H12-711 HCIA-Security certification is located in the basic configuration and maintenance of information security solutions for small and medium-sized enterprises. Passquestion new updated the latest HCIA-Security H12-711 questions and answers to help you best prepare for your Huawei Certified ICT Associate - Constructing Basic Security Network exam successfully.

With HCIA-Security certification, it will prove that you have a preliminary understanding of the basic knowledge of small and medium-sized network information security, Huawei firewall technology, encryption and decryption technology, information security system operation and maintenance, and have the ability to assist in the design of small and medium-sized enterprise security network architecture and deployment and maintenance of the corresponding solutions.

H12-711 HCIA-Security-CBSN Exam Outline

H12-711 HCIA-Security-CBSN Exam Content
The HCIA-Security-CBSN exam covers network security basis, firewall basis such as package filter, NAT, etc. and VPN technologies such as IPSec, SSL etc., as well as their implementation in Huawei firewall products, firewall user management technology, UTM technology and implementation, and also terminal security with security policy configurations.
 
H12-711 HCIA-Security-CBSN Knowledge points
Firewall
1).Basic principles of network security.
2).Firewall classicfications, work mode, security zone, basic features and configuration.
3).Package filter technology and configuration on interface and between zones, ACL application and configuration.
4).Different types of NAT technologies and configurations, such as NAT based on source IP, NAT based on target IP, NAT between or inside zones, bidirection NAT, NAT server, target NAT.
5).Firewall dual-system hot backup technologies and configurations.
6).Firewall user management, user authentication, AAA concept.
7).VLAN technologies, WLAN technologies, WAN interface features.
VPN
1).VPN basic principles, classifications and encryption technology.
2).L2TP principles, Client-Initialized L2TP, NAS-Initialized L2TP.
3).GRE principles and configurations.
4).IPSec basic principles, AH principles, ESP principles, IKEprinciples, IPSec configurations.
5).SSL principles, Virtual gateway concept and configurations, Web proxy configurations, file sharing configurations, port forwarding configurations, network extention configurations.
UTM Technology
1).UTM concept, firewall UTM features and configurations.
Terminal Security
1).Concept, deployment and policy configurations of terminal security.

Share part of real HCIA-Security H12-711 questions and answers:

1. Which of the following is correct about firewall IPSec policy?
A. By default, IPSec policy can control unicast packets and broadcast packets.
B. By default, IPSec policy can control multicast.
C. By default, IPSec policy only controls unicast packets.
D. By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets.
Answer: C

2. Which of the following information will be encrypted during the use of digital envelopes? (Multiple Choice)
A. Symmetric key
B. User data
C. Receiver public key
D. Receiver private key 
Answer: AB

3. Which of the following is an action to be taken during the eradication phase of the cybersecurity emergency response? (Multiple Choice)
A. Find sick Trojans, illegal authorization, system vulnerabilities, and deal with it in time
B. Revise the security policy based on the security incident that occurred, enable security auditing
C. Block the behavior of the attack, reduce the scope of influence
D. Confirm the damage caused by security incidents and report security incidents 
Answer: AB

4. Which of the following attacks can DHCP Snooping prevent? (Multiple Choice)
A. DHCP Server counterfeiter attack
B. Intermediaries and IP/MAC spoofing attacks
C. IP spoofing attack
D. Counterfeit DHCP lease renewal packet attack using option82 field 
Answer: ABCD

5. Which of the following belongs to the devices at the execution layer in the Huawei SDSec solution? (Multiple Choice)
A. CIS
B. Fierhunter
C. Router
D. AntiDDoS 
Answer: BCD

6. A company employee account authority expires, but can still use the account to access the company server.
What are the security risks of the above scenarios? (Multiple Choice)
A. Managing security risk
B. Access security risk
C. System security risk
D. Physical security risk 
Answer: ABC

7. Which of the following is the default backup method for double hot standby?
A. Automatic backup
B. Manual batch backup
C. Session fast backup
D. Configuration of the active and standby FWs after the device is restarted 
Answer: A

8. The network administrator can collect data to be analyzed on the network device by means of packet capture, port mirroring, or log, etc.
A. True
B. False 
Answer: A

9. Which of the following are the necessary configurations of IPSec VPN? (Multiple Choice)
A. Configuring IKE neighbors
B. Configure IKE SA related parameters
C. Configuring IPSec SA related parameters
D. Configure the stream of interest 
Answer: ABCD

10. Which of the following types are included in Huawei firewall user management? (Multiple Choice)
A. Internet user management
B. Access user management
C. Administrator User Management
D. Device User Management 
Answer: ABC