Huawei H12-731-ENU HCIE-Security (Huawei Certified Internetwork Expert-Security) Online Training
Huawei H12-731-ENU Online Training
The questions for H12-731-ENU were last updated at Dec 23,2024.
- Exam Code: H12-731-ENU
- Exam Name: HCIE-Security (Huawei Certified Internetwork Expert-Security)
- Certification Provider: Huawei
- Latest update: Dec 23,2024
The correct statement about UDP Flood and TCP Flood attack prevention is: (Multiple Choice)
- A . The UDP protocol is connectionless, so it cannot be implemented by source detection.
- B . Prevent UDP Flood by analyzing the rules and characteristics of UDP packets sent by a certain host, the rules and characteristics are called fingerprint learning.
- C . The fingerprint learning function of UDP packets learns all fields of the packet data segment.
- D . UDP and TCP protocols can be implemented through proxy technology.
When the IPsec negotiation fails, turn on the IKE debug switch, and the following information is displayed: got NOTIFY of type INVALID_ID_INFORMATION or drop message from ABCD due to notification type INVALID_ID_INFORMATION, what does it mean?
- A . The IKE proposals at both ends do not match
- B . IPsec proposals at both ends do not match
- C . The ACL configurations at both ends do not match
- D . The LOCAL-ID-TYPE configuration at both ends do not match
What are the implementation mechanisms of intrusion prevention? (Multiple Choice)
- A . Blacklist matching
- B . Protocol Identification and Protocol Resolution
- C . Feature matching
- D . Response handling
Which statement about MTU and PMTU is correct? (Multiple Choice)
- A . MTU (Maximum Transfer Unit) refers to the size of the largest data packet that can be transmitted in the network, in bytes.
- B . The device will check the MTU on the inbound interface, and if the packet size exceeds the MTU value, it will be discarded.
- C . In an IP network, interfaces with different MTU values may be passed from the source address to the destination address, and the largest MTU value is the PMTU of the path.
- D . PMTU detection is to obtain the PMTU value of the specified destination IPv4 address through detection, and then use the MTU value to send packets.
In NGFW, to use the RBL blacklist, which of the following key options need to be configured by the network administrator? (Multiple Choice)
- A . DNS server
- B . Response code
- C . RBL server IP address
- D . SMTP server IP address
Regarding the relationship between 802.1X and RADIUS, which of the following descriptions is correct?
- A . 802.1X and RADIUS are different names for the same technology.
- B . 802.1X is a technical system that includes RADIUS.
- C . 802.1X and RADIUS are different technologies, but they are often used together to complete access control to end users.
- D . 802.1X and RADIUS are two completely different technologies and are usually not used together.
Which of the following aspects are included in the host reinforcement? (Multiple Choice)
- A . Operating system hardening
- B . Database hardening
- C . Account password security
- D . Network management system reinforcement
- E . Vulnerability scanning
What functions does content filtering include in the Huawei USG firewall? (Multiple Choice)
- A . File Content Filtering
- B . Apply Content Filtering
- C . File extension filtering
- D . Mail filtering
The intranet IP address of a Web Server deployed in the DMZ area of an enterprise is 10.1.1.3, the port is 8080, the public network address announced to the outside world is 1.1.1.2, and the external port number is 80.
Configure the following commands on the firewall:
[USG6600] security-policy
[[USG6600-policy-security] rule name untrust_to_mz
[USG6600-policy-security-rule-untrust_to_mz] source-zone untrust
[USG6600-policy-security-rule-untrust_to_mz] destination-zone dmz
[USG6600-policy-security-rule-untrust_to_mz] destination-address 1.1.1.2 32
[USG6600-policy-security-rule-untrust_to_mz] service http
[USG6600-policy-security-rule-untrust_to_mz] action permit
[USG6600] nat server webserver protocol tcp global 1.1.1.2 www inside 10.1.1.3 8080
The external network PC cannot access the Web Server at 10.1.1.3 within the enterprise. Please analyze the most likely reasons for this:
- A . The firewall does not open the default packet filtering policy from the untmut zone to the DMZ zone
- B . The firewall untrust to DMZ zone security policy should be configured as service 8080
- C . The firewall untrust to DMZ zone security policy should be configured as destination-address 10.1.1.3 32
- D . Firewall should be configured as nat server webserver protocol tcp global 1.1.1.2 80 inside 10.1.1.3 8080
The whitelist + blacklist mode is adopted in terminal security management. Which of the following are normal behaviors?
- A . The terminal host does not have the software in the whitelist installed, nor the software in the blacklist.
- B . The terminal host installs all the software in the white list, but does not install the software in the black list.
- C . Some software in the whitelist is installed on the terminal host, but the software in the blacklist is not installed.
- D . The terminal host installs all the software of the whitelist terminal, and installs some software in the blacklist.
Latest H12-731-ENU Dumps Valid Version with 206 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
