H12-731-ENU試験無料問題集（205題）「Huawei HCIE-Security (Huawei Certified Internetwork Expert-Security) 認定」

出題：1

In a new campus network of an enterprise, there is a requirement for ordinary PC users and dumb terminal users to connect to the Internet at the same time under an access switch.
Which authentication method is recommended to be deployed on this switch?

A. 802.1X Authentication

B. Portal Authentication

C. MAC bypass authentication

D. MAC Authentication

正解：C 解答を投票する

出題：2

Huawei USG firewall, in the dual-system hot-standby network (as shown in the figure), the PC cannot log in to the real IP address of the external network port of the standby firewall FW2 through SSH. Check the corresponding sessions on the active and standby firewalls as follows, and analyze the following statements about this fault. is it right ?
HRP_A <E1000-1> display firewall session table verbose source inside 192.168.22.151
tcp VPN: public ->
public
Zone: trust -> local TTL: 00:00:05 Left: timeout
Interface: G0/0/1 Nexthop: 192.168.22.122 MAC: 00-22-a1-06-b3-cb
<-- packets: 1
bytes: 48 -> packets: 0 bytes: 0
192.168.22.122:22 <-- 192.168.22.151:4354
HRP_S <-E1000-2>display firewall session table verbose source inside 192.168.22.151
tcp VPN: public -> public
Zone: trust -> local TTL: 00:00:05 Left: timeout
Interface: I0 Nexthop: 127.0.0.1 MAC: 00-00-00-00-00-00
<-- packets: 1
bytes: 48 -> packets: 1 bytes: 44
192.168.22.122:22 <-- 192.168.22.151:4354

A. When the PC logs in to the standby firewall FW2, the round-trip path is inconsistent.

B. The problem may be caused by turning off hrp mirror session enable.

C. The problem is caused by disabling the indo firewall session link-state check function of the chromium road state check function.

D. Because the SSH client supports packet retransmission during the login process.

正解：A,C 解答を投票する

出題：3

When the network traffic is heavy, if you do not want the downstream network to be congested or directly discard a large number of packets due to the excessive data traffic sent by the upstream, you can limit and cache the traffic on the outbound interface of the upstream device, so that such packets can be compared with each other. Send out at an even speed.
This technique can be:

A. GTS

B. WRED

C. Car

D. CBWFQ

正解：A 解答を投票する

出題：4

When the firewall runs GRE, which three parameters must be configured on the tunnel interface?

A. key

B. The protocol number of the tunnel is GRE

C. Destination IP address of the tunnel

D. source IP address of the tunnel

E. Checksum enable for GRE

正解：B,C,D 解答を投票する

出題：5

Firewall stateful inspection must be enabled before using the UTM function.

A. FALSE

B. TRUE

正解：B 解答を投票する

出題：6

IKE V1 - Phase negotiation is unsuccessful, what information needs to be checked, and what may be the reasons?

A. Check whether the physical link is normal.

B. Check if the ACL configuration matches.

C. Check the IPsec proposal parameter configuration.

D. View IKE debug information and UDP port 500 packet session statistics.

正解：A,D 解答を投票する

出題：7

In the Anti-DDoS abnormal traffic cleaning solution, the correct recommendations for planning and deployment are:

A. The cleaning equipment is directly deployed at the entrance of the enterprise. At the same time, the cleaning equipment has a built-in Bypass card to enhance the reliability of the solution.

B. Learn the traffic baseline values of each service type in the protection object through the baseline learning cycle, and generate learning results according to the settings of the learning task.

C. In scenarios with heavy traffic, it is recommended to deploy in a straight path.

D. The priority deployment defense mode is automatic, after running for a period of time, the Anti-DDoS works normally and then the deployment defense mode is manual.

正解：A,B 解答を投票する

出題：8

When using which of the following functions of UTM, it is necessary to ensure that the device is connected to the security service center?

A. Scan the transferred files for viruses

B. Load IPS engine

C. Online upgrade of IPS signature library

D. Online update virus database

E. Remote URL Filtering

正解：C,D,E 解答を投票する

出題：9

Regarding the relationship between 802.1X and RADIUS, which of the following descriptions is correct?

A. 802.1X and RADIUS are different technologies, but they are often used together to complete access control to end users.

B. 802.1X is a technical system, which includes RADIUS.

C. 802.1X and RADIUS are two completely different technologies and are usually not used together.

D. 802.1X and RADIUS are different names for the same technology.

正解：A 解答を投票する

出題：10

The USG firewall is directly connected to other devices at Layer 3. During commissioning, it was found that the IP address of the peer directly connected to the firewall cannot be pinged, and it has been confirmed that there is no problem with the peer device. What are the possible reasons?

A. The intra-domain packet filtering policy of the corresponding domain of the firewall is not enabled

B. The packet filtering from the firewall local to the corresponding security domain is not enabled

C. The firewall interface is not added to the security domain

D. Routing configuration error on firewall

正解：B,C 解答を投票する

H12-731-ENU試験無料問題集「Huawei HCIE-Security (Huawei Certified Internetwork Expert-Security) 認定」