HCIP-Security V4.0 Exam Preparation Dumps, Exams of Advanced Education

Download HCIP-Security V4.0 Exam Preparation Dumps and more Exams Advanced Education in PDF only on Docsity!

Exam : H12-725_V4.

Title :

https://www.passcert.com/H12-725_V4.0.html

HCIP-Security V4.

1 .Bandwidth channels define specific bandwidth resources and are the basis for bandwidth management. Which of the following is a resource that can be defined in a bandwidth channel? A. Bandwidth policy B. Daily traffic quota C. Egress bandwidth restrictions D. Strategic exclusivity Answer: D 2 .Which of the following descriptions of the characteristics of SSL VPN is incorrect? A. SSL VPN supports few authentication types and is difficult to integrate with the original identity authentication system. B. SSL VPN can support various IP applications C. SSL VPN can parse intranet resources to the application layer and publish applications in a granular manner D. Since the SSL VPN login method uses a browser, the automatic installation and configuration of the client is realized, so that users can quickly log in with their devices anytime and anywhere, and it also relieves the pressure of network administrators in maintaining the client. Answer: A 3 .Which of the following is not the responsibility of the Anti-DDos Defense System Management Center? A. Security report analysis B. Device Management C. Issue defense strategies D. Carry out traffic diversion Answer: D 4 .Which of the following descriptions of outbound traffic in a firewall virtual system is correct? A. Traffic flowing from the private network interface to the public network interface is limited by the bandwidth in the inbound direction. B. Traffic flowing from the public network interface to the private network interface is limited by the bandwidth in the inbound direction. C. Traffic flowing from the private network interface to the public network interface is limited by the outbound bandwidth. D. Traffic flowing from the public network interface to the private network interface is limited by the outbound bandwidth. Answer: C 5 .Which of the following descriptions of the Anti-DDoS solution networking mode are correct? A. Straight-line deployment is simple, and it is connected in series in the network, so there is no need to consider single points of failure. B. In a bypass deployment network, traffic does not pass through the cleaning center by default. C. Bypass deployment supports dynamic traffic diversion to draw traffic to the cleaning center D. Bypass deployment can draw traffic to the cleaning center for detection and cleaning through static traffic diversion.

policy. C. Both ends of the IPSec tunnel can be configured with IPSec in policy template mode. D. The IPSec security policy using policy templates can simplify multiple IPSec Answer: ABD 12 .Which of the following mirroring methods does Huawei Anti-DDoS defense system support? A. Policy routing traffic diversion B. Use port mirroring on the egress device C. Spectrometer splits light D. BGP drainage Answer: BC 13 .Which of the following descriptions of file sharing in SSL VPN are correct? A. Select SMB for file sharing resources under Windows system B. In the file sharing business, the firewall plays the role of a protocol converter. C. Select NFS for file sharing resources under Linux system D. The path format of shared resources has nothing to do with the resource type. Answer: ABC 14 .Which of the following descriptions of the file sharing function in SSL VPN are correct? A. It allows remote access users to securely access the enterprise's internal file server directly through the browser B. This function allows users to access the intranet file server without installing a file sharing client. C. During the business interaction process, the firewall serves as a transfer station to convert access and response formats. D. Only supports converting NFS format protocols into SSL-based Hypertext Transfer Protocol Answer: ABC 15 .Which of the following descriptions of the traffic table are correct? A. What is recorded in the traffic diversion table is the binding relationship between the IP address and the MAC address. B. Packet hits in the traffic diversion table are divided into two situations: forward hits and reverse hits. C. The traffic diversion table can solve the problem of tight session resources when the business volume is large. D. The traffic diversion table can reduce the number of policies configured on the root system Answer: BCD 16 .Which of the following descriptions of MAC authentication are correct? A. MAC authentication simplifies user operations B. MAC authentication is suitable for scenarios where users are dispersed and users are highly mobile. C. Account management for MAC authentication is relatively simple D. MAC authentication does not require client installation Answer: ACD

17 .Which of the following descriptions of virtual system administrators are correct? A. The root system administrator can create one or more administrators for the virtual system B. Both the root system administrator and the virtual system administrator can delete the related configurations of other virtual systems. C. After enabling the virtual system function, the existing administrator on the device will become the administrator of the virtual system D. According to the type of virtual system, administrators are divided into root system administrators and virtual system administrators Answer: AD 18 .Which of the following are resources that can be managed in a bandwidth channel? A. Connection limit B. Strategic exclusivity C. Independent control of uplink and downlink bandwidth D. Overall guaranteed bandwidth Answer: ABCD 19 .With the continuous development of network technology, new vulnerabilities, new attack tools, and attack methods continue to appear. Only by constantly updating the signature database can IPS devices provide continuous and effective defense for networks, systems, and businesses. Which of the following descriptions of the IPS signature database are correct? A. Huawei IPS signature database only supports manual upgrade B. Huawei IPS signature database supports manual upgrade and automatic upgrade C. Users can download the latest intrusion prevention signature library from Huawei’s official website D. After upgrading the Huawei IPS signature database, you need to restart the device for it to take effect. Answer: BC 20 .Which of the following descriptions of 802.1X authentication are correct? A. The client can send DHCP/ARP or any message to initiate 802.1X authentication. B. The 802.1X authentication system uses the Extensible Authentication Protocol EAP to realize information exchange between the client, device and authentication server. C. The 802.1X protocol is a Layer 2 protocol that does not need to reach Layer 3. It does not have high requirements on the overall performance of the access device and can effectively reduce network construction costs. D. The client can trigger 802.1X authentication by sending an EAPoL-Start message. Answer: BCD