New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

H12-724 Questions and Answers

Question # 6

In some scenarios, an anonymous account can be used for authentication. What are the correct descriptions of the following options for the anonymous account?? (Multiple choice)

A.

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

B.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

C.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

D.

Administrators cannot delete anonymous accounts"~anonymous*.

Full Access
Question # 7

Agile Controller-Campus Which deployment mode is not supported?

A.

Centralized deployment

B.

Distributed deployment

C.

Hierarchical deployment

D.

Two-machine deployment

Full Access
Question # 8

Traditional network single--The strategy is difficult to cope with the current complex situations such as diversified users, diversified locations, diversified terminals, diversified applications, and insecure experience.

A.

True

B.

False

Full Access
Question # 9

Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices

A.

Enhanced mode refers to the authentication method using verification code.

B.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

C.

The enhanced mode is superior to the basic mode in terms of user experience.

D.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Full Access
Question # 10

The administrator has made the following configuration:

1. The signature set Protect_ all includes the signature ID3000, and the overall action of the signature set is to block.

2. The action of overwriting signature ID3000 is an alarm.

A.

The action of signing iD3000 is an alarm

B.

The action of signing ID3000 is to block

C.

Unable to determine the action of signature ID3000

D.

The signature set is not related to the coverage signature

Full Access
Question # 11

The results of the RBL black and white list query on the firewall are as follows:

Based on the above information only, which of the following statements is correct? (multiple choice)

A.

Mail with source address 10.17.1.0/24 will be blocked

B.

Mail with source address 10.18.1.0/24 will be blocked

C.

Mail with source address 10.17.1.0/24 will be released

D.

Mail with source address 10.18.1.0/24 will be released

Full Access
Question # 12

Information security is the protection of information and information systems to prevent unauthorized access, use, leakage, interruption, modification, damage, and to improve

For confidentiality, integrity and availability. ,

A.

True

B.

False

Full Access
Question # 13

If you use a normal account for authentication, which of the following descriptions is wrong?

A.

Users can use Any Office Perform authentication.

B.

User can't use web Way to authenticate.

C.

Users can use Web Agent Perform authentication.

D.

Users can use their own 802. 1X The client authenticates.

Full Access
Question # 14

Which of the following options is wrong for the description of the cleaning center?

A.

The cleaning center completes the functions of drainage, cleaning, and re-injection of the flow after cleaning in the abnormal flow.

B.

There are two types of drainage methods: static drainage and dynamic drainage.

C.

Re-injection methods include: policy route re-injection, static route re-injection, VVPN back-injection and layer 2 same.

D.

The cleaning equipment supports rich and flexible attack prevention technologies, but it is ineffective against cc attacks and ICMP Flood attacks.

Full Access
Question # 15

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

① WAF uses the pages in the cache to return to the client;

②WAF compares the watermark of the server page content with the page content in the cache

③Store the content of the page in the cache after learning

④ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user's visit to the website;

For the ordering of these steps, which of the following options is correct?

A.

③④②⑤①

B.

⑤①②④③

C.

②④①⑤③

D.

⑤③④②①

Full Access
Question # 16

In the WLAN wireless access scenario, which of the following network security technologies belong to user access security? (Multiple choice)

A.

AP Certification

B.

Link authentication

C.

User access authentication

D.

data encryption

Full Access
Question # 17

About the hardware SACG Certification deployment scenarios, which of the following descriptions are correct? (Multiple choice)

A.

SACG Authentication is generally used in scenarios where a stable network performs wired admission control.

B.

SACG Authentication is generally used in scenarios where new networks are used for wireless admission control.

C.

SACG It is generally deployed in a bypass mode without changing the original network topology.

D.

SACG Essentially through 802.1X Technology controls access users.

Full Access
Question # 18

There are three roles in the XMPP protocol: server, gateway, and client. Corresponding to the free mobility solution: Agile Controller-Campus as For the server, Huawei USG6000 series firewall acts as the gateway; the agile switch acts as the client.

A.

True

B.

False

Full Access
Question # 19

Regarding the trigger mechanism of 802.1X authentication, which of the following descriptions is correct? (multiple choice)

A.

802.1X Authentication can only be initiated by the client.

B.

802.1X Certification can only be done by certified equipment(like 802.1X switch)Initiate

C.

8021X The client can trigger authentication through multicast or broadcast.

D.

The authentication equipment department triggers authentication through multicast or unicast.

Full Access
Question # 20

Regarding the description of keywords, which of the following is correct? (multiple choice)

A.

Keywords are the content that the device needs to recognize during content filtering.

B.

Keywords include predefined keywords and custom keywords.

C.

The minimum length of the keyword that the text can match is 2 bytes. ,

D.

Custom keywords can only be defined in text mode.

Full Access
Question # 21

The status code in the HTTP response message indicates the type of the response message, and there are many possible values. Which of the following status codes represents the client request

The resource does not exist?

A.

400.

B.

404

C.

200

D.

503

Full Access
Question # 22

Which of the following options is not a challenge brought by mobile office?

