Huawei H12-711_V4 0-ENU Exam Updated Dumps

Text Material Preview

H12-711_V4.0-ENU
Exam Name: HCIA-Security V4.0 Exam
Full version: 943 Q&As
Full version of H12-711_V4.0-ENU Dumps
Share some H12-711_V4.0-ENU exam dumps
below.
1. When IPsec VPN uses transport mode to encapsulate packets, which of the following is not
within the certification scope of the ESP security protocol?
A. ESP Header
B. IP Header
 1 / 38
https://www.certqueen.com/H12-711_V4.0-ENU.html
C. ESP Iail
D. ICP Header
Answer: B
2. Supervision and inspection
Which one is the correct order?
A. 2-1-3-4-5
B. 4-2-1-3-5
C. 3-2-1-4-5
D. 1-2-3-4-5
Answer: A
3. When configuring NAT Server on the USG series firewall, a server-map table will be
generated. Which of the following does not belong to the content of this performance?
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Answer: D
4. Regarding the description of ARP spoofing attack, which of the following is incorrect?
A. The ARP implementation mechanism only considers normal business interactions and does
not perform any verification on abnormal business interactions or malicious behaviors.
B. ARP spoofing attacks can only be achieved through ARP replies and cannot be achieved
through ARP requests.
C. When a host sends a normal ARP request, the attacker will respond first, causing the host to
establish an incorrect IP and MAC mapping relationship.
D. ARP static binding is a solution to ARP spoofing attacks. It is mainly used in scenarios where
the network size is small.
Answer: B
5. SSL VPN routing mode determines the route of messages sent by customers. In () mode, no
matter what resource is accessed, the data will be intercepted by the virtual network card and
forwarded to the virtual gateway for processing.
Answer: Full routing
 2 / 38
6. By default, in the description of setting the administrator password for the firewall device,
which items are correct? (Multiple Choice)
A. The password is in the form of a string, and the length range is 8 to 64
B. The password cannot contain more than two consecutive identical characters.
C. Password needs to contain special characters
D. Require the administrator to change the password after logging in for the first time
Answer: CD
7. Please classify the following access control types correctly.
Answer:
Logical/technical access control - authentication method (password, etc.), encryption, ACL, etc.
Administrative access control - employee guidelines, security awareness and training, personnel
control and testing, etc.
Physical access control - security guards, fences, cameras, alarms, etc.
8. Digital signatures generate digital fingerprints by using a hash algorithm to ensure the
integrity of data transmission.
A. True
B. False
Answer: A
9. Which of the following descriptions of manual batch backup in firewall hot backup are
correct? (Multiple Choice)
A. Manual batch backup is enabled by default
B. Executing the hrp sync config command on any device in a dual-machine hot standby
network will trigger a configuration batch backup.
C. In manual batch backup mode, the active device will periodically back up the status
information that can be backed up to the standby device.
D. Every time a manual batch backup command is executed, the primary device will
immediately synchronize the configuration commands and status information to the backup
device.
Answer: ABCD
10. After the dual-machine hot standby configuration is completed, you can execute the display
hrp state command to view the dual-machine hot standby status, including local and peer
device roles, priorities, heartbeat interface bandwidth usage, etc.
 3 / 38
A. True
B. False
Answer: A
11. The data flow between security domains is directional, including inbound and outbound.
A. True
B. False
Answer: A
12. Which of the following attacks belong to DDoS attack types? (Multiple Choice)
A. GRE Flood
B. HTTP Flood
C.TCP Flood
D. ICMP Flood
Answer: ABCD
13. When a user uses the Web to log in to the firewall, the security policy between the user's
security zone and which of the following security zones needs to be opened?
A. Trust
B. DMZ
C. Local
D. Untrust
Answer: C
14. Please match the following malicious code types with their corresponding descriptions.
 4 / 38
Answer:
 5 / 38
15. Using the proxy () method, the virtual gateway will encrypt the real URL that the user wants
to access, and can adapt to different terminal types.
Answer: web
16. As shown in the figure, the administrator tests the network quality from the 20.0.0.0/24
network segment to the 40.0.0.0/24 network segment on device B, and requires the device to
send large data packets for a long time to test the network connectivity and stability. To meet its
requirements, which of the following commands?
A. Tracert -a 20.0.0.1 -c 500-w 9600 40.0.0.2
B. Tracert -a 20.0.0.1-f 500 -q 9600 40.0.0.2
C. Ping -a 20.0.0.1-c 500-s 9600 40.0.0.2
D. Ping -s 20.0.0.1 -h 500 -f 9600 40.0.0.2
Answer: C
17. As shown in the figure, some packets were captured on a terminal device using packet
capture software. Regarding the packet information, which of the following statements is
 6 / 38
correct?
A. The terminal initiated a TCP connection termination request to 192.168.1.1.
B. The terminal uses Telnet to log in to other devices.
C. The terminal initiated a TCP connection establishment request to 192.168.1.1.
D. The terminal uses Http to log in to other devices.
Answer: C
18. Please sort the overall process for remote users to access corporate intranet resources
through SSL VPN.
