H12-721 Exam Dumps - HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)
The ip-link sends a probe packet to the specified IP address. By default, after 3 probe failures, the link to this IP address is considered faulty.
Based on the following information analysis on the firewall, which of the following options are correct?
DDoS is an abnormal packet that an attacker sends a small amount of non-traffic traffic to the attack target (usually a server, such as DNS or WEB) through the network, so that the attacked server resolves the packet when the system crashes or the system is busy.
About load balancing, the following configuration is available: [USG] slb enable [USG]slb [USG-slb] rserver 1 rip 10.1.1.3 weight 32 [USG-slb] rserver 2 rip 10.1.1.4 weight 16 [USG-slb] rserver 3 rip 10.1.1.5 weight 32 [USG-slb] group test [USG-slb-group-test]metric srchash [USG-slb-group-test] add rserver 1 [USG-slb-group-test] add rserver 2 [ USG-slb-group-test] add rserver 3 Which of the following statements is correct?
The management control information and service information of the out-of-band management interface are sent on the same channel.
In the hot standby scenario, what is the correct statement about the primary and backup backups?
Run the display ike sa command to check the IKE SA information. The following statement is correct?
The console port password can be restored to the factory settings by pressing and holding the USG device Reset button for 1-3 seconds.
The malformed packet attack technology uses some legitimate packets to perform reconnaissance or data detection on the network. These packets are legal application types, but only normal network packets are rarely used.
The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?
The enterprise network is as shown in the figure. On the USG_A and USG_B, hot standby is configured, and USG_A is the master device. The administrator wants to configure SSL VPN on the firewall so that branch employees can access the headquarters through SSL VPN. Which virtual gateway address should the SSL VPN be?
In the client-initial mode, the L2TP dialup fails. From the debug information below, it can be seen that the most likely cause is the dialup failure.
The hot standby and IPSec functions are combined. Which of the following statements is correct?
USG dual-machine hot standby must meet certain conditions and can be used below. What are the following statements correct?
An administrator can view the IPSec status information and Debug information as follows. What is the most likely fault?
Which of the following methods is used to switch between active and standby links in the IPSec backup and backup system?
Which of the following encryption methods does IPSec VPN use to encrypt communication traffic?
A user wants to limit the maximum bandwidth of the 192.168.1.0/24 network segment to 500M, and limit all IP addresses in the network segment to maintain a bandwidth of 1M. How should I configure a current limiting policy for this requirement?
The firewall device defends against the SYN Flood attack by using the technology of source legality verification. The device receives the SYN packet and sends the SYN-ACK probe packet to the source IP address host in the SYN packet. If the host exists, it will Which message is sent?
On the USG, you need to delete sslconfig.cfg in the hda1:/ directory. Which of the following commands can complete the operation?
A network is as follows: The l2tp vpn is established through the VPN Client and the USG (LNS). What are the reasons for the dialup failure?
The server health check mechanism is enabled on the USG firewall of an enterprise to detect the running status of the back-end real server (the three servers are Server A, Server B, and Server C). When the USG fails to receive the response from Server B multiple times. When the message is received, Server B will be disabled and the traffic will be distributed to other servers according to the configured policy.
The topology diagram of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 [USG9000_A-bfd session-aa] commit [USG9000_A-bfd session-aa] quit What are the correct statements about this segment?
The topology of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 Which of the following configurations can be added to the firewall to implement BFD-bound static routes?
With regard to the Radius agreement, what are the following statements correct?
The HRP technology can implement the standby firewall without any configuration information. All the configuration information is synchronized by the main firewall to the standby firewall through HRP, and the configuration information is not lost after the restart.
Which of the following configurations is mandatory when the IKE peer needs to be referenced to the IPSec policy template in the divquarters-branch-based IPSec VPN network (pre-shared key + traversal NAT)?