A.

The mobile office platform is safe and reliable and goes online quickly.

B.

Users can access the network safely and quickly.

C.

Unified terminal management and fine control.

D.

Network gateway deployment

Full Access
Question # 23

When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

A.

Planting malware

B.

Vulnerability attack

C.

Web application attacks

D.

Brute force

Full Access
Question # 24

Regarding asset management, which of the following descriptions is wrong?

A.

Asset management can register assets automatically or manually.

B.

Enable the automatic asset registration mode, the asset registration process does not require end users to participate.

C.

Automatic registration of assets is suitable for situations where the asset number is automatically maintained by the business manager.

D.

Manually registering assets means that the administrator I Way to create an asset record on the business manager, and put the asset number in Any Office Enter it to complete the asset registration

process.

Full Access
Question # 25

Which of the following options belong to the upgrade method of the anti-virus signature database of Huawei USG6000 products? (multiple choice)

A.

Local upgrade

B.

Manual upgrade

C.

Online upgrade

D.

Automatic upgrade

Full Access
Question # 26

Huawei NIP6000 products provide carrier-class high-reliability mechanisms from multiple levels to ensure the stable operation of equipment.

Which of the following options belong to the network reliability? (multiple choice)

A.

Dual machine hot backup

B.

Power supply. 1+1 redundant backup

C.

Hardware Bypass

D.

Link-group

Full Access
Question # 27

Server Fault information collection tool Server Collector, which of the following does collected information items not include?

A.

Software and Patch

B.

sharing information and system account information

C.

System Log

D.

processes, services and startup

Full Access
Question # 28

Which of the following options is not a scenario supported by Free Mobility?

A.

Intranet users access the data center/Internet.

B.

When traveling users access intranet resources, traveling users pass VPN Access to the intranet.

C.

Work as a team.

D.

Realize mutual communication between devices.

Full Access
Question # 29

In centralized networking, database,SM server,SC server\ AE Servers are centrally installed in the corporate headquarters. This networking method is suitable for companies with a wide geographical distribution of users and a large number of users.

A.

True

B.

False

Full Access
Question # 30

In the terminal security management, the black and white list mode is used to check the terminal host software installation status. Which of the following situations is a compliant behavior?

A.

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

B.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

C.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

D.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

Full Access
Question # 31

The relationship between user groups and accounts in user management is stored in a tree on the Agile Controller-Campus. An account belongs to only one user group.

Consistent with the corporate organizational structure: If the OU (OnizbonUnit) structure stored in the AD/LDAP server is consistent with the corporate organizational structure, users are stored Under 0OU, when the Agile Controller-Campus synchronizes AD/LDAP server accounts, which synchronization method can be used?

A.

Press "0U" to synchronize

B.

AO Synchronize by "group", "0U describes the organizational structure

C.

AO Press "Group" "Synchronize," "Group" Jida organization structure

D.

LDAP synchronization by "group"

Full Access
Question # 32

Use hardware SACG Access control,,In hardware SACG View the results of the conversation table on the deduction.

Which of the following statements are correct? (Multiple choice)

A.

192.168.1.0 definitely is Agile Controller-Campus Manager IP address

B.

if 192.126.200.11 Is the server of the post-authentication domain, then IP Address is 192.18.0.1 If your terminal has not passed the authentication, it is possible to access the server.

C.

192.168.100.1 definitely is Agile Controller-Campus Controller IP address.

D.

If in 6 Within minutes of the conversation 192.168.0.19 154->/192.162.0.11: 15080 Not refreshed,IP Address is 192.168.0.119 If the device wants to IP Address is 192.168.200.11 For device communication, the session must be re-established.

Full Access
Question # 33

In a centralized networking, the database, SM server, SC server, and AE server are all centrally installed in the corporate headquarters. This networking method is suitable. It is used for enterprises with a wide geographical distribution of users and a large number of users.

A.

True

B.

False

Full Access
Question # 34

The administrator of a certain enterprise wants employees of Yangzhi to visit the shopping website during working hours. So a URL filtering configuration file is configured to divide the predefined

The shopping website in the category is selected as blocked. But employee A can still use the company's network to shop online during lunch break. Then what are the following possible reasons

some?

A.

The administrator has not set the time to vote every day from 9:00 to 18:00

B.

The shopping website does not belong to the predefined shopping website category

C.

The administrator did not submit the configuration after completing the configuration.

D.

The administrator has not applied the URL pass-through configuration file to the security policy.

Full Access
Question # 35

In the campus network, employees can use 802.1X, Portal,MAC Address or SACG Way to access. Use different access methods according to different needs to achieve the purpose of user access control.

A.

True

B.

False

Full Access
Question # 36

When a guest needs to access the network through an account, which of the following methods can be used to access? (Multiple choice)

A.

Create new account

B.

Use existing social media accounts

C.

No authentication, no account required

D.

