最新的Huawei Specialist認證 H12-731-ENU考試題庫

問題1

A customer network topology is shown in the figure.

An LZTP tunnel is established between the PC and the FW, with the PC as the client and the FW as the LNS side. After the administrator completes the configuration, it is found that the L2TP tunnel cannot be established successfully.
Execute the command debug l2tp packet in the user view to enable the debug switch, and see the following debug information:
USG %%01L2TP/8/L2TDBG (d): L2TP::Check SCCRQ MSG Type 1
USG %%01L2TP/8/L2TDBG (d): L2TP::Parse AVP Protocol version: 100
USG %%01L2TP/8/L2TDBG (d): L2TP::Parse AVP Framing capability: 1
USG %%01L2TP/8/L2TDBG (d): L2TP::Parse AVP Bearer capability, value: 0
USG %%01L2TP/8/L2TDBG (d): L2TP::Parse AVP Firmware revision, value: 1200
USG %%01L2TP/8/L2TDBG (d): L2TP::Parse AVP Host name, value: maple-54b160e59
USG %%01L2TP/8/L2TDBG (d): L2TP::requested Host isn't in the define l2tp group, refuse the requested
USG %%01L2TP/8/L2TDBG (d): L2TP::Clear Calls On Tunnel ID=1 Reason=1
Based on the above information, which failure analysis option is correct?

A. L2TP Group tunnel authentication failed

B. Client LNS IP address configuration error

C. LNS remote tunnel name configuration is incorrect

D. The Virtual Template interface is not added to the security domain

正確答案: C

問題2

If you use a mobile terminal (Android or Apple system) to access intranet resources through a web proxy, which of the following methods should be recommended?

A. Only use web link

B. Such mobile phones cannot access intranet resources through web proxy at all

C. can only be rewritten using the web

D. can be rewritten using web link or web

正確答案: C

問題3

In Portal authentication, what Portal parameters must be configured on the switch?

A. shared-key

B. Portal protocol version

C. Portal server IP

D. Portal page URL

E. The port number on which the device listens for Portal protocol packets

正確答案: A,C,D

問題4

Which of the following statements about hot standby is correct?

A. The preemption operation is always started only after the failure recovery or the restart of the primary USG is completed.

B. hrp auto-sync config , which will manually back up the commands configured on the primary USG to the secondary USG.

C. The vrrp vrids of the interfaces corresponding to the heartbeat lines on the two USGs may be different.

D. If the preemption time is set too long, the switch operation will not be performed immediately when the USG fails.

正確答案: A

問題5

As shown in the figure, which illustrates the negotiation process of IPsec, which of the following descriptions are correct?

A. This process is an IKEv2 negotiation process.

B. The red boxed part is the EAP authentication process.

C. The red box is a mandatory negotiation process

D. ①② Refers to the two parties negotiating the data flow to be protected and the IPsec security proposal.

正確答案: A,B

問題6

When the NAT address pool is used on the firewall, if the address of the NAT address pool is not in the same network segment as the IP of the outgoing interface of the external network, a route to the address pool needs to be configured on the next-hop router.

A. TRUE

B. FALSE

正確答案: A

問題7

According to the following networking, a customer uses the BGP traffic diversion policy route back injection method. Which of the following configurations must be configured on the cleaning device?

A. firewall ddos bgp-next-hop fib-filter

B. firewall ddos bgp-next-hop 10.1.3.1

C. interface GigabitEthernet2/0/2 anti-ddos flow-statistic enable

D. ip route-static 0.0.0.0 0 10.1.3.1

正確答案: B

問題8

In the abnormal traffic cleaning scheme, re-injection refers to sending the cleaned normal traffic back to the original link, and then forwarding it to the protection object.
In order to configure simple, and there are multiple back-injection interfaces, what specific back-injection technology implementations are required?

A. GRE Remarks

B. Policy route back annotation

C. MPLS LSP back note

D. Static route back annotation

正確答案: B

問題9

When configuring an IKE proposal, which of the following three parameters must be configured?

A. security acl

B. DH-group

C. Hash algorithm

D. encryption algorithm

E. PFS

正確答案: B,C,D

問題10

For the admission control of the existing wired network, the SACG authentication scheme is recommended. What are the advantages?

A. Fault escape can be achieved with proper policy configuration.

B. Can support all types of terminals.

C. No need to change the existing network topology.

D. Client installation is not required.

正確答案: A,C

問題11

What are the methods for firewalls to diagnose forwarding faults?

A. Packet loss statistics based on 5-tuple

B. View session table

C. Debug IP Packet

D. message missing

E. Statistics of detailed packet loss classification

正確答案: A,C,D

問題12

For internal network security, which of the following options are recommended for planning deployment priorities?

A. Physical separation of computing network and storage network

B. Firewall and switch virtualization to achieve business isolation

C. Enable DDoS function

D. Application three-tier architecture plane isolation

E. Enable NAT function

正確答案: A,B,D

最新的Huawei HCIE-Security (Huawei Certified Internetwork Expert-Security) - H12-731-ENU免費考試真題

最新更新

站內鏈接

聯系我們