Answer: User login, user authentication, role authorization, resource access
19. Response _
A. 1-3-2-7-5-6-4
B. 1-3-2-7-6-5-4
C. 1-2-3-7-6-5-4
D. 1-7-3-2-6-5-4
Answer: D
20. Digital envelope refers to the data obtained after the sender uses the receiver's () to encrypt
the symmetric key
Answer: Public key
21. The hash algorithm is collision-resistant, that is, if you input different data, the output Hash
value cannot be the same.
A. True
B. False
Answer: B
22. In IPsec, ESP is an encapsulating security payload protocol and only provides data
encryption functions.
A. True
B. False
Answer: B
 7 / 38
23. Which of the following actions can be configured as POP3 anti-virus actions? (Multiple
Choice)
A. Delete attachments
B. Block
C. Declare
D. Alarm
Answer: ABCD
24. When the USG series firewall hard disk is in place, which of the following logs can be
viewed? (Multiple Choice)
A. Operation log
B. Business log
C. Alarm information
D. Threat Log
Answer: AD
25. Which of the following options are malicious programs? (Multiple Choice)
A. Trojan horse
B. Vulnerabilities
C. Worms
D. Virus
Answer: ACD
26. The security factor of digital signatures is very high. Even if an attacker obtains the sender's
public key, he cannot spy on the private data.
A. True
B. False
Answer: B
27. What are the correct options for the following description of the basic concepts of LDAP?
(Multiple Choice)
A. Directory information tree DIT: A collection of attributes constitutes a directory information
tree.
B. Unique identification name DN, a name that uniquely identifies an entry in a directory
information tree
 8 / 38
C. Relative identification name RDN, the name of the entry, uniquely identifies the child entry of
the same parent entry
D. Attribute: Attribute describes the characteristics of an object. An attribute consists of an
attribute type and one or more attribute values.
Answer: BD
28. Which of the following protocols can ensure the confidentiality of data transmission?
(Multiple Choice)
A. Telnet
B. SSH
C. FTP
D. HTTPS
Answer: BD
29. Compared with traditional five-tuple information, which of the following elements is a new
elementof next-generation firewall?
A. Destination address
B. Source port
C. Application
D. Agreement number
Answer: C
30. The gateway anti-virus () method simply extracts the characteristics of files and matches
them with the local signature library. Compared with the proxy scanning method, the detection
speed is fast and the detection rate is relatively low.
Answer: Stream scanning
31. Use the reset firewal1 session table command to clear all session table information. The end
user needs to reinitiate the connection to restart communication.
A. True
B. False
Answer: A
32. D. Certificates saved in ER format may or may not contain the private key.
A. True
B. False
 9 / 38
Answer: B
33. Search the blacklist
Which of the following sequences is correct?
A. 1->3->2->4
B. 3->2->1->4
C. 3->4->1->2
D. 4->3->1->2
Answer: C
34. The sub-interface function can be enabled on the firewall interface G0/0/1 and can be
divided into different VLANs, but the sub-interface cannot be added to the security zone.
A. True
B. False
Answer: B
35. In the VRRP (Virtual Router Redundancy Protocol) group, the main firewall regularly sends
notification messages to the backup firewall, and the backup firewall is only responsible for
listening to the notification messages and will not respond.
A. True
B. False
Answer: B
36. Which of the following aspects does the basic implementation mechanism of intrusion
prevention include? (Multiple Choice)
A. Feature matching
B. Protocol identification and analysis
C. Response processing
D. Reorganize application data
Answer: ABCD
37. Regarding NAT configuration, which of the following is incorrect?
A. Configure source NAT in transparent mode. The firewall does not support easy-ip mode.
B. The IP address in the address pool can overlap with the public IP address of the NAT server.
C. When there is VoIP service in the network, there is no need to configure NAT ALG.
D. The firewall does not support NAPT conversion of ESP and AH packets.
 10 / 38
Answer: B
38. The user successfully accesses http://1.1.1.1, and the device creates a Session table;
39. In single sign-on, both the third-party authentication server and the firewall need to
participate in the authentication process and record the visitor’s identity information.
A. True
B. False
Answer: B
40. After the company network administrator configures the company's dual-machine hot
backup, if he needs to check the status of the heartbeat interface, the command he needs to
type is (). By default, he has entered the system view.
Answer: display hrp interface
41. Drag the warning levels of network security emergency response on the left into the box on
the right, and arrange them from top to bottom in order of severity from high to low.
A. Orange Alert
B. Yellow Alert
C. Red Alert
D. Blue Alert
Answer: CABD
42. Regarding Huawei routers and switches, which of the following statements are correct?
(Multiple Choice)
A. Routers can implement some security functions, and some routers can implement more
security functions by adding security boards.
B. The main function of a router is to forward data. When an enterprise has security
requirements, sometimes a firewall may be a more appropriate choice.
C. The switch has some security functions, and some switches can implement more security
functions by adding security boards.
D. The switch does not have security features.
Answer: ABC
43. The scenario for internal enterprise users to access the Internet is as shown in the figure.
The user online process includes:
 11 / 38
The following correct sequence of processes should:
44. The tunnel addresses at both ends of the GRE tunnel can be configured as addresses on
different network segments.
A. True
B. False
Answer: A
45. The data transmitted between the headquarters and branches of an enterprise was stolen
and tampered with by hackers. This security risk belongs to information access security.
