최신 H12-711_V4.0 무료덤프 - Huawei HCIA-Security V4.0

문제1

Which of the following are the main tasks of IKEv1 in the first phase of negotiation? (Multiple Choice)

A. Establish IPsec SA to protect transmitted data

B. Negotiate the parameters used to establish IKE SA

C. Use DH algorithm to exchange key agreement information

D. Peers verify each other's identities

정답: B,C,D

문제2

Which of the following harms may vulnerabilities bring to enterprises? (Multiple Choice)

A. Viruses control host permissions through vulnerabilities

B. Worms use application software to consume network bandwidth

C. Hackers exploit vulnerabilities to invade the server

D. Business secrets have been tampered with, destroyed and stolen

정답: A,B,C,D

문제3

In PKI, if you manually replace the CA and local certificate, please first ensure that the CA and local certificate are not used by the business.

A. True

B. False

정답: A

문제4

Please match the following application layer service protocols with the correct transport layer protocols and port numbers.

정답:

문제5

Please classify the following security defense methods into the correct categories.

정답:

문제6

The main reason why NAPT can achieve one-to-many address translation is that () is also translated when the address is translated, so multiple private network addresses can share one public network address.

정답:

Port number

문제7

DH algorithm is an asymmetric encryption and decryption algorithm and is generally used by both parties to negotiate a symmetric encryption key.

A. True

B. False

정답: A

문제8

Which of the following server authentications does Huawei firewall support? (Multiple Choice)

A. RADIUS

B. LDAP

C. AD

D. HWTACACS

정답: A,B,C,D

문제9

Because NAT technology can realize one-to-many address translation, with NAT technology, you no longer have to worry about insufficient IPv4 addresses.

A. True

B. False

정답: B

문제10

As shown in the figure, when R1 receives a data packet accessing PC2, which of the following route prefixes will be matched?

A. 192.168.1.88/30

B. 192.168.1.0/24

C. 192.168.0.0/16

D. 192.168.1.96/29

정답: A

문제11

Regarding the description of an intrusion detection system, which of the following is incorrect?

A. The intrusion detection system can be linked with firewalls and switches to become a powerful
"assistant" of the firewall to better and more accurately control traffic access between domains.

B. The intrusion detection system can dynamically collect a large amount of key information through the network and computer, and can analyze and judge the current status of the entire system environment in a timely manner.

C. Once the intrusion detection system discovers behavior that violates security policies or there are traces of the system being attacked, it can implement blocking operations.

D. Intrusion detection system includes all software and hardware systems used for intrusion detection

정답: C

문제12

Which of the following descriptions about single sign-on is correct?

A. The visitor obtains the SMS verification code through the Portal authentication page, and then enters the SMS verification code to pass the authentication.

B. Visitors send the username and password identifying their identity to the firewall through the Portal authentication page. The password is not stored on the firewall. The firewall sends the username and password to a third-party authentication server, and the verification process is performed on the authentication server.

C. The visitor sends the username and password identifying his or her identity to the firewall through the Portal authentication page. The password is stored on the firewall, and the verification process is performed on the firewall.

D. The visitor sends the username and password identifying his or her identity to the third-party authentication server. After passing the authentication, the third-party authentication server sends the visitor's identity information to the firewall. The firewall only records the visitor's identity information and does not participate in the authentication process.

정답: D

문제13

Which of the following types of firewalls has the highest processing efficiency when processing non- first packet data flows?

A. Packet filtering firewall

B. Stateful Monitoring Firewall

C. Proxy firewall

D. Software firewall

정답: B

문제14

The protocol number of the transport layer protocol TCP is ()

정답:

6

문제15

Which of the following contents can be backed up by HRP? (Multiple Choice)

A. TCP session table

B. ARP entry

C. Blacklist

D. Server-map entry

정답: A,B,C,D

문제16

Drag the warning levels of network security emergency response on the left into the box on the right, and arrange them from top to bottom in order of severity from high to low.

A. Blue Alert

B. Yellow Alert

C. Red Alert

D. Orange Alert

정답: A,B,C,D

문제17

There are various security threats during the use of the server.
Which of the following options is not a server security threat?

A. Natural disaster

B. DDos attack

C. Malicious programs

D. Hacker attack

정답: A

최신 H12-711_V4.0 무료덤프 - Huawei HCIA-Security V4.0

우리와 연락하기

유용한 링크

최신 업데이트