Down To Date H12-711_V3.0 Testing Bible For HCIA-Security V3.0 Certification

NEW QUESTION 1

SIPprotocol usageSDPmessage to establish a session,SDPThe message contains a remote address or a multicast address

• A. True
• B. False

Answer: A

NEW QUESTION 2

Regarding NAT technology, which of the following descriptions is correct?

• A. The internal network server of the NAT network cannot be accessed by external network users.Therefore, if a server that needs to provide external services is deployed, be sure to assign an independent public network address to the server.
• B. NAT reduces the difficulty of network monitoring
• C. NAT technology can only achieve one-to-one address conversion, but cannot achieve address multiplexing
• D. NAT can hide more intranet IP addresses

Answer: D

NEW QUESTION 3

Under normal circumstances, the terminal number used by the RADIUS server to provide accounting services is ( ). (fill in the blank)

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4

aboutVGMPIn a description of group management, which of the following is false?

• A. VRRPbackup group master/All standby status changes need to be notified to theVGMPmanagement group
• B. The interface types and numbers of the heartbeat ports of the two firewalls can be different, as long as the Layer 2 interoperability can be guaranteed.
• C. Active and standby firewallsVGMPtimed starthellomessage
• D. The active and standby devices learn about the status of each other through the exchange of heartbeatmessages, and back up related commands and status information.

Answer: B

NEW QUESTION 5

DHCP SnoopingWhich of the following attacks can be prevented? (multiple choice)

• A. DHCP ServerCounterfeiter Attack
• B. middleman withIP/MAC spoofingattack
• C. IPspoofing attack
• D. useoption82Phishing of fieldsDHCPlease renewal attack

Answer: ABCD

NEW QUESTION 6

If users from the external network (where the security zone is Untrust) are allowed to access the intranet server (where the security zone is DMZ), the destination security zone selected when configuring the security policy is ______ .[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

Which of the following is an action to be taken during the summary phase of a cybersecurity emergency response? (multiple choice)

• A. Establish a defense system and specify control measures
• B. Evaluate the implementation of emergency plans and propose follow-up improvement plans
• C. Judging the effectiveness of isolation measures
• D. Evaluate members of emergency response organizations

Answer: BD

NEW QUESTION 8

Equipment sabotage attacks are generally not easy to cause information leakage, but usually cause interruption of network communication services.

• A. True
• B. False

Answer: A

NEW QUESTION 9

which of the followingIPSec VPNnecessary configuration? (multiple choice)

• A. configureIKEneighbour
• B. configureIKE SARelated parameters
• C. configureIPSec SARelated parameters
• D. Configure streams of interest

Answer: ABCD

NEW QUESTION 10

existUSGConfiguration on the series firewallNAT Server, will produceserver-mapTable, which of the following is not part of this representation?

• A. PurposeIP
• B. destination port number
• C. agreement number
• D. sourceIP

Answer: D

NEW QUESTION 11

Regarding NAT technology. Which of the following descriptions is false?

• A. In Huawei firewalls, source NAT technology refers to the translation of the source address in the IP header of the connection that initiates the connection.
• B. In the Huawei firewall, Easy IP directly uses the public network address of the interface as the translated address, and does not need to configure a NAT address pool.
• C. In Huawei firewalls, the NAT No-PAT technology needs to be implemented by configuring a NAT address pool.
• D. In Huawei firewalls, the only NAT technology with port translation is NAPT.

Answer: D

NEW QUESTION 12

pass throughdisplay ike sa The results you see are as follows. Which of the following statements is false?

• A. IKE SAhas been established
• B. IPSec SAhas been established
• C. neighbor address is2.2.2.1
• D. IKEused isV1Version

Answer: B

NEW QUESTION 13

When configuring user single sign-on, if you use the mode of querying the AD server security log, please check the followingcertifiedProcedureEnterRow ordering:[fill in the blank]*
The AD monitor forwards the user login message to F7, and the user goes online at F7.
AD monitor through the WMI interface provided by AD server. Connect to the AD server to query the security log. Get the user login message.
accessboardrecord AD domain, AD servicedevicerecorduseHouseholdsuperiorStringinformation into the security log.
The AD monitor starts from the time when the AD single sign-on service starts, and regularly queries the security logs generated on the AD server.

• A.

Answer: 4213

NEW QUESTION 14

The preservation of electronic evidence is directly related to the legal validity of the evidence, and the authenticity and reliability of the preservation in compliance with legal procedures can be guaranteed. Which of the following is not an evidence preservation technique?

• A. Encryption Technology
• B. digital certificate technology
• C. digital signature technology
• D. Packet Tag Tracking Technology

Answer: D

NEW QUESTION 15

firewallTrustClients in the domain can log inUntrustin the domainFTPserver, but the file cannot be downloaded, which of the following can solve the problem? (multiple choice)

• A. existTrustandUntrustrelease betweentwenty oneThe port number
• B. FTPWorks asportmode, modify fromTrustarriveUntrustThe zone's security policy action is Allow
• C. enabledetect ftp
• D. FTPWorks asPassivemode, modify fromTrustarriveUntrustThe zone's security policy action is Allow

Answer: CD

NEW QUESTION 16

Regarding the ServerMap table generated by NAT No-PAT, which of the following descriptions is correct

• A. The function of the Server Map generated by NAT No-PAT is equivalent to the security polic
• B. That is, the packets matching the Server Map table can pass through the firewall directly without matching the security policy.
• C. There are two Server Maps generated by NAT No-PAT by defaul
• D. One is a reverse Server Map table, which is mainly used for address translation without additional configuration of NAT and security policies when external network users actively access the private network user
• E. to access.
• F. The Server Map generated by NAT No-PAT is static, that is, after NAT No-PAT is configured, the Server Map table is automatically generated and exists permanently.
• G. There are two Server Maps generated by NAT No-PAT by default, one is a forward Server Map table

Answer: C

NEW QUESTION 17

In the security assessment method, the purpose of security scanning is to scan the target system with scanning analysis and assessment tools in order to find relevant vulnerabilities and prepare for attacks.

• A. True
• B. False

Answer: B

NEW QUESTION 18

Which of the following statements about the PKI life cycle is correct?

• A. Certificate renewal: When the certificate expires and the key is leaked, the PKI entity must replace the certificat
• B. The purpose of renewal can be achieved by re-applying, or it can be automatically renewed using SCEP or CPv2 protocol.
• C. Certificate download: The PKI entity downloads the issued certificate to the RA server through SCEP or CIPvz protocol, or through DAP.HIITP or out-of-band mode, download the issued certificate.
• D. Certificate issuance: When a PKI entity applies for a local certificate from a CA, if there is an RA, the RA will first review the identity information of the PKI entit
• E. After the verification is passed, the RA will send the application information to the CA.
• F. Certificate application: certificate application, namely certificate registration, is a PKI entity introducing itself to the CA and obtaining a certificate

Answer: ABCD

NEW QUESTION 19

Personal information leakage is the destruction of the _______ characteristics of information.[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 20

When configuring the security policy on the firewall, the optional content security options are ( ). (fill in the blank)

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 21
......