A. True
B. False
Answer: B
46. Which of the following statements about VPNs is false?
A. Virtual private networks are less expensive than dedicated lines
B. VPN technology must involve encryption technology
C. VPN technology is a technology that multiplexes logical channels on actual physical lines.
D. The emergence of VPN technology allows employees on business trips to remotely access
internal corporate servers
Answer: B
47. Regarding the description of vulnerability scanning, which of the following is incorrect?
A. Vulnerability scanning is a network-based technology that remotely monitors the security
performance vulnerabilities of a target network or host. It can be used to conduct simulated
attack experiments and security audits.
B. Vulnerability scanning is used to detect whether there are vulnerabilities in the target host
system. Generally, it scans the target host for specific vulnerabilities.
C. Vulnerability scanning is a passive prevention measure that can effectively avoid hacker
attacks.
 12 / 38
D. Vulnerability scanning can be performed based on the results of ping scan and port scan
Answer: C
48. If internal employees access the Internet through the firewall and find that they cannot
connect to the Internet normally, what view commands can be used on the firewall to
troubleshoot interfaces, security zones, security policies, and routing tables? (Write any view
command. Requirements: Command The words in the line must be complete to score points
and cannot be omitted or abbreviated)
Answer: Display zone display current-configuration | display ip routing-table | display security-
policy rule all | display ip interface brief
49. Classified protection has experienced nearly 20 years of development and has roughly gone
through three stages, namely the initial stage, the development stage and ().
Answer: mature stage
50. Which of the following descriptions of SSL VPN services are correct? (Multiple Choice)
A. Mobile office users use the file sharing service when accessing the intranet file server
B. Mobile office users use the file sharing service when accessing the intranet file server
C. Mobile office users use network extension services when accessing intranet IP resources
D. Mobile office users use the port forwarding service when accessing intranet UDP resources.
Answer: ABC
51. Which of the following descriptions about the difference between main mode and aggressive
mode in the IPsec VPN negotiation process are correct? (Multiple Choice)
A. During remote access, if the responder (server) cannot know the address of the initiator (end
user) in advance, or the initiator's address is always changing, and both parties want to use the
pre-shared key verification method to create an IKE SA , you can use the main mode at this
time
B. Since key exchange occurs together with identity authentication, aggressive mode cannot
provide identity protection.
C. If the initiator knows the responder's policy, or has a comprehensive understanding of the
responder's policy, aggressive mode can create an IKE SA faster.
D. Compared with main mode, the advantage of aggressive mode is that it can establish IKE SA
faster.
Answer: BCD
 13 / 38
52. Regarding the description of VGMP group management, which of the following is incorrect?
A. All changes in the active/standby status of a VRRP backup group need to be notified to the
VGMP management group to which it belongs.
B. The interface types and numbers of the heartbeat interfaces of the two firewalls can be
different, as long as they can ensure Layer 2 interoperability.
C. Regularly send hello messages between VGMP of the active and standby firewalls
D. The active and standby devices understand each other's status through heartbeat line
exchange messages, and back up relevant commands and status information.
Answer: B
53. Which of the followingdoes not include the trigger authentication method for firewall access
user authentication?
A. MPLS VPN
B. SSL VPN
C. IPsec VPN
D. L2TP VPN
Answer: A
54. Which of the following statements about electronic evidence sources is incorrect?
A. Fax materials and mobile phone recordings are electronic evidence related to communication
technology.
B. Movies and TV series are electronic evidence related to network technology.
C. Database operation records and operating system logs are computer-related electronic
evidence•
D. Operating system logs, e-mail, and chat records can all be used as sources of electronic
evidence.
Answer: B
55. Which of the following is a correct description of the firewall log when the firewall hard disk is
in place?
A. Administrators can view network threat detection and defense records in the announcement
content log.
B. Administrators can use threat logs to understand users’ security risk behaviors and the
reasons for being alerted or blocked.
C. Administrators can learn user behavior, searched keywords, and the effectiveness of audit
policy configurations through user activity logs.
 14 / 38
D. Administrators can learn the security policies that traffic hits through the policy matching log,
which can be used to locate faults when problems occur.
Answer: D
56. According to the logical architecture of the HiSec solution, please drag the levels divided by
the HiSec solution on the left to the box on the right, and arrange them in order from top to
bottom.
Answer:
1---Analysis layer
2---Control layer
3---Execution layer
57. In Linux system, which of the following commands is used to query IP address information?
A. displayip
B. ifconfig
C. ipconfig
D. display ip interface brief
Answer: B
58. Regarding the Server Map table generated by NAT No-PAT, which of the following
descriptions is correct?
A. The function of the Server Map generated by NAT No-PAT is equivalent to the security
policy, that is, the packets matching the Server Map table can directly pass through the firewall
without matching the security policy.
B. There are two Server Maps generated by NAT No-PAT by default. One is a reverse Server
Map table. It is mainly used for address translation without the need to configure additional NAT
and security policies when external network users actively access the private network users. for
a visit.
C. The Server Map generated by NAT No-PAT is static. That is, after NAT No-PAT is
configured, the Server Map table will be automatically generated and will exist permanently.
D. There are two Server Maps generated by NAT No-PAT by default. One is the forward Server
Map table. Its main function is to ensure that when a specific private network address accesses
the public network, it directly hits the table entry for address translation, improving efficiency.
