Huawei H12-821_V1.0 Practice Test - Questions Answers, Page 5

Neighbor Discovery Protocol (NDP):

NDP is a key protocol in the IPv6 protocol suite, replacing ARP (Address Resolution Protocol) in IPv4.

It operates using ICMPv6 (Internet Control Message Protocol for IPv6) and is critical for managing interactions between IPv6 nodes on the same link.

NDP Features and Functions:

A . Address resolution:

NDP resolves IPv6 addresses into MAC addresses, similar to ARP in IPv4. It uses Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages for this purpose.

B . Neighbor state tracing:

NDP tracks the state of neighbors to determine their reachability. It maintains a neighbor cache and uses NS/NA messages to verify whether neighbors are reachable.

C . Duplicate address detection (DAD):

NDP ensures that IPv6 addresses are unique within a network. Before assigning an address to an interface, DAD is used to verify that no other node is using the same address. This is done via NS messages.

D . Redirection:

NDP provides redirection functionality to inform hosts of a better first-hop router for reaching a particular destination. It uses ICMPv6 Redirect messages for this purpose.

Conclusion:

NDP supports all the mentioned functions and features: Address resolution, Neighbor state tracing, Duplicate address detection, and Redirection, making it indispensable for IPv6 networks.

IPv6 Address Behavior

Manually configured link-local addresses do not have a higher priority than automatically generated ones; they coexist and are equally preferred for local communication.

The other statements are true:

A . Link-local addresses can use the EUI-64 method for quick generation.

B . Anycast addresses are only used as destination addresses.

C . An interface can have multiple global unicast addresses with different prefixes.

HCIP-Datacom-Core Reference

IPv6 address types and priority behaviors are detailed in the IPv6 addressing sections.

SSL VPN and Its Functionality:

SSL VPN (Secure Sockets Layer Virtual Private Network) provides secure remote access to a network using SSL/TLS protocols.

SSL VPN operates at the Application Layer of the OSI model. It enables secure communication for applications like web browsers, email clients, and file sharing.

Unlike IPsec VPN, which operates at the Network Layer, SSL VPN focuses on application-specific encryption and authentication.

GRE Characteristics

GRE does not inherently support encryption or authentication. It is a tunneling protocol for encapsulating packets, and data security features must be implemented using other protocols such as IPsec.

Other correct attributes of GRE include:

B . Supports multicast transmission.

C . Acts as a Layer 3 VPN encapsulation technology.

D . Can work with VPN protocols like IPsec for better security.

HCIP-Datacom-Core Reference

GRE features and limitations are discussed in VPN encapsulation technology chapters.

By default, Huawei firewalls create security zones such as Trust, Untrust, and Local. The DMZ (Demilitarized Zone) is a security zone explicitly created by users. A DMZ is used to isolate an internal network from the external one, providing an additional layer of security by placing public-facing services (e.g., web servers) in this intermediary zone. This setup ensures that if a public-facing service is compromised, the internal network remains secure. Huawei Firewall configuration steps confirm this zoning principle, making DMZ creation an explicit user-driven action .

When a Huawei firewall receives a packet that does not match any existing session table entry, it discards the packet. This is part of the default firewall policy, which ensures that unrecognized traffic is treated as a potential security risk and blocked. This behavior is vital for preventing unauthorized access and mitigating external attacks. The feature aligns with Huawei's default security strategies as detailed in their firewall operation manuals .

GRE (Generic Routing Encapsulation) is not a Layer 2 VPN technology. Instead, it is a Layer 3 tunneling protocol used to encapsulate a wide variety of network layer protocols inside point-to-point connections. GRE is commonly used for creating VPN tunnels across IP networks, allowing for the transport of various types of payloads. This misunderstanding about GRE being a Layer 2 technology contradicts its definition and typical application .

Secure access channels include protocols that encrypt the transmitted data to protect against interception or unauthorized access. HTTPS (HyperText Transfer Protocol Secure) ensures data encryption over web communications, while SFTP (Secure File Transfer Protocol) provides secure file transfer by utilizing SSH for data encryption. Telnet and SNMPv2, on the other hand, lack robust encryption and are considered insecure. Huawei security standards highlight the importance of encrypted communication to prevent data leaks .

For single-hop BFD (Bidirectional Forwarding Detection), the configuration must include the local and remote discriminators to uniquely identify the session endpoints. Additionally, enabling BFD globally is a prerequisite for initiating BFD sessions. Configuring multicast IP addresses is unnecessary for single-hop BFD, as it operates over direct links. Huawei's configuration guidelines specify these requirements to ensure effective deployment and operation of BFD.

* Understanding BFD (Bidirectional Forwarding Detection):

BFD is a protocol used to detect link faults quickly between two routers.

Single-hop BFD operates on directly connected links and is commonly used for fast fault detection in routing protocols like OSPF and BGP.

* Mandatory Configurations for Single-Hop BFD:

A . Configure the remote discriminator of a BFD session:

The remote discriminator is used to uniquely identify the BFD session at the remote end. This is essential for session establishment.

B . Configure the local discriminator of a BFD session:

The local discriminator uniquely identifies the BFD session at the local end. This is required to establish a BFD session.

D . Enable BFD globally:

BFD must be enabled globally on the router for the protocol to operate and for session configurations to take effect.

* Optional Configuration:

C . Configure a multicast IP address for BFD:

This is not required for single-hop BFD, as it operates over direct links using unicast communication. Multicast is used in other scenarios, like multi-hop BFD.

* Conclusion:

The correct configurations for single-hop BFD are A, B, and D.