H12-711-ENU Questions And Answers
$129
Exam Name: HCIA-Security(Huawei Certified ICT Associate -Security)
Updated: 2019-04-26
Q & A: 295
- Reviews
-
Danny VelardiApr 06,2019Test engine works fine. Pass my H12-711-ENU exam. Thank you.
-
Rosario LandoniApr 06,2019Test engine works fine. Pass my H12-711-ENU exam. Thank you.
-
Joey DickensonOct 17,2018Passed HCNA-Security H12-711 exam today. all the question are from this dump,so you can trust on it.
PassQuestion offers valid H12-711-ENU exam questions and answers to ensure you pass Huawei H12-711-ENU HCIA-Security(Huawei Certified ICT Associate -Security) exam.
Q1.Are all PassQuestion H12-711-ENU Q&As real?
PassQuestion H12-711-ENU Questions and answers are written by professional experts and valid for practice your exam.
Q2.How many questions in PassQuestion H12-711-ENU exam Q&As?
There are 295 Questions and answers which are all valid for real Huawei H12-711-ENU exam.
Q3.How can I check the status of H12-711-ENU payment?
Please enter the member center to check your status of payment.
Q4.What format can I get for PassQuestion H12-711-ENU Q&As?
Please understand, H12-711-ENU is PassQuestion special product. We only provide H12-711-ENU software to help you touch real H12-711-ENU exam environment. If do not know how to use PassQuestion software, just visit software page to get details.
Q5.How many pcs can I install my H12-711-ENU software?
You can install your H12-711-ENU software on two pcs. After you installed your H12-711-ENU software, it will appear you a serial, please copy the serial to us, we will generate a registration code for you. As a rule, we can offer you two registration codes to help you use H12-711-ENU software on two pcs.
Q6.Can I get free demo for checking before purchasing PassQuestion H12-711-ENU exam Q&As?
Yes, of course, please contact PassQuestion online chat or mail to get free demo questions.
Q7.What about the refund policy and how to get my refund?
PassQuestion offers valid H12-711-ENU questions and answers to ensure you pass, if failed, just scan your H12-711-ENU exam report to (mail), we will check and give you full refund in time.
Q8.What is the process of refund?
We refund to your Paypal account and your Paypal will get the refund immediately. If you pay with your credit card then your Paypal will credit the payment to your credit card in 7 working days.
Q9.What is the period of free update?
PassQuestion offers one-year free update. If you find the number of your version is different from ours, please contact us by online chat and mail. We will send you the update at once.
Q10.Where Can I Get H12-711-ENU Q&As After Completed Payment?
After you completed the payment, we will send the product to your mail in 10 mins in working time, 12 hours in non-working time. Never miss, please do not worry.
Working time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Question No : 1
Check firewall HRP status information as follows:
HRP_S [USG_B] display hrp
state
The firewall's config state is: Standby
Current state of virtual routers configured as standby
GigabitEthernet1/0/0 vrid 1: standby
GigabitEthernet1/0/1 vrid 2: standby
Which of the following description is correct?
A. the firewall VGMP group status is Active
B. the firewall G1/0/0 and G1/0/1 interface of VRRP group status is Standby
C. the firewall of HRP heartbeats interface is G1/0/0 and G1/0/1
D. the firewall must be in a state of preemption
HRP_S [USG_B] display hrp
state
The firewall's config state is: Standby
Current state of virtual routers configured as standby
GigabitEthernet1/0/0 vrid 1: standby
GigabitEthernet1/0/1 vrid 2: standby
Which of the following description is correct?