Answer: C
59. Which of the following descriptions about the harm of denial of service attacks is incorrect?
 15 / 38
A. Cause the target machine to stop services or resource access
B. Causing irreparable physical damage to the target server
C. Use IP spoofing to force the target server to be unable to be connected by legitimate users
D. Force the target server's buffer to be full and not accept new requests.
Answer: B
60. The attacker sends an ICMP reply request and sets the destination address of the request
packet to the broadcast address of the victim network.
What kind of attack does this behavior belong to?
A. IP spoofing attack
B. Smurf attack
C. ICMP redirect attack
D. SYN flood attack
Answer: B
61. In IPsec transmission mode, the AH and ESP headers are inserted before the original IP
header, so that the internal IP address can be completely hidden, making security higher.
A. True
B. False
Answer: B
62. Regarding the difference between routers and firewalls, which of the following descriptions
are correct? (Multiple Choice)
A. The router does not have any security defense mechanism, and the firewall has a series of
security defense strategies such as packet filtering and detection.
B. The firewall does not have a routing function and cannot be used as a gateway for terminal
devices.
C. When the router checks the routing table to forward a packet, it will only check the
destination IP address of the packet.
D. When forwarding data packets, the firewall can detect the data based on the IP five-tuple.
Answer: CD
63. Adware is not considered a type of malicious code because it does not cause substantial
harm to users.
A. True
B. False
 16 / 38
Answer: B
64. Huawei equipment saves certificates in PKCS#12 format, which must contain private key
information.
A. True
B. False
Answer: B
65. In a networking environment where the round-trip paths of packets are inconsistent, the
firewall may only receive subsequent packets during the communication process, but not the
first packet. When the stateful inspection function is enabled, the firewall will discard the packet.
A. True
B. False
Answer: A
66. After the company network administrator configured dual-machine hot backup, he wanted to
check the status of the current VGMP group, so he typed the command and the following
information was displayed.
HRP_M<FW_A>__
Role: active, peer: active
Running priority: 45000 ? peer: 45000
Backup channel usage: 30X
Stable time: 1 days ? 13 hours ? 35 minutes
Last state change information: 2020-03-2216:01:56 HRP core state changed ? old_state =
normal ? active ?? new_state=normal
? active ? .1ocalpriority F 4
peer_priority = 45000.
Configuration:
hello interval: 1000ms
preempt: 60s
mirror configuration: off
mirror session: on
track trunk member: on
auto-sync configuration: on
auto-sync connection-status: on
adjust ospf cost: on
 17 / 38
adjust ospfv3-cost: on
adjust bgp-cost: on
nat resource: off
Detail information:
Gigabit Ethernet 0/0/1: up
Gigabit Ethernet 0/0/3: up
ospf-cost: +0
Then the command he typed in the blank space is ().
Answer: display hrp state verbose
67. What are the reasons why users need to perform identity authentication in corporate
networks? (Multiple Choice)
A. Prevent users from leaking secrets
B. Prevent users from opening irrelevant applications during work and affecting network
bandwidth.
C. Prevent users from carrying out irrelevant activities during work and affecting work efficiency
D. Prevent users from illegal behavior
Answer: ABCD
68. Which of the following does not belong to the certification, accreditation and audit guideline
part of the ISO27000 information security management system family?
A. ISO/IEC 27006
B. ISO 27799
C. ISO/IEC 27008
D. ISO/IEC 27007
Answer: A
69. Regarding GRE encapsulation and decapsulation, which of the following descriptions is
incorrect?
A. During the encapsulation process, the original data packet is forwarded to the Tunnel
interface by searching for a route, and then GRE encapsulation is initiated.
B. Encapsulation process. After being encapsulated by the GRE module, the data packet will
enter the IP module for the next step of processing.
C. During the decapsulation process, after the destination receives the GRE message, it
searches for a route and delivers the data packet to the Tunnel interface before starting GRE
decapsulation.
 18 / 38
D. Decapsulation process. After being decapsulated by the GRE module, the data packet will
enter the IP module for the next step of processing.
Answer: C
70. Which of the following descriptions of PKI architecture are correct? (Multiple Choice)
A. Certificate Certification Authority CA is a trusted entity used to issue and manage digital
certificates.
B. CA usually adopts a multi-level hierarchical structure. According to the level of the certificate
issuing authority, it can be divided into root CA and subordinate CA.
C. A PKI system consistsof three parts: terminal entity, certificate certification authority and
certificate registration authority.
D. PKI entity, which is the end user of PKI products or services, can be an individual,
organization, device (such as router, firewall) or a process running in a computer.
Answer: ABD
71. Regarding the difference between HITP and HTTPS, which of the following descriptions are
incorrect? (Multiple Choice)
A. The HTTP protocol is stateful, and each request is associated.
B. HITPS requires an SSL certificate, but HIIP does not.
C. The HITPS standard port is 80, and the HTTP standard port is 445.
D. HITP is plain text transmission, and HITPS is encrypted transmission.
Answer: AC
72. Which of the following service types can AAA authentication support? (Multiple Choice)
A. Ftp
B. SSH
C. Telnet
D. Web
Answer: ABCD
73. The European TCSEC guidelines are divided into two modules, functional and evaluation,
and are mainly used in the military, government and commercial fields.
A. True
B. False
Answer: A
 19 / 38
74. Server-map is used to store a mapping relationship. This mapping relationship can be a
data connection relationship negotiated by control data, or it can be an address mapping
relationship configured in NAT, so that the external network can actively access the internal
network through the firewall.
A. True
B. False
Answer: A
75. When the switch receives a packet with the destination MC address 5489-981b-22ca on the
E0/0/5 interface, it will discard it.
As shown in the picture, the picture shows the top of the MAC address forwarding table of a
switch. Which of the following descriptions of the table items are correct? (Multiple Choice)
A. When the switch receives a packet with the destination MC address 5489-981b-22ca on the
E0/0/5 interface, it will discard it.
B. The switch will flood when receiving packets with the destination MAC address
5489-7053-a24c on other active interfaces.
C. When the switch receives a packet with the destination MAC address 5489-7053-a24c on the
EO/0/10 interface, it will discard it.
D. The switch will forward the packet received with the destination MAC address
5489-981b-22ca on the EO/0/5 interface.
Answer: AB
76. When deploying IPsec VPN tunnel mode, use the AH protocol for packet encapsulation.
In the new IP packet header field, which of the following parameters does not require data
integrity check?
A. Source IP address
B. Destination IP address
C. TTL
D. Identification
Answer: C
77. The calculation speed of the MD5 algorithm is faster than the SHA-1 algorithm, and the
security strength is also higher.
A. True
B. False
Answer: B
 20 / 38
78. The user accesses the Internet and enters http://1.1.1.1;
79. Regarding the characteristics of firewall security zones, which of the following descriptions
are correct? (Multiple Choice)
A. A firewall interface can belong to multiple security zones.
B. A security policy can allow one-way traffic.
C. Mutual access between users in the same area does not require permission from the security
policy.
D. By default, the firewall has only three security zones: Trust, Untrust and DMZ.
Answer: BC
80. Filing _
81. Which of the following descriptions of common hashing algorithms is incorrect?
A. Hashing algorithms can transform inputs of any length into fixed-length outputs.
B. SHA-1 has faster calculation speed and higher security than the MD5 algorithm.
C. The SM3 algorithm is a domestic encryption algorithm. It is used for digital signature and
verification, message authentication code generation and verification, and random number
generation in cryptographic applications. It can meet the security needs of a variety of
cryptographic applications.
D. SHA-2 is an enhanced version of SHA-1, and its security performance is much higher than
SHA-1
Answer: B
82. When an IPsec service is unavailable, the administrator can run the display ipsec sa
command to view the IPsec SA information and find that the IPsec tunnel has been successfully
established.
What are the possible reasons for the failure of this service? (Multiple Choice)
A. There is a NAT device in the middle, and the security protocol during NAT traversal is the AH
protocol.
B. The route from the IPsec peer to the protected private network is unreachable
C. The authentication algorithm of the IPsec security protocol is the SHA2 algorithm. Check that
the encryption and decryption methods at both ends are inconsistent.
D. NAT Server and destination NAT affect IPsec's processing of protected data flows
Answer: ABCD
83. In practical applications, asymmetric encryption is mainly used to encrypt user data.
 21 / 38
A. True
B. False
Answer: B
84. The firewall detects that a virus file is carried in the SMTP protocol. Which of the following is
not a response action that the firewall may take?
A. Block
B. Alarm
C. Delete attachments
D. Declare
Answer: D
85. In Huawei Cloud Data Center SDN network solution, USG6000V cannot protect east-west
traffic between one network segment in the same VPC intranet.
A. True
B. False
Answer: B
86. The administrator connects to the firewall through the G1/0/0 interface (the interface has
been added to the Trust zone). If the administrator is allowed to log in to the firewall through
G1/0/0 for configuration management, how should the administrator configure the traffic allowed
in the security policy? direction?
A. Allow traffic from Trust Zone to Untrust Zone
B. Allow traffic from Trust Zone to Local Zone
C. Release traffic from Local Zone to Local Zone
D. Allow traffic from Trust Zone to Trust Zone
Answer: B
87. Which of the following traffic matching the authentication policy will trigger authentication?
A. Access to the device or traffic initiated by the device
B. DHCP, BGP, OSPF, LDP messages
C. Traffic of visitors accessing HTTP services
D. DNS message corresponding to the first HTTP service data flow
Answer: C
88. Which of the following are the main implementation methods of gateway anti-virus? (Multiple
 22 / 38
Choice)
A. Proxy scanning method
B. Stream scanning method
C. Package scanning and killing method
D. File scanning and killing methods
Answer: AB
89. Because UTM has the characteristics of parallel processing of multiple performances,
UTM's processing performance and speed of network traffic are faster than NGFW.
A. True
B. False
Answer: B
90. Which of the following descriptions of PKI certificates are correct? (Multiple Choice)
A. When a PKI entity applies for a local certificate from the CA, if there is an RA, the RA will first
review the identity information of the PKI entity. After passing the review, the RA will send the
application information to the CA.
B. The PKI entity does not support sending a certificate registration request message to the CA
through SCEP to apply for a local certificate.
C. PKI entities do not support offline application for local certificates from the CA
D. The PKI entity supports sending a certificate registration request message to the CA through
the CMPv2 protocol to apply for a local certificate.
Answer: AD
91. Which of the following descriptions about the VGIP group status is incorrect?
A. Initialize is the initialization state. When the dual-machine hot standby function is not enabled
on the device, the VGIP group is in this state.
B. When the device does not receive VGMP messages from the peer device and cannot learn
the priority of the peer VGMP group, the device's VGIP group status is initialize.
C. When the device's own VGP group priority is greater than the VGP group priority of the peer
device, the device's VGP group status is active.
D. When the device's own VGP group priority is lower than the peer device's VGP group priority,
the device's VGP group status is standby.
Answer: B
92. Regarding the description of IP spoofing,which of the following is incorrect?
 23 / 38
A. IP spoofing attacks are launched by taking advantage of the normal trust relationship
between hosts based on IP addresses.
B. After a successful IP spoofing attack, the attacker can use any forged IP address to imitate a
legitimate host to access key information.
C. The attacker needs to disguise the source IP address as a trusted host and send a data
segment with SYN annotation to request a connection.
D. Hosts with trust relationships based on IP addresses can log in directly without entering
password verification.
Answer: C
93. When an access user uses Client-Initiated VPN to establish a tunnel with the LNS, how
many PPP connections can one tunnel carry?
A. 3
B. 1
C. 2
D. 4
Answer: B
94. An employee of a company received an email about the company’s salary adjustment and
saved the email attachment. A few days later, the company administrator discovered that most
of the company’s employees’ computers were infected with viruses and could not operate
properly.
Which of the following attack methods might the hacker use in this case? (Multiple Choice)
A. Worm virus
B. Phishing emails
C. Denial of Service Attack
D. Social engineering
Answer: AB
95. Which of the following passwords is a strong password?
A. 1001
B. tLzXsqc735!
C. admin123
D. he110world
Answer: B
 24 / 38
96. Regarding the NAT policy processing process, which of the following options are correct?
(Multiple Choice)
A. Server-map is processed after status detection
B. Source NAT policy queries are processed after the session is created
C. Source NAT policy is processed after security policy matching
D. Server-map is processed before security policy matching
Answer: ACD
97. Which of the following is not a characteristic of digital envelopes?
A. Ensure the security of symmetric keys
B. Solve the problem of slow symmetric key encryption
C. Solved the issue of symmetric key issuance
D. Improved security, scalability and efficiency
Answer: B
98. What is the authentication range of the AH protocol in tunnel mode?
A. 3
B. 4
C. 2
D. 1
Answer: B
99. Which of the following services provides encrypted transmission by default?
A. FTP
B. HITP
C. SSH
D. Telnet
Answer: C
100. After an engineer completed the source NAT configuration, the internal network still could
not access the external network. The engineer wanted to query the detailed information of
address translation by using the command to query the session table, so the engineer directly
used the () command in the user view to query the address translation information.
Answer: display firewall session table
101. Which of the following descriptions of signature filters is incorrect?
 25 / 38
A. There is a priority relationship between signature filters, and the one configured first takes
precedence.
B. The action priority of the signature filter is higher than the default action of the signature.
C. The actions of the signature filter are divided into alarm, blocking and default actions of using
signatures.
D. If multiple values are configured in a filter condition of the signature filter, there is an "AND"
relationship between the multiple values.
Answer: A
102. Please sequence the following digital envelope encryption and decryption processes
correctly.
A. A uses B's public key to encrypt the symmetric key and generate a digital envelope.
B. After receiving A's encrypted information, B uses his own private key to open the digital
envelope and obtains the symmetric key
C. A uses the symmetric key to encrypt the plain text and generate cipher text information.
D. B uses the symmetric key to decrypt the ciphertext information and obtains the original
plaintext
E. A sends the digital envelope and ciphertext information to B.
Answer: CAEBD
103. As shown in the figure, there are two Server Map entries generated after configuring NAT
Server. Regarding the information presented in the figure, which of the following descriptions is
incorrect?
*Type: Nat Server. ANY?1.1.1.1[192.168.1.1] Type: Nat Server Reverse. 192.168.1.1[1.1.1.1]
?ANY
A. The second Server Map function is that when 192.168.1.1 accesses any address, the source
address will be converted to 1.1.1.1 after passing through the firewall.
B. The function of the first Server Map is that when any address accesses 192.168.1.1, the
destination IP will be converted to 1.1.1.1 after passing through the firewall.
C. The Server Map with the Reverse logo can be deleted using the command.
D. These two Server Map entries are static, that is, after the NAT Server is configured, the two
Server Maps will be automatically generated and will exist permanently.
Answer: B
104. Which of the following types of firewalls has the highest processing efficiency when
processing non-first packet data flows?
 26 / 38
A. Proxy firewall
B. Packet filtering firewall
C. Stateful Monitoring Firewall
D. Software firewall
Answer: C
105. In some scenarios, both the source IP address and the destination IP address need to be
translated. Which of the following technologies is used in this scenario?
A. Bidirectional NAT
B. Source NAT
C. NAT-Server
D. NAT ALG
Answer: A
106. In the () view of the firewall, you can use the reboot command to restart the firewall.
Answer: User
107. Regarding security policy configuration commands, which of the following is correct?
A. It is forbidden to access the ICMP packets from the trust zone to the untrust zone and the
destination address is the 10.1.10.10 host.
B. Prohibit access from the trust zone to all host ICMP messages in the untrust zone with the
destination address 10.1.0.0/16 network segment
C. Forbid all host ICMP messages from the trust zone to access the untrust zone and whose
source address is the 10.1.0.0/16 network segment.
D. Prohibit access from the trust zone to all host ICMP messages from the untrust zone with the
source address 10.2.10.10.
Answer: C
108. Which of the following descriptions about L2TP is incorrect?
A. L2TP should be used in remote corporate scenarios to provide access services for
employees on business trips to remotely access corporate intranet resources.
B. Whether traveling employees access the Internet through traditional dial-up or Ethernet,
L2TP VPN can provide them with remote access services.
C. PPP messages can be transmitted directly over the Internet
D. L2TP is a tunnel technology used to carry PPP packets
Answer: C
 27 / 38
109. Which of the following contents can be backed up by HRP? (Multiple Choice)
A. ARP entry
B. Blacklist
C. Server-map entry
D. TCP session table
Answer: ABCD
110. When the heartbeat interface is not configured with an IP address, it will be in the invalid
state.
A. True
B. False
Answer: A
111. Which of the following does not include the fragmented packets that a packet filtering
firewall can filter?
A. Non-fragmented packets
B. First fragmented message
C. Forged ICMP error messages
D. Subsequent fragmented messages
Answer: B
112. Data monitoring can be divided into two types: active analysis and passive acquisition.
A. True
B. False
Answer: A
113. During anti-virus processing, which of the following exception actions can be performed by
application exceptions? (Multiple Choice)
A. Allow
B. Alarm
C. Block
D. Delete attachments
Answer: ABC
114. Evidence appraisal needs to address the integrity verification of evidence and determine
 28 / 38
whether it meets the admissible standards. Regarding the standards for evidence appraisal,
which of the following descriptions is correct?
A. The relevance standard means that if the electronic evidence can have a substantial impact
on the facts of the case to a certain extent, the court should rule that it is relevant.
B. The objectivity standard means thatthe acquisition, storage, and submission of electronic
evidence must be legal and not seriously infringe on basic rights such as national interests,
social welfare, and personal privacy.
C. The legality standard is to ensure that there is no change in the content of electronic
evidence from the initial acquisition to the submission for use as litigation evidence.
D. The fairness standard means that only evidence materials obtained by legal subjects through
legal means have evidence capacity.
Answer: A
115. In tunnel encapsulation mode. When configuring IPsec, there is no need to have a route to
the destination private network segment, because the data will be re-encapsulated and the new
IP header will be used to look up the routing table.
A. True
B. False
Answer: B
116. Access control between security zones can be achieved by specifying five-tuple matching
conditions in the firewall security policy.
Which of the following does not belong to the information of a quintuple?
A. Destination address
B. Source address
C. Port number
D. Service
Answer: D
117. Which of the following descriptions of stateful inspection firewalls is correct?
A. The stateful inspection firewall cannot match the state table of UDP packets.
B. Stateful inspection firewalls need to match access rules for each data packet entering the
firewall.
C. Stateful inspection firewall only needs to match the access rules on the first packet
D. When stateful inspection firewall checks packets, it does not check the correlation of previous
and later packets of the same connection.
 29 / 38
Answer: C
118. If the virtual group ID of VRRP is 2, which of the following is the MAC of the virtual router?
A. 00-01-5E-00-01-02
B. 00-10-5E-00-01-02
C. 00-00-5E-00-00-02
D. 00-00-5E-00-01-02
Answer: D
119. Please match the different layers of OSI with their functions.
Answer:
 30 / 38
120. Which of the following contents does the IPsec VPN protocol framework include? (Multiple
Choice)
A. Key exchange
B. Security Protocol
C. Encapsulation mode
D. Security Alliance
Answer: BCD
121. Which of the following characteristics does a denial of service attack include? (Multiple
Choice)
A. Unauthorized tampering
B. Unauthorized destruction
 31 / 38
C. Unauthorized activation
D. Unauthorized access
Answer: BD
122. Which of the following descriptions of anti-virus software are correct? (Multiple Choice)
A. Anti-virus software can detect and kill all viruses.
B. Most anti-virus software lags behind computer viruses, so it is necessary to promptly update
and upgrade the software version and perform regular scans.
C. Viruses that can be detected by anti-virus software can also be removed.
D. After the virus is deleted, it is transferred to the quarantine area. The user can retrieve the
deleted files from the quarantine area, but the files in the quarantine area cannot be run.
Answer: BD
123. Rating _
124. If the firewall works in active/standby backup mode, you need to configure the status of all
VRRP backup groups on one firewall to active, and configure the status of all VRRP backup
groups on the other firewall to standby.
A. True
B. False
Answer: A
125. Which of the following verification algorithms does IPsec use to compare ICVs to verify
packet integrity and authenticity?
A. AES
B. DES
C. HMAC
D. MD5
Answer: C
126. What we usually call AAA includes authentication, (), and authorization.
Answer: Billing
127. A Web server is deployed in an enterprise's intranet to provide web access services to
internal and external network users. In order to protect the access security of the server and the
intranet, it is usually divided into the () zone of the firewall.
Answer: DMZ
 32 / 38
128. Which of the following descriptions about the heartbeat interface is incorrect?
A. It is recommended to configure at least 2 heartbeat interfaces. - One heartbeat interface is
used as the main interface, and the other heartbeat interface is used as the backup.
B. The interface MTU value is greater than 1500 and cannot be used as a heartbeat interface.
C. The heartbeat interface can be connected directly or through a switch or router.
D. The MGMT interface (GigabitEthernet0/0/0) cannot be used as a heartbeat interface
Answer: B
129. Which of the following is the default backup method for dual-system hot backup?
A. Automatic backup
B. Manual batch backup
C. Session quick backup
D. Configuration of the active and standby FW after the device restarts
Answer: A
130. Which of the following information is not included in the backup content of status
information backup in dual-system hot backup?
A. NAPI related entries
B. lPv4 session table
C. IPSEC tunnel
D. Routing table
Answer: D
131. Regarding the description of Internet user and VPN access user authentication, which of
the following is incorrect?
A. Internet users and VPN access users share data, and user attribute checks (user status,
account expiration time, etc.) also take effect on VPN access.
B. The process for Internet users using local authentication or server authentication is basically
the same. Users are authenticated through the authentication domain, and the user triggering
method is also the same.
C. After VPN users access the network, they can access the network resources of the corporate
headquarters. The firewall can control the accessible network resources based on the user
name.
D. After VPN access users pass authentication, they will be listed in the user online list at the
same time.
 33 / 38
Answer: B
132. Which of the following descriptions of the characteristics of the TCP/IP protocol stack is
incorrect?
A. The difference between the TCP/IP model and the OSI reference model is that TCP/IP
classifies both the presentation layer and the session layer into the application layer.
B. When the device receives data, it will remove the protocol header according to the TCP/IP
model and analyze the payload information. This action is called decapsulation.
C. When the device sends data, it will add specific protocol header information to the data
according to the TCP/IP model. This action is called encapsulation.
D. When the device encapsulates data, the TCP/IP protocol stack sets a verification mechanism
for the data at each layer.
Answer: D
133. The firewall security group supports up to three levels of nesting, namely parent security
group, security group, and child security group.
A. True
B. False
Answer: A
134. Which of the following VPN technology options support encryption of data packets?
(Multiple Choice)
A. SSL VPN
B. GRE VPN
C. IPsec VPN
D. L2TP VPN
Answer: AC
135. Even if the DHCP message matches the firewall authentication policy, authentication will
not be triggered.
A. True
B. False
Answer: B
136. Which of the following descriptions about IPsec VPN are correct? (Multiple Choice)
A. IKE SA is a bidirectional logical connection. A pair of IKE SA needs to be established
 34 / 38
between two peers.
B. The symmetric keys used for encryption and decryption can be configured manually or
automatically generated through IKE protocol negotiation.
C. The encryption function of IPsec cannot verify whether the decrypted information is the
original sent information or complete.
D. IPsec uses the HMAC (Hash-based Message Authentication Code) function to compare the
integrity check value ICv to verify the integrity and authenticity of the data packet l
Answer: ABD
137. Which of the following descriptions of the role of the HTTP protocol is correct?
A. HTTP is used to access various pages on the WWW server
B. HTTP provides a way for file transfer, which allows data to be transferred from one host to
another.
C. HTTP is used to achieve conversion from host domain name to IP address
D. HTTP resolvesknown IP addresses into MAC addresses
Answer: A
138. Under normal circumstances, the email protocols we often talk about include (), POP3, and
SMTP.
Answer: IMAP
139. When the administrator configures the user's authentication mode to server authentication
and the authorization method to local authorization, the user can go online normally even if
there is no user information on the firewall.
A. True
B. False
Answer: A
140. Which of the following types of digital certificates include? (Multiple Choice)
A. Self-signed certificate
B. CA certificate
C. Local certificate
D. RA certificate
Answer: ABC
141. Regarding the command to view the number of security policy matches, which of the
 35 / 38
following is correct?
A. display firewall session table
B. display security-policy all
C. display security-policy count
D. count security-policy hit
Answer: B
142. Which of the following options does not belong to the log type of the Windows operating
system?
A. Business log
B. Application logs
C. Security log
D. System log
Answer: A
143. The session information of some special business data flows needs to not be aged for a
long time. The firewall can ensure the normal operation of such services through the
configuration () function.
Answer: Long connection
144. The communicating parties in different security zones will exchange messages, so the
direction of a traffic should be determined based on the first message that initiates the traffic.
A. True
B. False
Answer: A
145. Which of the following items does the information output by the display firewall session
table verbose command include? (Multiple Choice)
A. NextHop
B. Session ID
C. Agreement name
D. TTL
Answer: ABCD
146. Which of the following is not a common transmission route for worm viruses?
A. Backdoor program
 36 / 38
B. USB flash drive
C. Email
D. Network sharing
Answer: A
147. After an engineer configures NAT-Server, in order to check the Server-map generated after
the configuration, he needs to use the () command to query the Server-map.
Answer: display firewall server-map
148. On Huawei USG series devices, the administrator wants to erase the configuration file.
Which of the following commands is correct?
A. clear saved-configuration
B. reset saved-configuration
C. reset current-configuration
D. reset running-configuration
Answer: B
 
More Hot Exams are available.
350-401 ENCOR Exam Dumps
350-801 CLCOR Exam Dumps
 37 / 38
https://www.certqueen.com/promotion.asp
https://www.certqueen.com/350-401.html
https://www.certqueen.com/350-801.html
200-301 CCNA Exam Dumps
Powered by TCPDF (www.tcpdf.org)
 38 / 38
https://www.certqueen.com/200-301.html
http://www.tcpdf.org