Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Huawei
  3. HCIA-Security
  4. H12-711_V3.0 - HCIA-Security V3.0

Huawei H12-711_V3.0 HCIA-Security V3.0 Exam Practice Test

Demo: 73 questions
Total 492 questions
Get H12-711_V3.0 Full Access Download H12-711_V3.0 PDF

HCIA-Security V3.0 Questions and Answers

Question 1

Which of the following options is not included aboutHRP in the content of the master/slave configuration consistency check?

Options:

A.

NATStrategy

B.

Whether the heartbeat interface with the same sequence number is configured

C.

The next hop and outgoing interface of the static route

D.

Authentication Policy

Question 2

existUSGOn the series firewall, configurewebAfter the redirection function is enabled, the authentication page cannot pop up. Which of the following is not the cause of the failure?

Options:

A.

The authentication policy is not configured or the authentication policy is incorrectly configured

B.

UnopenedwebAuthentication function

C.

browserSSLVersion and Firewall Authentication PageSSLversion mismatch

D.

The port number of the authentication page service is set to8887

Question 3

Evidence identification needs to address the verification of the integrity of the evidence and determine whether it meets the applicable standards. Which of the following statements is correct about the criteria for identification of evidence?

Options:

A.

The relevance standard means that if the telephony evidence can have a substantial impact on the facts of the case to a certain extent, the court should rule that it is relevant.

B.

The standard of objectivity means that the acquisition, storage, and submission of electronic evidence should be legal, and not constitute a serious violation of basic rights such as national interests, social welfare, and personal privacy.

C.

The standard of legality is to ensure that the content of electronic evidence remains unchanged from the initial acquisition and collection to the submission and use as litigation evidence.

D.

The standard of fairness refers to the evidentiary material obtained by the legal subject through legal means, which has evidential capacity.

Question 4

Questionnaire design principles do not include which of the following?

Options:

A.

integrity

B.

openness

C.

specificity

D.

consistency

Question 5

againstIPspoofing attack (IP Spoofing), which of the following is an error?

Options:

A.

IPSpoofing attacks are based onIPaddress trust relationship to initiate

B.

IPAfter a successful spoofing attack, the attacker can use forged arbitraryIPThe address impersonates a legitimate host to access key information

C.

The attacker needs to put the sourceIPlandaddress masquerading as a trusted host and sendSYNmarkNote the data segment request connection

D.

based onIPThe hosts in the trust relationship of the addresses can log in directly without entering password authentication.

Question 6

Digital certificates can be divided into local certificates,CAcertificates, root certificates, self-signed certificates, etc.

Options:

A.

True

B.

False

Question 7

Which of the following configurations can achieveNAT ALGFeatures?

Options:

A.

nat alg protocol

B.

alg protocol

C.

nat protocol

D.

detect protocol

Question 8

Which of the following options is not included in the survey respondents in the security assessment method?

Options:

A.

network system administrator

B.

security administrator

C.

HR

D.

Technical director

Question 9

aboutNATThe configuration commands for the address pool are as follows:no-patThe meaning of the parameters is:

Options:

A.

no address translation

B.

port multiplexing

C.

Do not translate source ports

D.

Do not convert destination port

Question 10

aboutwindowslog, which of the following descriptions is false?

Options:

A.

System logs are used to record events generated by operating system components, mainly including crashes of drivers, system components and application software, and data

B.

windows server 2008The system logs are stored inApplication.evtxmiddle

C.

The application log contains events recorded by applications or system programs, mainly recording program operation events

D.

windows server 2008The security log is stored insecurity.evtxmiddle

Question 11

Which of the following are remote authentication methods? (multiple choice)

Options:

A.

RADIUS

B.

Local

C.

HWTACACS

D.

LLDP

Question 12

Which of the following protocols can guarantee the confidentiality of data transmission? (multiple choice)

Options:

A.

Telnet

B.

SSH

C.

FTP

D.

HTTPS

Question 13

aboutSSL VPNdescription, which of the following is correct?

Options:

A.

Can be used without a client

B.

yesIPlayer to encrypt

C.

existNATcrossing problem

D.

No authentication required

Question 14

EuropeTCSECThe guidelines are divided into two modules, functional and evaluation, and are mainly used in the military, government and commercial fields

Options:

A.

True

B.

False

Question 15

The matching principle of the security policy is: first search for the manually configured interzone security policy, and if no match is found, the data packet will be discarded directly.

Options:

A.

True

B.

False

Question 16

Which of the following is not a key technology of antivirus software?

Options:

A.

Shelling technology

B.

self protection

C.

format the disk

D.

Update virus database in real time

Question 17

Which of the following options are application risks (multiple choice)

Options:

A.

Internet virus

B.

Email Security

C.

Database system configuration security

D.

WEBservice security

Question 18

Which of the following does not fall into the category of cybersecurity incidents?

Options:

A.

Major cybersecurity incident

B.

Special Cybersecurity Incident

C.

General cybersecurity incidents

D.

Major cybersecurity incident

Question 19

aboutClient-Initiated VPN, which of the following statements is true? (multiple choice)

Options:

A.

each access user andLNSestablish a tunnel between

B.

Each tunnel carries only oneL2TPsession andPPPconnect

C.

Each tunnel carries multipleL2TPsession andPPPconnect

D.

Each tunnel carries multipleL2TPsession and aPPPconnect

Question 20

If the administrator uses the defaultdefaultThe authentication domain verifies the user, and the user only needs to enter the user name when logging in; if the administrator uses the newly created authentication domain to authenticate the user, the user needs to enter the user name when logging in."username@Certified domain name"

Options:

A.

True

B.

False

Question 21

During the use of the server, there are various security threats. Which of the following options is not a server security threat?

Options:

A.

natural disaster

B.

DDosattack

C.

hacker attack

D.

malicious program

Question 22

aboutNATAddress translation, which of the following statements is false?

Options:

A.

sourceNATconfiguration in technologyNATaddress pool, you can configure only one address poolIPaddress

B.

Address translation can be provided in the local area network according to the needs of usersFTP,WWW,Telnetand other services

C.

Some application layer protocols carry in the dataIPaddress information, make themNATWhen modifying the data in the upper layerIPAddress information

D.

for someTCP,UDPagreement (such asICMP,PPTP), cannot doNATconvert

Question 23

As shown in the figure, the clientAand serverBestablished betweenTCPconnection, two places in the figure"?"The message sequence number should be which of the following?

Options:

A.

a+1:a

B.

a:a+1

C.

b+1:b

D.

a+1:a+1

Question 24

Intrusion Prevention System (IPS,intrusion prevention system) is a defense system that can block in real time when an intrusion is detected

Options:

A.

True

B.

False

Question 25

existUSGConfiguration on the series firewallNAT Server, will produceserver-mapTable, which of the following is not part of this representation?

Options:

A.

PurposeIP

B.

destination port number

C.

agreement number

D.

sourceIP

Question 26

Drag the phases of the cybersecurity emergency response on the left into the box on the right, and arrange them from top to bottom in the order of execution. 1. Inhibition stage, 2. recovery phase, 3. Detection stage, 4. eradication phase[fill in the blank]*

Options:

Question 27

In the Linux system, which of the following is the command to query the P address information? ( )[Multiple choice]*

Options:

A.

ifconfig)

B.

display ip interface brief

C.

ipconfig

D.

display ip

Question 28

Drag the phases of the cybersecurity emergency response on the left into the box on the right, and arrange them from top to bottom in the order of execution.[fill in the blank]*

Options:

Question 29

IPSec VPNs use pre-shared keys, ( ) and digital envelopes to authenticate peers. (fill in the blank)

Options:

Question 30

Which of the following descriptions of the firewall log is wrong?

Options:

A.

The log level Emergency is the most severe level

B.

Alert log level indicates a major abnormality of the device, requiring immediate action

C.

According to the severity level or urgency of the information. The log can be divided into 8 levels. The more serious the information, the greater the log level value.

D.

The ebug log level indicates that it is general information about the normal operation of the device, and the user does not need to pay attention

Question 31

Which of the following descriptions about the heartbeat interface is wrong ( )?[Multiple choice]*

Options:

A.

It is recommended to configure at least two heartbeat interfaces. - One heartbeat interface is used as the master, and the other heartbeat interface is used as the backup.

B.

The interface MTU value is greater than 1500 and cannot be used as a heartbeat interface

C.

The connection method of the heartbeat interface can be directly connected, or it can be connected through a switch or router

D.

MGMT interface (Gigabi tEtherneto/0/0) cannot be used as heartbeat interface

Question 32

When an access user uses Client-InitiatedVPN to establish a tunnel with the LNS, how many PPP connections can one tunnel carry?

Options:

A.

4

B.

1

C.

2

D.

3

Question 33

In digital signature technology, we usually encrypt the digital fingerprint with the sender's ( ). (fill in the blank)

Options:

Question 34

The protocol number of the transport layer protocol TCP is ( ) (fill in the blank)

Options:

Question 35

Which of the following options is not a private network IP address?

Options:

A.

192.168.254.254/16

B.

