ExamGecko
Search Search Login
Home Home / Huawei / H12-731_V2.0

Huawei H12-731_V2.0 Practice Test - Questions Answers, Page 25

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Digital certificates can ensure the credibility of the public key of the communicating partner in the process of data transmission.
Which of the following are the following ways to protect enterprise users from viruses? (Multiple selection)
HiSec Insight's detection of unknown files relies primarily on sandbox detection.
Trojans due to infection of other files It also destroys computer systems, and at the same time replicates itself, so Trojans have the characteristics of traditional computer viruses.
Employees visit illegal or malicious websites at will Viruses, Trojans, and worms will be attacked, so we need to enable URL filtering. Which of the following options is a feature of URL Shopping?
If the database O&M workload is much greater than the host O&M workload, you can choose to have an independent department outside the original O&M bastion host The database bastion host.
Data destruction refers to the use of various technical means to completely delete the data in computer storage devices, so as to prevent unauthorized users from using residual data to restore the original data information, so as to achieve the purpose of protecting key dat a. Which of the following options is wrong about how data is destroyed?
The server can set or read the information contained in the cookie This maintains state in the user's session with the server.
Which of the following information cannot be scanned by the nmap tool? (single selection).
After you deploy HUAWEI CLOUD WAF Traffic to the tenant's Neb server is sent directly to the origin server Cloud WAF intercepts and detects traffic whose destination IP address is the IP address of the origin server.

Question 241

Report
Export
Collapse

Which of the following health check descriptions is correct? (Selection)

A.
You do not need to configure a security policy to allow health check packets.
A.
You do not need to configure a security policy to allow health check packets.
Answers
B.
The outbound interface of the probe message does not need to be fixed
B.
The outbound interface of the probe message does not need to be fixed
Answers
C.
After specifying the junction of the link health check The outgoing interface of the health probe packet can be consistent with the incoming interface of the response packet.
C.
After specifying the junction of the link health check The outgoing interface of the health probe packet can be consistent with the incoming interface of the response packet.
Answers
D.
When configuring the protocol and port of the health check, check whether the corresponding protocol and port are enabled on the peer side.
D.
When configuring the protocol and port of the health check, check whether the corresponding protocol and port are enabled on the peer side.
Answers
Suggested answer: D

Question 242

Report
Export
Collapse

The following description of the IPv6 stateless address DAD check, which one is wrong? (single selection).

A.
IPv6 duplicate address detection technology is similar to free ARP in IPv4 Used to detect duplicate IPv4 host addresses when the address is divided into IE or when the host is connected to the network.
A.
IPv6 duplicate address detection technology is similar to free ARP in IPv4 Used to detect duplicate IPv4 host addresses when the address is divided into IE or when the host is connected to the network.
Answers
B.
The test address enables broadcast communication.
B.
The test address enables broadcast communication.
Answers
C.
The node sends a Neighbor Request (NS) packet to the test address it will use If you receive a Neighbor Notification (NA) message from another site then proves that the address has already been used.
C.
The node sends a Neighbor Request (NS) packet to the test address it will use If you receive a Neighbor Notification (NA) message from another site then proves that the address has already been used.
Answers
D.
When the interface is configured as an IPv6 address , DAD is used to detect whether the IPv6 address to be used is unique within the local link.
D.
When the interface is configured as an IPv6 address , DAD is used to detect whether the IPv6 address to be used is unique within the local link.
Answers
Suggested answer: B

Question 243

Report
Export
Collapse

The following describes the authentication method and authentication domain relationship for Internet users single sign-on What are the correct ones? (multiple selection).

A.
The firewall participates in the authentication process of single sign-on users, so authentication configuration can be performed in the authentication domain.
A.
The firewall participates in the authentication process of single sign-on users, so authentication configuration can be performed in the authentication domain.
Answers
B.
If no other authentication domain exists on the server, the default authentication domain is online.
B.
If no other authentication domain exists on the server, the default authentication domain is online.
Answers
C.
Single sign-on in progress Firewalls can also be bound to users based on IP/MAC addresses Identify the authentication domain to which the local user belongs
C.
Single sign-on in progress Firewalls can also be bound to users based on IP/MAC addresses Identify the authentication domain to which the local user belongs
Answers
D.
Single sign-on users need to be online on the firewall Policy control based on user Therefore, the single sign-on user must also belong to a certain authentication domain.
D.
Single sign-on users need to be online on the firewall Policy control based on user Therefore, the single sign-on user must also belong to a certain authentication domain.
Answers
Suggested answer: C, D

Question 244

Report
Export
Collapse

The following description of security protection, which one is correct?(single selection)

A.
The packets received by the Ethernet interface cannot be bound to the corresponding relationship between the source IP address and the MAC address
A.
The packets received by the Ethernet interface cannot be bound to the corresponding relationship between the source IP address and the MAC address
Answers
B.
When FW is deployed behind a NAT device, there may be a large amount of traffic accessing different destination ports with the same source IP address In this scenario, you cannot enable port scanning and attack prevention.
B.
When FW is deployed behind a NAT device, there may be a large amount of traffic accessing different destination ports with the same source IP address In this scenario, you cannot enable port scanning and attack prevention.
Answers
C.
ASPF function will not affect device performance.
C.
ASPF function will not affect device performance.
Answers
D.
When FW works in transparent mode You can enable IP spoofing attack prevention.
D.
When FW works in transparent mode You can enable IP spoofing attack prevention.
Answers
Suggested answer: B

Question 245

Report
Export
Collapse

By default, two subnets of the same VPC network deployed in different physical resource pools cannot access each other.

A.
TRUE
A.
TRUE
Answers
B.
FALSE
B.
FALSE
Answers
Suggested answer: B

Question 246

Report
Export
Collapse

Digital certificates can ensure the credibility of the public key of the communicating partner in the process of data transmission.

A.
TRUE
A.
TRUE
Answers
B.
FALSE
B.
FALSE
Answers
Suggested answer: A

Question 247

Report
Export
Collapse

Which of the following implementation elements is a multi-choice that can be controlled throughout cloud operations).

A.
Security policy deployment
A.
Security policy deployment
Answers
B.
Account authority management
B.
Account authority management
Answers
C.
Risks can be identified
C.
Risks can be identified
Answers
D.
The operation can be audited
D.
The operation can be audited
Answers
Suggested answer: A, C, D

Question 248

Report
Export
Collapse

At this time, there is no defense against C&C attacks that use TLS for encryption

A.
TRUE
A.
TRUE
Answers
B.
FALSE
B.
FALSE
Answers
Suggested answer: B

Question 249

Report
Export
Collapse

The following describes user authentication Which ones are correct? (multiple selection).

A.
Users whose security policies are allowed but whose identity authentication is not passed cannot access resources normally
A.
Users whose security policies are allowed but whose identity authentication is not passed cannot access resources normally
Answers
B.
If the user is a MAC address single-item bound user Other users can also use this MAC address to log in normally.
B.
If the user is a MAC address single-item bound user Other users can also use this MAC address to log in normally.
Answers
C.
Users with two-way iP/MAC binding can obtain dynamic IP address o through DHCP
C.
Users with two-way iP/MAC binding can obtain dynamic IP address o through DHCP
Answers
D.
Configure two-way binding of MAC addresses for a user to be exempt from authentication? If there are three layers of device elbows between the user and FW, the user can go online normally
D.
Configure two-way binding of MAC addresses for a user to be exempt from authentication? If there are three layers of device elbows between the user and FW, the user can go online normally
Answers
Suggested answer: A, B

Question 250

Report
Export
Collapse

One of the reasons why traditional passive defense does not protect against APT attacks is that traditional defense methods cannot correlate and analyze threats.

A.
TRUE
A.
TRUE
Answers
B.
FALSE
B.
FALSE
Answers
Suggested answer: A
Total 276 questions
Go to page: of 28
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms