H12-711 Questions And Answers
$129
Exam Name: HCNA-Security-CBSN(Constructing Basic Security Network)
Updated: 2019-01-16
Q & A: 295
- Reviews
-
Joey DickensonOct 17,2018Passed HCNA-Security H12-711 exam today. all the question are from this dump,so you can trust on it.
-
Virgil YaxOct 08,2018Passed HCNA-Security H12-711 exam today. all the question are from this dump,so you can trust on it.
PassQuestion offers valid H12-711 exam questions and answers to ensure you pass Huawei H12-711 HCNA-Security-CBSN(Constructing Basic Security Network) exam.
Q1.Are all PassQuestion H12-711 Q&As real?
PassQuestion H12-711 Questions and answers are written by professional experts and valid for practice your exam.
Q2.How many questions in PassQuestion H12-711 exam Q&As?
There are 295 Questions and answers which are all valid for real Huawei H12-711 exam.
Q3.How can I check the status of H12-711 payment?
Please enter the member center to check your status of payment.
Q4.What format can I get for PassQuestion H12-711 Q&As?
Please understand, H12-711 is PassQuestion special product. We only provide H12-711 software to help you touch real H12-711 exam environment. If do not know how to use PassQuestion software, just visit software page to get details.
Q5.How many pcs can I install my H12-711 software?
You can install your H12-711 software on two pcs. After you installed your H12-711 software, it will appear you a serial, please copy the serial to us, we will generate a registration code for you. As a rule, we can offer you two registration codes to help you use H12-711 software on two pcs.
Q6.Can I get free demo for checking before purchasing PassQuestion H12-711 exam Q&As?
Yes, of course, please contact PassQuestion online chat or mail to get free demo questions.
Q7.What about the refund policy and how to get my refund?
PassQuestion offers valid H12-711 questions and answers to ensure you pass, if failed, just scan your H12-711 exam report to (mail), we will check and give you full refund in time.
Q8.What is the process of refund?
We refund to your Paypal account and your Paypal will get the refund immediately. If you pay with your credit card then your Paypal will credit the payment to your credit card in 7 working days.
Q9.What is the period of free update?
PassQuestion offers one-year free update. If you find the number of your version is different from ours, please contact us by online chat and mail. We will send you the update at once.
Q10.Where Can I Get H12-711 Q&As After Completed Payment?
After you completed the payment, we will send the product to your mail in 10 mins in working time, 12 hours in non-working time. Never miss, please do not worry.
Working time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Question No : 1
About NAT configuration "easy IP" argument, which of the following description is correct?
A. easy IP can not be applied in pat scenarios
B. configure NAT strategy directly into the interface IP address
C. easy IP address for the purpose of converting the scenes
D. easy IP can be used simultaneously with the address-group
A. easy IP can not be applied in pat scenarios
B. configure NAT strategy directly into the interface IP address
C. easy IP address for the purpose of converting the scenes
D. easy IP can be used simultaneously with the address-group
Answer: B
Question No : 2
Which of the following statement about firewall shard cache function are correct? ( multiple choice)
A. after configuring fragmentation packet directly forwarding function , firewall does not cache fragmentation packets
B. after configuring fragmentation packet directly forwarding function, for fragmentation packet which is not the first piece of fragmented packets, the firewall will forwarding based on inter-domain filtering policy
C. fragmented packets will create the session table, also can find the session table when forwarding
D. not the first piece of fragment packets, since there is no port number, so fragmented packets directly forwarding function can not generally be used in a NAT environment
A. after configuring fragmentation packet directly forwarding function , firewall does not cache fragmentation packets
B. after configuring fragmentation packet directly forwarding function, for fragmentation packet which is not the first piece of fragmented packets, the firewall will forwarding based on inter-domain filtering policy
C. fragmented packets will create the session table, also can find the session table when forwarding
D. not the first piece of fragment packets, since there is no port number, so fragmented packets directly forwarding function can not generally be used in a NAT environment
Answer: AD
Question No : 3
When an enterprise in the deployment of the network boundary firewall, configured the NAT Server source NAT, OSPF routing, and related security policy, when the data reaches the firewall, the firewall processing sequence is :
A. OSPF Routing> Security Policy> Source NAT> NAT Server
B. Security Policy> Source NAT> NAT Server> OSPF Routing
C. Source NAT> OSPF Routing> Security Policy> NAT Server
D. NAT Server> OSPF Routing> Security Policy> Source NAT
A. OSPF Routing> Security Policy> Source NAT> NAT Server
B. Security Policy> Source NAT> NAT Server> OSPF Routing
C. Source NAT> OSPF Routing> Security Policy> NAT Server
D. NAT Server> OSPF Routing> Security Policy> Source NAT
Answer: D
Question No : 4
Typical remote authentication mode are :( multiple choice)
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Answer: AC
Question No : 5
Web redirection password authentication function, only the user for the purpose of the port is 80 HTTP business visit, the system only support the "Redirect" to the authentication page for session authentication.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: B
Question No : 6
Which of the following does not belong to UTM (Unified Threat Management) function?
A. IPS intrusion defense
B. Internet behavior management
C. Terminal security management
D. AV gateway anti-virus
A. IPS intrusion defense
B. Internet behavior management
C. Terminal security management
D. AV gateway anti-virus
Answer: C
Question No : 7
Which of the following items does the five elements of terminal security system not include?
A. Identity authentication
B. Business isolation
C. Safety certification
D. Business authorization
A. Identity authentication
B. Business isolation
C. Safety certification
D. Business authorization
Answer: B
Question No : 8
For MAC address spoofing attack, which description is error?
A. MAC address spoofing attack mainly use the switch MAC address learning mechanism.
B. attacker can fake the source Mac address of the data frame is sent to the switch to implement MAC spoofing attack
C. MAC address spoofing attack can cause switches to learn the wrong MAC address and IP address mapping relationship
D. MAC address spoofing attacks can cause the switch data is sent to the correct destination to be sent to the attacker
A. MAC address spoofing attack mainly use the switch MAC address learning mechanism.
B. attacker can fake the source Mac address of the data frame is sent to the switch to implement MAC spoofing attack
C. MAC address spoofing attack can cause switches to learn the wrong MAC address and IP address mapping relationship
D. MAC address spoofing attacks can cause the switch data is sent to the correct destination to be sent to the attacker
Answer: C
Question No : 9
Firewall Gateway Anti-Virus Response includes alerting and blocking, the way in which the alarm device only generates a log, sent out without processing on HTTP protocol to transmit the document: blocking the way equipment is disconnected from the HTTP server and block files, push Web pages to the client and generates logs.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 10
SSL VPN which can through the following ways for access control to the user.(multiple choice)
A. IP
B. MAC
C. PORT
D. URL
A. IP
B. MAC
C. PORT
D. URL
Answer: ACD
Question No : 11
When configuring firewall security level of security zone , which description is wrong?
A. The new security zone, the system default security level is 1
B. can only set the security level for the custom security zones
C. Once you set the security level, is not allowed to change
D. In the same system, two security zones do not allow to configure the same level of security
A. The new security zone, the system default security level is 1
B. can only set the security level for the custom security zones
C. Once you set the security level, is not allowed to change
D. In the same system, two security zones do not allow to configure the same level of security
Answer: A
Question No : 12
In VRRP (Virtual Router Redundancy Protocol), the master router periodically sends notification message(HELLO) to the backup router, the backup router is only responsible for monitoring notification message, not to respond.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 13
Symmetric encryption algorithm encryption key and decryption key are the same, asymmetric encryption algorithm encryption key and decryption key are not the same. IPsec in business data encryption and decryption use symmetric encryption algorithm.
A. TRUE
B. FALSE
A. TRUE
B. FALSE
Answer: A
Question No : 14
About terminal security system deployment, which description is error?
A. The main characteristics of centralized deployment can be based on management terminal number, such as choice of SM, SC, database components installed on the same server.
B. terminal relatively concentrated in a few areas, and between regions is relatively small bandwidth of recommended distributed network
C. Terminal size is quite large, you can consider to use the centralized network deployment, avoid a large number of terminal access to the terminal server security, take up a lot of network bandwidth.
D. distributed deployment, security agents to choose the nearest terminal security control server SC, to obtain authentication and access control, and other business
A. The main characteristics of centralized deployment can be based on management terminal number, such as choice of SM, SC, database components installed on the same server.
B. terminal relatively concentrated in a few areas, and between regions is relatively small bandwidth of recommended distributed network
C. Terminal size is quite large, you can consider to use the centralized network deployment, avoid a large number of terminal access to the terminal server security, take up a lot of network bandwidth.
D. distributed deployment, security agents to choose the nearest terminal security control server SC, to obtain authentication and access control, and other business
Answer: C
Virgil Yax
Passed HCNA-Security H12-711 exam today. all the question are from this dump,so you can trust on it.
Joey Dickenson