A. the firewall VGMP group status is Active
B. the firewall G1/0/0 and G1/0/1 interface of VRRP group status is Standby
C. the firewall of HRP heartbeats interface is G1/0/0 and G1/0/1
D. the firewall must be in a state of preemption
Answer: B
Question No : 2
Terminal security system supports Bluetooth, SD card and other computer peripherals monitoring function, and support configuration peripheral equipment prohibited.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 3
When ARP address resolution, ARP-REPLY packets sent by means of broadcast, hosts are able to receive on the same Layer 2 network , and thus learn the corresponding relations between the IP and MAC address.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: B
Question No : 4
USG state detecting firewall to view Session information as follows:
<USG > display firewall session table verbose
Current total sessions: 1
icmp VPN: public -- > public
Zone: trust -- > untrust Slot: 8 CPU: 0 TTL: 00:00:20 Left: 00:00:19
Interface: GigabitEthernet6/0/0 Nexthop: 107.255.255.10
<--packets: 134 bytes: 8040-- > packets: 134 bytes: 8040 107.229.15.100: 1280-- >
107.228.10.100:2048
Which of the following statement about above information are correct ? ( multiple choice)
A. In Trust area host 107.229.15.100 is visiting or have visited Untrust 107.228.10.100
B. the packet is VPN packet
C. the follow-up to the firewall packat,need to match the session table and firewall security policy
D. the outbound interface of forward direction flow is GigabitEthernet6/0/0
<USG > display firewall session table verbose
Current total sessions: 1
icmp VPN: public -- > public
Zone: trust -- > untrust Slot: 8 CPU: 0 TTL: 00:00:20 Left: 00:00:19
Interface: GigabitEthernet6/0/0 Nexthop: 107.255.255.10
<--packets: 134 bytes: 8040-- > packets: 134 bytes: 8040 107.229.15.100: 1280-- >
107.228.10.100:2048
Which of the following statement about above information are correct ? ( multiple choice)
A. In Trust area host 107.229.15.100 is visiting or have visited Untrust 107.228.10.100
B. the packet is VPN packet
C. the follow-up to the firewall packat,need to match the session table and firewall security policy
D. the outbound interface of forward direction flow is GigabitEthernet6/0/0
Answer: AD
Question No : 5
Huawei USG firewall VRRP HELLO packets for multicast packets, it requires each router in the backup group must be able to achieve directly two layer interflow.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 6
The address range of rule permit ip source 192.168.11.35 0.0.0.31 is :
A. 192.168.11.0-192.168.11.255
B. 192.168.11.32-192.168.11.63
C. 192.168.11.31-192.168.11.64
D. 192.168.11.32-192.168.11.64
A. 192.168.11.0-192.168.11.255
B. 192.168.11.32-192.168.11.63
C. 192.168.11.31-192.168.11.64
D. 192.168.11.32-192.168.11.64
Answer: B
Question No : 7
Wildcard mask and subnet mask formats are similar, but values have different meanings, in wildcard mask, 1 indicates that the corresponding IP address bits need to compare, 0 indicates that the corresponding IP address bits to ignore comparisons.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: B
Question No : 8
Which of the following does not belong to the AES secret key length?
A. 64
B. 128
C. 192
D. 256
A. 64
B. 128
C. 192
D. 256
Answer: A
Question No : 9
CA (Certificate Authority) certificate used for verifying the user's identity of virtual gateway when SSL communication connection is established, saved in the device side, issued by the CA institution.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 10
Which of following problems can use IPsec-IKE aggressive mode to solve ? (multiple choice)
A. negotiate slow problem on both ends of the tunnel
B. the security problems in the process of negotiation
C. NAT traversal problem
D. originator source address uncertainty problem
A. negotiate slow problem on both ends of the tunnel
B. the security problems in the process of negotiation
C. NAT traversal problem
D. originator source address uncertainty problem
Answer: CD
Question No : 11
ASPF technology enables the firewall to support multi-channel protocols such as FTP, at the same time can also formulate the corresponding security strategy for complex applications.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 12
Use NAT technology, can only switch the network layer information (IP address) in the data packet .
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: B
Question No : 13
About NAT £¬ which statement is correct?
A. NAT with port translation NAT address pool can be configured to achieve
B. NAT compatible with all IPsec security protocol
C. Because the FTP protocol is a multi-channel protocol, so it does not support NAT
D. NAT support TCP/IP two, three, four conversion
A. NAT with port translation NAT address pool can be configured to achieve
B. NAT compatible with all IPsec security protocol
C. Because the FTP protocol is a multi-channel protocol, so it does not support NAT
D. NAT support TCP/IP two, three, four conversion
Answer: A
Question No : 14
SVN products extend the network function, the need to implement the user can only access the remote enterprise Intranet, cannot access to the local LAN and the Internet, you need to use the client routing is:
A. Full Tunnel
B. Split Tunnel
C. Route Tunnel
D. Manual Tunnel
A. Full Tunnel
B. Split Tunnel
C. Route Tunnel
D. Manual Tunnel
Answer: A
Question No : 15
When you configure source NAT strategy, the configuration of destination area can be used to replace configuration flow outbound interface information .
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Rosario Landoni
Test engine works fine. Pass my H12-711-ENU exam. Thank you.
Joey Dickenson
Passed HCNA-Security H12-711 exam today. all the question are from this dump,so you can trust on it.
Danny Velardi