ITExamDownload

http://www.itexamdownload.com
Provide the latest exam dumps for you. Download the free reference for study
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : H12-711

Title : HCIA-Security V3.0

Vendor : Huawei

Version : DEMO

1 from Itexamdownload.com.
Get Latest & Valid H12-711 Exam's Question and Answers 1
http://www.itexamdownload.com/h12-711-valid-questions.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 According to the management specifications, the network security system and equipment are
regularly checked, the patches are upgraded, and the network security emergency response drill is
organized. Which of the following belongs to the MPDRR network security modes of the above
actions?
A. Protection link
B. Management link
C. Testing link
D. Response link
Answer: C,D

NO.2 Which of the following are key elements of information securityprevention? (Multiple choice)
A. Personnel
B. Security operation and management
C. Asset management
D. Security products and technologies
Answer: A,B,C,D

NO.3 Digital certificates can be divided into local certificates, CA certificates, root certificates, and
self-signed certificates according to different usage scenarios
A. False
B. True
Answer: B

NO.4 In the USG series firewall, you can use the______function to provide well-known application
services for non-known ports.
A. MAC and IP address binding
B. Port mapping
C. Packet filtering
D. Long connection
Answer: B

NO.5 Which of the following is the default backup method for double hot standby?
A. Manual batch backup
B. Configuration of the active and standby FWs after the device is restarted
C. Automatic backup
D. Session fast backup
Answer: C

NO.6 Which of the following are the main implementations of gateway anti-viru3? (Multiple choice)
A. Package inspection method
B. Stream scanning method
C. Agent scanning method
D. File killing method

2 from Itexamdownload.com.
Get Latest & Valid H12-711 Exam's Question and Answers 2
http://www.itexamdownload.com/h12-711-valid-questions.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Answer: B,C

NO.7 Which of the following attacks is not a malformed message attack?

A. ICMP unreachable packet attack
B. TCP fragment attack
C. Teardrop attack
D. Smurf attack
Answer: A

NO.8 The administrator wants to create a web configuration administrator, and set the Https device
management port number to 20000, and set the administrator to the administrator level, which of
the following commands are correct?
A. Stepl: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-
user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-
client001] level
1 [USG-aaa- manager-user-client001] password cipher Admin@123
B. Stepl: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-
user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-
client001] level
15 [USG-aaa- manager-user-client001] password cipher Admin@123
C. Stepl: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-
user client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa manager-user-
client001] password cipher
D. Stepl: web-manager enable port 20000 Step2. AAA View [USG] aaa [USG aaa] manager-user
clientO01 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-client001]
password cipher Admin@123
Answer: B

NO.9 Which of the following is not the scope of business of the National Internet Emergency Center?
A. Providing security evaluation services for government departments, enterprises and institutions
B. Early warning rotification of security incidents
C. Cooperate with other agencies to provide training services
D. Emergency handling of security incidents
Answer: C

NO.10 Which of the following is not part of the method used in the Detection section of the P2DR
model?
A. Real-time monitoring
B. Shut down the service
C. Testing
D. Alarm
Answer: D

NO.11 Which of the following are the hazards of traffic attacks? (Multiple choice)

3 from Itexamdownload.com.
Get Latest & Valid H12-711 Exam's Question and Answers 3
http://www.itexamdownload.com/h12-711-valid-questions.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

A. Data is stolen
B. Network paralysis
C. The page has been tampered with
D. Server downtime
Answer: B,D

NO.12 When configuring NAT Server on the LSG series firewall, the server-map table will be
generated. Which of the following does not belong in the table?
A. Destination port
B. Source IP
C. Destination IP
D. Agreement number
Answer: B

NO.13 Which of the following is not in the quintuple range?

A. Destination port
B. Source IP
C. Source MAC
D. Destination IP
Answer: C

NO.14 Which of the following operations are necessary during theadministrator upgrade of the USG
firewall software version? (Multiple Choice)
A. Device factory reset
B. Restart the device
C. Specify the next time you start loading the software version.
D. Upload the firewall version software
Answer: B,C,D

NO.15 NAPTtechnology can implement a public network IP address for multiple private network
hosts
A. False
B. True
Answer: B

NO.16 Which of the following statements about Client-Initiated VPN is correct? (Multiple choice)
A. Only one L2TP session and PPP connection are carried in each tunnel.
B. Each tunnel carries multiple L2TP sessions and PPP connections.
C. A tunnel is established between each access user and the LNS.
D. Each tunnel carries multiple L2TP sessions and one PPP connection.
Answer: A,C

NO.17 As shown in the figure, a NAT server application scenario isconfigured when the web

4 from Itexamdownload.com.
Get Latest & Valid H12-711 Exam's Question and Answers 4
http://www.itexamdownload.com/h12-711-valid-questions.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

configuration mode is used

Which of the following statements are correct"? (Multiple choice)

A. When configuring NAT Server, the internal address is 10 1.1 2 and the external address is
200.10.10.1.
B. When configuring NAT Server, the internal address is 200.10.10.1 and the external address is
10.1.1.2.
C. When configuring an interzone secunty policy, set the source security zone to DMZ and the target
secunty zone to Untrust.
D. When configuring an interzone secunty policy, set the source security zone to Untrust and the
target security zone to DMZ
Answer: A,D

NO.18 The VRRP advertisement packet of the Huawei USG firewall is a multicast packet. Therefore,
each firewall in the backup group must be able to implement direct Layer 2 interworking
A. False
B. True
Answer: B

NO.19 Which of the following is correct for the command to view the number of security pclicy
matches?
A. display firewall sesstiontable
B. display security-policy count
C. display security-policy all
D. count security-policy hit
Answer: C

NO.20 In practical applications, asymmetric encryption is mainly used to encrypt user data
A. True
B. False
Answer: B

5 from Itexamdownload.com.
Get Latest & Valid H12-711 Exam's Question and Answers 5
http://www.itexamdownload.com/h12-711-valid-questions.html