• Home
  • Articles
  • Updated Jan 23, 2022 Test Engine to Practice Test for H12-721 Valid and Updated Dumps [Q69-Q87]

Updated Jan 23, 2022 Test Engine to Practice Test for H12-721 Valid and Updated Dumps [Q69-Q87]

Share

Updated Jan 23, 2022 Test Engine to Practice Test for H12-721 Valid and Updated Dumps

Exam Questions for H12-721 Updated Versions With Test Engine

NEW QUESTION 69
For the FireHunter 6000 Sandbox to detect files transmitted on the network in a virtual environment, which of the following file types can be detected? (Multiple choice)

  • A. Staff's game account
  • B. MP4 file
  • C. word file or PDF document
  • D. Web page content, such as JavaScript, Flash, Java Applet, etc.

Answer: C,D

 

NEW QUESTION 70
Which of the following is correct about IKE? (Multiple choices)

  • A. IPSec use IKE negotiation SA to encrypt or verify packets.
  • B. IKE negotiates security associations for IPSec and sends the established parameters and security associations to IPSec.
  • C. IKE is a protocol carried by UDP and is the signaling protocol of IPSec.
  • D. IPSec must use IKE for key exchange

Answer: A,B,C

 

NEW QUESTION 71
In IP-link, how many successive packets must not be recived for it to be considered a failure, by default?

  • A. 3 times
  • B. 5 times
  • C. 1 times
  • D. 2 times

Answer: A

 

NEW QUESTION 72
USG remote capture device configuration functions in a way that the device can grab packets downloaded to the device. Users can download to a local service via FTP and use Firewall Packetyzer to analyze packet.

  • A. FALSE
  • B. TRUE

Answer: B

 

NEW QUESTION 73
Which of the following encryption methods does IPSec VPN use to encrypt communication traffic?

  • A. private key encryption
  • B. public key encryption
  • C. pre-shared key encryption
  • D. symmetric key encryption

Answer: D

Explanation:
Explanation
Note: IKE V1 Phase 1 mainly negotiates the following three tasks: First, negotiate the parameters used to establish IKE SA: encryption algorithm, integrity verification algorithm, identity authentication method and authentication word, DH group, IKE SA life cycle, etc. . These parameters are defined in the IKE security proposal. The second is to use the DH algorithm to exchange information related to the key (the material for generating various keys), and the peer devices can use each of the key information to generate a symmetric key for ISAKMP message encryption and verification. The third is to verify each other's identity and use a pre-shared key or digital certificate to verify identity.

 

NEW QUESTION 74
IPSec NAT traversal does not support IKE main mode, aggressive mode IP address + pre-shared key mode authentication, because pre-shared key mode authentication needs to extract the source IP address in the IP address to find the pre-shared key corresponding to this address. . The address change caused by the presence of NAT prevents the device from finding the pre-shared key.

  • A. FALSE
  • B. TRUE

Answer: B

 

NEW QUESTION 75
The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 76
Which statement is correct regarding the IP address scanning attack prevention principle?
(Choose three answers)

  • A. In an IP address scanning attack, the attacker attacks using TCP / UDP packets to detect the target address.
  • B. In an IP address scanning attack, prevention is done by detecting the address of a host of behavioral scanning rate, if the rate exceeds the threshold value, and add it to the blacklist.
  • C. IP address scanning attack attacker attacks using ICMP packets (such as Ping and Tracert command) to detect the target address.
  • D. If the USG open blacklist function, and the associated IP address scanning attack prevention, a source when the scan rate exceeds the set value elaborated beyond the threshold will be discarded packets within the follow-up time for this issue as long as the source is less than threshold can also be forwarded.

Answer: A,B,C

 

NEW QUESTION 77
When the firewall works in the dual-system hot backup load balancing environment, if the upstream and downstream routers are working in the routing mode, you need to adjust the OSPF cost based on HRP.

  • A. FALSE
  • B. TRUE

Answer: A

Explanation:
Explanation
Note: When dual-system hot backup load balancing is configured, the upstream and downstream routers are configured with equal-cost routes, and no HRP OSPF cost is required. When the dual-system hot standby network is deployed, the standby firewall automatically adds a COST value when it routes routes to the outside (the default is 65500).

 

NEW QUESTION 78
Below for USG dual-system hot backup typical application scenario. USG_A is the master device. USG_B is the standby device. The VRRP backup group and heartbeat interfaces have been configured. GE2/0/0 and GE 2/0/1 on firewall A joined the link-group 1.