172.32.1.1/24

C.

10.32.254.254/24

D.

10.10.10.10/8

Question 36

Regarding the description of the firewall security zone and interface relationship, which of the following options is correct? (multiple choice)

Options:

A.

The firewall allows the same physical interface to belong to two different security zones (sub-interfaces are not considered)

B.

There are two security zones with exactly the same security level in the firewall

C.

Different interfaces of the firewall can belong to different security zones

D.

Different interfaces of the firewall can belong to the same security zone

Question 37

Please sort the following digital envelope encryption and decryption process correctly.

Options:

A.

uses B's public key to encrypt the symmetric key to generate a digital envelope

B.

After receiving the encrypted information from A, B uses its own private key to open the digital envelope to obtain the symmetric key.

C.

uses a symmetric key to encrypt the plaintext to generate ciphertext information.

D.

B uses the symmetric key to decrypt the ciphertext information to obtain the original plaintext.

E.

A sends the digital envelope and cipher text information to B

Question 38

Which of the following descriptions about digital fingerprints in digital signatures is wrong?

Options:

A.

The receiver needs to use the sender's public key to unlock the digital signature to obtain the digital fingerprint.

B.

It is the data obtained by the sender after calculating the plaintext information through the HASH algorithm.

C.

The receiver will use the sender's public key to calculate the generated data fingerprint and compare it with the received digital fingerprint.

D.

Digital fingerprints are also known as information digests.

Question 39

An engineer needs to back up the firewall configuration. Now he wants to use a command to view all the current configurations of the firewall. May I ask the command he uses is ____[fill in the blank]*

Options:

Question 40

The method of collecting information by port scanning using scanning tools belongs to the means of ( ) analysis. (fill in the blank)

Options:

Question 41

Drag the warning level of the network security emergency response on the left into the box on the right, and arrange it from top to bottom in order of severity.[fill in the blank]*

Options:

Question 42

With the development of technology, some new technologies have emerged in electronic forensics. Which of the following items are new forensics technologies?

Options:

A.

Cloud Forensics

B.

IoT Forensics

C.

Side-Channel Attack Forensics

D.

Log forensics

Question 43

Which of the following protocols cannot be encrypted by SSL VPN?

Options:

A.

HTTP

B.

UDP

C.

IP

D.

PPP

Question 44

After the company network administrator configures the dual-system hot backup, he wants to check the status of the current VGMP group, so he typed the command and displayed the following information

HRP_M_

Role: active, peer: active

Running priority:45000, peer:45000

Backup channel1 usage: 30x

Stab1 e time: 1days, 13 hours, 35 minutes

Last state change information: 2020-03-22 16:01:56 HRP core state changed, old_state=normal (active), new_state=normal

(active).local priority F 4

peer_priority 45000.

Configuration:

hello interval: 1000ms

preempt: 60s

mirror configuration:off

mirror session:on

track trunk member:on

auto-sync configuration:on

auto-sync connection- status:on

adjust ospf cost:on

adjust ospfv3-cost:on

adjust bgp-cost:on

nat resource: off

Detail information on:

Gigabi tEthernet0/0/1:up

Gigabi tEthernet0/0/3:up

ospf-cost: +0

then the command he typed in the blank is[fill in the blank]*

Options:

Question 45

Options:

A.

1

B.

2

C.

3

D.

4

Question 46

When a network security incident occurs, investigate the intrusion behavior, virus or Trojan horse, and repair and strengthen the host. Which of the above actions belong to the work content of the network security emergency response?

Options:

A.

Recovery phase

B.

Detection stage

C.

Eradication stage

D.

Inhibition stage

Question 47

When an access user uses Client-InitiatedVPN to establish a tunnel with the LNS, how many PPP connections can a tunnel carry?

Options:

A.

3

B.

1

C.

2

D.

4

Question 48

Which of the following NAT technologies is a destination NAT technology?

Options:

A.

Easy-ip

B.

NAT No-PAT

C.

NAPT

D.

NAT Server

Question 49

____- The goal is to provide a rapid, composed and effective response in emergency situations, thereby enhancing the ability of the business to recover immediately from a disruptive event.[fill in the blank]*

Options:

Question 50

Which of the following security measures does the monitor correspond to?

Options:

A.

Intrusion Detection System

B.

Encrypted VPN

C.

Access control system

D.

Firewall

Question 51

If internal employees access the Internet through the firewall and find that they cannot connect to the Internet normally, what viewing commands can be used on the firewall to troubleshoot the interface, security zone, security policy and routing table? (Write any viewing command, requiring: the words on the command line must be complete and correct to score, and cannot be omitted or abbreviated)[fill in the blank]*

Options:

Question 52

Please order the following steps according to the graded protection process.[fill in the blank]

Options:

Question 53

The reason why NAPT can realize one-to-many address translation is that the ______ is also translated when the address is translated, so multiple private addresses can share the same public address.[fill in the blank]*

Options:

Question 54

at HuaweiSDSecIn the solution, which of the following options belong to the device of the executive layer? (multiple choice)

Options:

A.

CIS

B.

Fierhunter

C.

router

D.

AntiDDoS

Question 55

What is the corresponding warning level for major network security incidents?

Options:

A.

red alert

B.

Orange Alert

C.

Yellow Alert

D.

blue alert

Question 56

When an information security incident occurs, give priority to using ______ emergency response to provide technical support to customers [fill in the blank]*

Options:

Question 57

If users from the external network (where the security zone is Untrust) are allowed to access the intranet server (where the security zone is DMZ), the destination security zone selected when configuring the security policy is ______.[fill in the blank]*

Options:

Question 58

Applying for special funds for emergency response and purchasing emergency response software and hardware equipment belong to the work content of which stage of the network's complete emergency response?

Options:

A.

preparation stage

B.

Inhibition stage

C.

response phase

D.

recovery phase

Question 59

Personal information leakage is the destruction of the ______ characteristics of information.[fill in the blank]*

Options:

Question 60

HRP(Huawei Redundancy Protocol) protocol, which is used to synchronize data such as key configuration and connection status of the firewall to the standby firewall, which of the following options does not belong to the scope of synchronization?

Options:

A.

security strategy

B.

NATStrategy

C.

blacklist

D.

IPSSignature set

Question 61

RFC (Request For Comment) 1918 reserves 3 IP addresses for private use, namely 10.0.0.0-10.255.255.255, ______, 192.168.0.0-192.168.255.255[fill in the blank]*

Options:

Question 62

Regarding the description of the operating system, which of the following is false?

Options:

A.

The operating system is the interface between the user and the computer

B.

The operating system is responsible for managing all hardware resources of the computer system and controlling the execution of software.

C.

The interface between the operating system and the user is a graphical interface

D.

The operating system itself is also software

Question 63

Which of the following is not a stand-alone anti-virus technology? ( )[Multiple choice]*

B. Configure anti-virus technology on network firewall

C. Use virus detection tools

D. Patch the system

Options:

Question 64

Huawei's Agile-Controller products belong to ______ in the HiSec solution.[fill in the blank]

Options:

Question 65

Single sign-on function for Internet users, users directlyADServer authentication, the device does not interfere with the user authentication process,ADMonitoring services need to be deployed inUSGequipment, monitoringADAuthentication information of the server

Options:

A.

True

B.

False

Question 66

Which of the following information is not the backup content included in the status information backup in the dual-system hot backup? ( )[Multiple choice]*

Options:

A.

IPSEC tunnel

B.

NAPT related table items

C.

IPv4 session table

D.

Routing table

Question 67

Please match the whole worm attack process and attack description.[fill in the blank]*

Options:

Question 68

Which of the following attacks is not a special packet attack?

Options:

A.

ICMPredirected packet attack

B.

ICMPUnreachable Packet Attack

C.

IPaddress scanning attack

D.

oversizedICMPPacket attack

Question 69

Options:

Question 70

The steps of the security assessment method do not include which of the following?

Options:

A.

Manual audit

B.

Penetration testing

C.

Questionnaire

D.

data analysis

Question 71

When the user uses the session authentication method to trigger the firewall built-inPortalDuring authentication, users do not actively perform identity authentication, advanced service access, and device push"redirect"to the certification page

Options:

A.

True

B.

False

Question 72

The attacker sends a SYN message with the same source address and destination address, or the source address is the loopback address to the target host (the source port and destination port are the same, causing the attacker to send a SYN-AKY message to its own address) What kind of attack is this behavior black? ( )[Multiple choice]*

Options:

A.

Smurf attack

B.

SYN Flood Attack

C.

TCP Spoofing Attack

D.

Land attack

Question 73

In which of the following scenarios does the firewall generate the Server map table? ( )

Options:

A.

NAT Server is deployed on the firewall

B.

ASPF is deployed on the firewall and forwards the traffic of the multi-channel protocol

C.

When the firewall generates a session table, it will generate a Server-map table

D.

Security policies are deployed on the firewall and traffic is released

Load More H12-711_V3.0 Questions
Demo: 73 questions
Total 492 questions
Get H12-711_V3.0 Full Access Download H12-711_V3.0 PDF