Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Huawei > Huawei Certification > H12-725_V4.0

H12-725_V4.0 HCIP-Security V4.0 Exam Question and Answers

Question # 4

Which of the following statements is false about health check?

A.

Health check supports DNS detection protocols.

B.

In addition to link connectivity detection, health check can also detect the delay, jitter, and packet loss rate of links in real time.

C.

The health check function cannot be used together with PBR.

D.

Firewalls can detect network connectivity in real time based on the health check result.

Full Access
Question # 5

Which of the following statements is false about HTTP behavior?

A.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the block threshold, the system blocks the uploaded or downloaded file or POST operation.

B.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the alarm threshold, the system generates a log to notify the device administrator and block the behavior.

C.

You can set an alarm threshold and a block threshold to limit the size of the upload file if file upload is allowed.

D.

The POST method of HTTP is commonly used to send information to the server through web pages. For example, use this method when you post threads, submit forms, and use your username and password to log in to a specific system.

Full Access
Question # 6

Before configuring DDoS attack defense, you must configure different thresholds for defense against different types of attacks. Each threshold can be considered an upper limit for normal network traffic. When the rate of traffic exceeds the pre-configured threshold, the firewall considers it to be attack traffic and takes a corresponding action to defend against it.

A.

TRUE

B.

FALSE

Full Access
Question # 7

In SSL VPN, the firewall performs access authorization and control based on which of the following dimensions?

A.

Role

B.

MAC address

C.

Port number

D.

IP address

Full Access
Question # 8

SYN scanning requires a fully established TCP connection and is recorded in system logs.

A.

TRUE

B.

FALSE

Full Access
Question # 9

Which of the following is not a process for remote users to access intranet resources through SSL VPN?

A.

Resource access

B.

User authentication

C.

Access accounting

D.

User login

Full Access
Question # 10

Which of the following statements are true about SYN scanning attacks?(Select All that Apply)

A.

When the scanner sends a SYN packet, an RST response indicates a closed port.

B.

If the peer end does not respond to the SYN packet sent by the scanner, the peer host does not exist, or filtering is performed on the network or host.

C.

When the scanner sends a SYN packet, if the peer end responds with a SYN-ACK packet, the scanner then responds with an ACK packet to complete the three-way handshake.

D.

When the scanner sends a SYN packet, a SYN-ACK response indicates an open port.

Full Access
Question # 11

iMaster NCE-Campus has a built-in LDAP module that enables it to function as an LDAP server to interconnect with access devices through LDAP.

A.

TRUE

B.

FALSE

Full Access
Question # 12

When Eth-Trunk is deployed for the heartbeat links between firewalls, the Eth-Trunk interface can be configured as a Layer 2 interface as long as the total bandwidth of active links on the Eth-Trunk is greater than 30% of the bandwidth required by service traffic.

A.

TRUE

B.

FALSE

Full Access
Question # 13

Which of the following statements is false about RADIUS and HWTACACS?

A.

Both of them feature good flexibility and extensibility.

B.

Both of them use the client/server model.

C.

Both of them support authorization of configuration commands.

D.

Both of them use shared keys to encrypt user information.

Full Access
Question # 14

Which of the following is not a response action for abnormal file identification?

A.

Alert

B.

Block

C.

Allow

D.

Delete

Full Access
Question # 15

Trojan horses may disclose sensitive information of victims or even remotely manipulate victims' hosts, causing serious harm. Which of the following are the transmission modes of Trojan horses?(Select All that Apply)

A.

Attackers exploit vulnerabilities to break into hosts and install Trojan horses.

B.

A Trojan horse is bundled in a well-known tool program.

C.

The software downloaded from a third-party downloader carries Trojan horses.

D.

A Trojan horse masquerades as a tool program to deceive users to run the program on a host. Once the program is run, the Trojan horse is automatically implanted into the host.

Full Access
Question # 16

When an IPsec VPN is established in aggressive mode, AH+ESP can be used to encapsulate packets in NAT traversal scenarios.

A.

TRUE

B.

FALSE

Full Access
Question # 17

When gateways are connected using GRE over IPsec, the IPsec encapsulation mode must be tunnel mode.

A.

TRUE

B.

FALSE

Full Access
Question # 18

Network Access Control (NAC) is an end-to-end security control technology that works in combination with AAA to implement access authentication. Which of the following statements about NAC and AAA are true?(Select All that Apply)

A.

AAA is mainly used for interaction between users and access devices.

B.

NAC is mainly used for interaction between access devices and authentication servers.

C.

NAC provides three authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication.

D.

An AAA server controls network access rights of users through authentication, authorization, and accounting.

Full Access
Copyright myexamcollection.com. All Right Reserved.