Scan public QR code

Full Access
Question # 37

Agile Controller-Campus The department includes four parts of the management center(MC)Business manager(SM)And business controller(SC)And client network access equipment (NAD)As a component of the solution, it is linked with the service controller to realize user access control and free mobility.

A.

True

B.

False

Full Access
Question # 38

Which of the following options cannot be triggered MAC Certification?

A.

ARP Message

B.

DHCP Message P

C.

DHCPv6 Message

D.

ICMP Message

Full Access
Question # 39

Regarding the definition of WIPS/WIDS, which of the following statements is correct?

A.

WIDS Is a wireless intrusion prevention system

B.

WIPS Wireless intrusion detection system

C.

WIDS Is a wireless intrusion countermeasure system

D.

WIPS Is a wireless intrusion prevention system

Full Access
Question # 40

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

A.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

B.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

C.

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

D.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Full Access
Question # 41

Which of the following options are relevant to Any Office The description of the solution content is correct? (Multiple choice)

A.

Provide unified and secure access to enterprise mobile applications on mobile terminals.

B.

The tunnel is dedicated and cannot be penetrated by viruses.

C.

Applications are quickly integrated and can be extended.

D.

It can be quickly integrated and docked with the enterprise application cloud platform.

Full Access
Question # 42

In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed

In the high-performance engine. Which of the following is not the content security detection function supported by this product?

A.

Application recognition and perception

B.

URL classification and filtering

C.

Video content filtering

D.

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

Full Access
Question # 43

Which of the following iterations is correct for the description of the management center?

A.

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

B.

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

C.

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

D.

The management center is divided into two parts: management server and teaching data collector.

Full Access
Question # 44

Which of the following options is for Portal The statement of the gateway access process is correct?

A.

Portal gateway initiates Radius Challenge request message, including user name and password information

B.

The ACL issued by the server to the access gateway is carried in the Portal protocol message

C.

Issue policies while performing identity authentication

D.

The Portal server needs to pass the security check result to the access gateway device

Full Access
Question # 45

Location refers to the end user's use AC-Campus The terminal environment when accessing the controlled network office. Which of the following options is correct for the description of the place?

A.

Different places can have different security policies.

B.

The location has nothing to do with safety.

C.

There can only be one place in the company.

D.

Place and location have nothing to do.

Full Access
Question # 46

In the visitor reception hall of a company, there are many temporary terminal users, and the administrator hopes that users do not need to provide any account numbers and passwords. access Internet. Which of the following authentication methods can be used for access?

A.

Local account authentication

B.

Anonymous authentication

C.

AD Account Verification

D.

MAC Certification

Full Access
Question # 47

Deploying on Windows platform, using SQL Server database About the HA function of Agile Cotoller-Campus, which of the following descriptions Is it correct? (multiple choice)

A.

Deployment Management Center MC Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

B.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

C.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

D.

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

Full Access
Question # 48

The user needs of a university are as follows:

1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

3. At the same time, some pornographic websites in the student area are prohibited.

The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

155955cc-666171a2-20fac832-0c042c0415

A.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

B.

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

C.

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

D.

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

Full Access
Question # 49

For SYIN Flood attacks, TCP source authentication and TCP proxy can be used for defense. Which of the following descriptions is correct?

A.

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

B.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

C.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

D.

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

Full Access
Question # 50

Regarding traditional firewalls, which of the following statements are correct? (multiple choice)

A.

Lack of effective protection against application layer threats.

B.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

C.

Ability to quickly adapt to changes in threats.

D.

Unable to accurately control various applications, such as P2P, online games, etc. .

Full Access
Question # 51

When configuring the antivirus software policy, if you set"The required antivirus software violation level is not installed or running"for"generally"And check"out Now serious violation of the rules prohibits access to the network"Options. When the user uses Any office Certify, The certification is passed, but the result of the security check Can the user access the network when the virus software is not turned on?

A.

Can access the network? Can also access network resources.

B.

Cannot access the network.

C.

Can pick up? The network needs to be repaired before you can access network resources.

D.

You can access the network, but you need to re-authenticate to access network resources.

Full Access
Question # 52

Since the sandbox can provide a virtual execution environment to detect files in the network, the sandbox can be substituted when deploying security equipment

Anti-Virus, IPS, spam detection and other equipment.

A.

True

155955cc-666171a2-20fac832-0c042c0414

B.

False

Full Access
Question # 53

What equipment do Policy Center supported servers include? (Choose 3 answers)

A.

remote control device

B.

mail server

C.

Internet behavior management equipment

D.

log collection server

Full Access
Question # 54

When the -aa command is used on the access control device to test the connectivity with the Radius server, the running result shows success, but the user cannot Normal access, the possible reason does not include which of the following options?

A.

The access layer switch does not start EAP Transparent transmission function.

B.

wireless 02K In the scenario, the access control device is not equipped with a security board

C.

AD The service controller is not added in the authentication scenario AD area.

D.

The user account or password is incorrectly configured.

Full Access
Question # 55

In the deployment of Huawei NIP6000 products, only port mirroring can be used for streaming replication.

A.

True

B.

False

Full Access