learn [FW] anti-ddos udp-frag-flood dynamic fingerprint-learn [FW] anti-ddos http-flood defend alert-rate 2000 [Fwj anti-ddos htp-flood source-detect mode basic Which of the following options is correct for the description of the attack prevention configuration?

(multiple choice)

A.
The firewall has enabled the SYN Flood source detection and defense function
A.
The firewall has enabled the SYN Flood source detection and defense function
Answers
B.
The firewall uses the first packet drop to defend against UDP Flood attacks.
B.
The firewall uses the first packet drop to defend against UDP Flood attacks.
Answers
C.
HTTP Flood attack defense uses enhanced mode for defense
C.
HTTP Flood attack defense uses enhanced mode for defense
Answers
D.
The threshold for HTTP Flood defense activation is 2000.
D.
The threshold for HTTP Flood defense activation is 2000.
Answers
Suggested answer: A, D

Question 25

Report
Export
Collapse

The application behavior control configuration file takes effect immediately after being referenced, without configuration submission.

A.
True
A.
True
Answers
B.
False
B.
False
Answers
Suggested answer: A

Question 26

Report
Export
Collapse

Regarding the description of keywords, which of the following is correct? (multiple choice)

A.
Keywords are the content that the device needs to recognize during content filtering.
A.
Keywords are the content that the device needs to recognize during content filtering.
Answers
B.
Keywords include predefined keywords and custom keywords.
B.
Keywords include predefined keywords and custom keywords.
Answers
C.
The minimum length of the keyword that the text can match is 2 bytes. ,
C.
The minimum length of the keyword that the text can match is 2 bytes. ,
Answers
D.
Custom keywords can only be defined in text mode.
D.
Custom keywords can only be defined in text mode.
Answers
Suggested answer: A, B

Question 27

Report
Export
Collapse

IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.

Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

A.
IPS is an intrusion detection system that can block real-time intrusions when found
A.
IPS is an intrusion detection system that can block real-time intrusions when found
Answers
B.
IPS unifies IDS and firewall
B.
IPS unifies IDS and firewall
Answers
C.
IPS must use bypass deployment in the network
C.
IPS must use bypass deployment in the network
Answers
D.
Common IPS deployment modes are in-line deployment,
D.
Common IPS deployment modes are in-line deployment,
Answers
Suggested answer: C

Question 28

Report
Export
Collapse

The following commands are configured on the Huawei firewall:

[USG] firewall defend ip-fragment enable

Which of the following situations will be recorded as an offensive behavior? (multiple choice)

A.
DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0, 155955cc-666171a2-20fac832-0c042c047
A.
DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0, 155955cc-666171a2-20fac832-0c042c047
Answers
B.
DF bit is 023, MF bit is 1 or Fragment Offset is not 0,
B.
DF bit is 023, MF bit is 1 or Fragment Offset is not 0,
Answers
C.
DF bit is 0, and Fragment Offset + Length> 65535.
C.
DF bit is 0, and Fragment Offset + Length> 65535.
Answers
D.
The DF bit is 1, and Fragment Ofset + Length <65535.
D.
The DF bit is 1, and Fragment Ofset + Length <65535.
Answers
Suggested answer: A, C

Question 29

Report
Export
Collapse

Huawei's USG000 product can identify the true type of common files and over-check the content.

Even if the file is hidden in a compressed file, or change the extension The name of the exhibition can't escape the fiery eyes of the firewall.

A.
True
A.
True
Answers
B.
False
B.
False
Answers
Suggested answer: A

Question 30

Report
Export
Collapse

For the description of the Anti DDOS system, which of the following options is correct? C

A.
The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.User network, send to the real destination.
A.
The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.User network, send to the real destination.
Answers
B.
The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.View in categories and generate reports.
B.
The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.View in categories and generate reports.
Answers
C.
The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to The management center makes a judgment.
C.
The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to The management center makes a judgment.
Answers
D.
The firewall can only be used for inspection equipment
D.
The firewall can only be used for inspection equipment
Answers
Suggested answer: B
Total 367 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms