Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Huawei H12-725_V4.0 HCIP-Security V4.0 Exam Exam Practice Test

Demo: 18 questions
Total 60 questions

HCIP-Security V4.0 Exam Questions and Answers

Question 1

Predefined URL categories on Huawei firewalls reside in the URL category database delivered with the device and do not need to be manually loaded.

Options:

A.

TRUE

B.

FALSE

Question 2

Which of the following parameters is not required for an IKE proposal?

Options:

A.

Authentication algorithm

B.

Encapsulation mode

C.

Negotiation mode

D.

Encryption algorithm

Question 3

The figure shows the defense mechanism of an HTTP flood attack. Which source IP detection technology is displayed in the figure?

Options:

A.

302 redirect mode

B.

Basic mode

C.

URI monitoring

D.

Enhanced mode

Question 4

Which of the following statements is false about HTTP behavior?

Options:

A.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the block threshold, the system blocks the uploaded or downloaded file or POST operation.

B.

When the size of the uploaded or downloaded file or the size of the content obtained through the POST operation reaches the alarm threshold, the system generates a log to notify the device administrator and block the behavior.

C.

You can set an alarm threshold and a block threshold to limit the size of the upload file if file upload is allowed.

D.

The POST method of HTTP is commonly used to send information to the server through web pages. For example, use this method when you post threads, submit forms, and use your username and password to log in to a specific system.

Question 5

: 52 DRAG DROP

Arrange the steps of the bandwidth management process on firewalls in the correct sequence.

Options:

Question 6

In the figure, enterprise A and enterprise B need to communicate securely, and an IPsec tunnel is established between firewall A and firewall B. Which of the following security protocols and encapsulation modes can meet the requirements of this scenario?

Options:

A.

AH+ESP; transport mode

B.

ESP; tunnel mode

C.

ESP; transport mode

D.

AH; tunnel mode

Question 7

Which of the following actions can be performed when the firewall identifies file anomalies?(Select All that Apply)

Options:

A.

Alarm

B.

Allow

C.

Block

D.

Delete attachment

Question 8

Which of the following protocols can be encapsulated through GRE over IPsec?(Select All that Apply)

Options:

A.

IPX

B.

VRRP

C.

IPv6

D.

OSPF

Question 9

The figure shows the PBR-based injection scenario. Which of the following statements are true about this scenario?(Select All that Apply)

Options:

A.

Router1 is a traffic-diversion router.

B.

After the injected traffic reaches Router1, Router1 forwards the traffic to Router2 or Router3 based on its forwarding mechanism. Finally, the traffic reaches different Zones.

C.

The cleaning device injects traffic from different Zones to different interfaces (10GE1/0/2 and 10GE1/0/3) of Router1 based on PBR.

D.

A traffic-diversion channel is established between 10GE1/0/1 of Router1 and 10GE2/0/1 of the cleaning device.

Question 10

Which of the following statements is false about health check?

Options:

A.

Health check supports DNS detection protocols.

B.

In addition to link connectivity detection, health check can also detect the delay, jitter, and packet loss rate of links in real time.

C.

The health check function cannot be used together with PBR.

D.

Firewalls can detect network connectivity in real time based on the health check result.

Question 11

When an IPsec VPN is established in aggressive mode, AH+ESP can be used to encapsulate packets in NAT traversal scenarios.

Options:

A.

TRUE

B.

FALSE

Question 12

Trojan horses may disclose sensitive information of victims or even remotely manipulate victims' hosts, causing serious harm. Which of the following are the transmission modes of Trojan horses?(Select All that Apply)

Options:

A.

Attackers exploit vulnerabilities to break into hosts and install Trojan horses.

B.

A Trojan horse is bundled in a well-known tool program.

C.

The software downloaded from a third-party downloader carries Trojan horses.

D.

A Trojan horse masquerades as a tool program to deceive users to run the program on a host. Once the program is run, the Trojan horse is automatically implanted into the host.

Question 13

The difference between DoS attacks and DDoS attacks is that DoS attacks are usually directly initiated by attackers, whereas DDoS attacks are usually initiated by attackers controlling multiple zombies.

Options:

A.

TRUE

B.

FALSE

Question 14

Huawei iMaster NCE-Campus is a web-based centralized management and control system in the CloudCampus Solution. It supports user access management and can function as multiple types of authentication servers. Which of the following servers can iMaster NCE-Campus not be used as?

Options:

A.

Portal server

B.

AD server

C.

RADIUS server

D.

HWTACACS server

Question 15

In a Huawei network security environment, which of the following is a key advantage of using HWTACACS over RADIUS for device management authentication?

Options:

Options:

A.

HWTACACS encrypts only passwords, while RADIUS encrypts the entire payload.

B.

HWTACACS provides per-command authorization, allowing different privilege levels for different users.

C.

HWTACACS operates over UDP, ensuring faster communication than RADIUS.

D.

HWTACACS does not support accounting, while RADIUS does.

Question 16

Which of the following is not a process for remote users to access intranet resources through SSL VPN?

Options:

A.

Resource access

B.

User authentication

C.

Access accounting

D.

User login

Question 17

Which of the following statements is false about hot standby networking?(Select All that Apply)

Options:

A.

In load-sharing mode, both firewalls are active. Therefore, if both firewalls synchronize commands to each other, commands may be overwritten or conflict with each other.

B.

In load-sharing mode, both devices process traffic. Therefore, this mode supports more peak traffic than the active/standby or mirroring mode.

C.

In active/standby mode, configuration commands and status information are backed up from the active device to the standby device.

D.

In load-sharing mode, configuration commands can be backed up only from the configuration standby device to the configuration active device.

Question 18

Network Access Control (NAC) is an end-to-end security control technology that works in combination with AAA to implement access authentication. Which of the following statements about NAC and AAA are true?(Select All that Apply)

Options:

A.

AAA is mainly used for interaction between users and access devices.

B.

NAC is mainly used for interaction between access devices and authentication servers.

C.

NAC provides three authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication.

D.

An AAA server controls network access rights of users through authentication, authorization, and accounting.

Demo: 18 questions
Total 60 questions