Which of the following statement is correct? (Multiple Choice)

  • A. After GE 2/0/1 failure is restored, USG_A functions as a standby device of USG_B.
  • B. When GE2/0/1 of firewall A experiences a physical line fault, the link status of GE2/0/0 on USG_A is down and the physical interface indicator is on.
  • C. After the fault is restored, when the firewall detects that both GE2/0/0 and GE2/0/1 are in the Up state, the USG_A state is switched to master.
  • D. If GE2/0/2 is also added to link-group 1, when GE2/0/1 of firewall A experiences a physical line fault, the backup of the active and standby device information will be interrupted.

Answer: C,D

 

NEW QUESTION 79
Comparing URPF strict mode and loose mode, which of the following statement is incorrect?

  • A. Loose mode does not check whether the interface matches the source address of the packet as long as the existence of the USG's FIB table, packets can be passed.
  • B. Under a symmetrical environment, it is recommended to use the route URPF strict mode.
  • C. If using strict mode, the source address of the packet in the FIB USG does not exist, but the situation has configured a default route and doing allow-default-route, the packet will pass the URPF check for normal forwarding.
  • D. Strict mode requires not only the presence of the corresponding entries in the forwarding table also called the interface but it must match in order to pass the URPF check.

Answer: C

 

NEW QUESTION 80
An enterprise deploys the Huawei USG6000 series firewall on the network. Users must log in to the firewall through Telnet or SSH. Each command entered by the user must be authorized by the server.
Which of the following authentication methods can meet the requirements?

  • A. AD
  • B. Radius
  • C. LDAP
  • D. HWTACACS

Answer: D

 

NEW QUESTION 81
When the user's SSL VPN has been successfully authenticated, the user cannot access the Web-link resource.
On the Web server, view the information as follows: netstat -anp tcp With the following information, which of the following statements is correct?

  • A. intranet server does not open web service
  • B. The connection between the virtual gateway and the intranet server is incorrect.
  • C. virtual gateway policy configuration error
  • D. Virtual gateway and intranet server are unreachable

Answer: A

 

NEW QUESTION 82
Which of the following is the role of Message5 and Message6 in the primary mode negotiation of IKE v1?

  • A. Negotiating IPSec SA
  • B. Run the DH algorithm
  • C. Doing mutual authentication
  • D. Negotiation proposal set

Answer: C

 

NEW QUESTION 83
In the path selection method based on the link priority master/backup, if overload protection is not enabled, what happens when the link on the primary link is congested?

  • A. The standby link is not enabled and the primary link continues to forward traffic.
  • B. Automatically enable the standby link to share the traffic.
  • C. The traffic is distributed to the backup link according to the default overload protection threshold.
  • D. The active and standby links share the traffic according to the priority ratio of the link.

Answer: A

 

NEW QUESTION 84
In dual-system hot backup, the backup channel must be the main interface on the interface board. Which type is not supported?

  • A. GigabitEthernet
  • B. vlan-if
  • C. E1
  • D. Ethernet

Answer: C

 

NEW QUESTION 85
Which of the following attack types includes CC attacks??

  • A. Based system vulnerabilities
  • B. Scanning and snooping attack
  • C. Denial of Service Attack
  • D. Malformed packet attacks

Answer: C

 

NEW QUESTION 86
What algorithm can be used for session maintenance?

  • A. The minimum connection algorithm
  • B. Source IP hash algorithm
  • C. Simple Round-Robin algorithm
  • D. Weighted Round-Robin algorithm

Answer: B

 

NEW QUESTION 87
......


Huawei H12-721 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Principle Of Firewall Bandwidth Management
  • Principles Of Intelligent Routing
  • Network Security Device Management
Topic 2
  • Ipsec VPN Technology And Application
  • SSL VPN Technology And Application
  • Firewall High Availability
Topic 3
  • Network Security Device Unified Operation And Maintenance
  • Firewall Intelligent Routing
Topic 4
  • Network Security Device Management, Device Log Analysis
  • Principles Of SLB Technology
Topic 5
  • Firewall Intelligent Routing
  • Firewall Intelligent Routing
  • Eth-Trunk Technology
  • Link-Group Technology
Topic 6
  • Server Load Balancing
  • IP-Link Technology
  • SLB Deployment
  • Network Security
  • BFD Technology

 

H12-721 Exam Dumps - Free Demo & 365 Day Updates: https://www.actual4dumps.com/H12-721-study-material.html

Related Articles

more
Huawei H12-721 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Actual4Dumps doesn't offer Real SAP Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4Dumps material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4Dumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4Dumps does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4Dumps does not own or claim any ownership on any of the brands.