Huawei H12-891_V1.0-ENU HCIE-Datacom V1.0 Online Training
Huawei H12-891_V1.0-ENU Online Training
The questions for H12-891_V1.0-ENU were last updated at Dec 22,2024.
- Exam Code: H12-891_V1.0-ENU
- Exam Name: HCIE-Datacom V1.0
- Certification Provider: Huawei
- Latest update: Dec 22,2024
Portal authentication is also called Web authentication. Users can authenticate user identities through the Web authentication page. Which of the following descriptions of Porta1 authentication is wrong?
- A . Generally, Portal authentication does not require the installation of specialized client software, so it is mainly used in terminal access scenarios that do not require client software.
- B . Porta1 authentication can authenticate users based on the combination of user name, VLAN, IP address, and MAC address.
- C . When Porta1 authentication is deployed on the network, the authenticated client needs to support the Porta1 protocol.
- D . Before performing Porta1 authentication, the client must obtain an IP address and the IP address must be reachable with the Porta1 server.
In a virtualized campus network scenario deployed through iMaster NCE-Campus, some key parameters need to be configured when configuring the authorization results for access authentication. Which of the following does not include?
- A . Authorized security groups
- B . Authorization result name
- C . Binding site
- D . Bind authentication rules
Which of the following descriptions of BGP/MPLS IP VPN network architecture is wrong?
- A . The P device only needs to have basic MPLS forwarding capabilities and does not maintain VPN related information.
- B . Under normal circumstances, CE devices are not aware of the existence of VPN, and CE devices do not need to support MPLS, MP-BGP, etc.
- C . The BGP/MPLS IP VPN network architecture consists of three parts: CE (Customer Edge), PE (Provider Edge) and P (Provider). PE and P are operator equipment, and CE is BGP/MPLS IP VPN user equipment.
- D . Sites can access each other through VPN, and a site can only belong to one VPN.
Which of the following descriptions about DHCP Snooping is wrong?
- A . If the DHCP Snooping function is enabled in the interface view, all DHCP message command functions under the interface will take effect.
- B . DHCP Snooping can prevent illegal attacks by setting trusted ports
- C . Enable DHCP Snooping globally. Without any post-parameters, the device only processes DHCPv4 messages by default.
- D . If the DHCP Snooping function is enabled in the VLAN view, the command function will take effect on the DHCP messages belonging to the VLAN received by all interfaces of the device.
In different scenarios, RSTP provides different protection functions. Which of the following is wrong?
- A . For a designated port with root protection enabled, its port role can only remain as a designated port.
- B . After enabling the anti-TC-BPDU packet attack function, the number of times the switching device processes IC BPDU packets within a unit time can be configured.
- C . After the BPDU protection function is enabled on the switching device, if the edge port receives RST BPDU, the edge port will be set as a non-edge port and the spanning tree calculation will be re-calculated.
- D . Enable root protection on the designated port. When the port receives a better RST BPDU, the port will enter the Discarding state and no longer forward packets. If the port does not receive a better RST BPDU within a period of time, it will automatically return to the normal Forwarding state.
Regarding the description of Network Address Port Translation (NAPT) and Network Address Only Translation (No-PAT), which of the following statements is correct?
- A . After NAPT conversion, for external network users, all packets will only come from the same IP address.
- B . No-PAT supports protocol address translation at the network layer
- C . NAPT only supports protocol address translation at the network layer
- D . No-PAT only supports protocol port conversion at the transport layer
Regarding the description of configuring the security level of the firewall security zone, which of the following statements is correct?
- A . For the newly created security zone, the system default security level is 1.
- B . The security level can only be set for customized security zones.
- C . In the same system, two security zones are not allowed to configure the same security level.
- D . Security level – once set, no changes are allowed
Regarding the description of MAC address spoofing attack, which of the following statements is correct?
- A . A MAC address spoofing attack will cause the data that the switch intends to send to the correct destination to be sent to the attacker.
- B . An attacker can implement a MAC address spoofing attack by sending forged source Mac address data frames to the switch.
- C . MAC address spoofing attacks mainly utilize the switch’s Mac address learning mechanism.
- D . MAC address spoofing attacks will cause the switch to learn the wrong mapping relationship between Mac addresses and IP addresses.
The default priority of VRRP devices in the backup group is?
- A . 0
- B . 100
- C . 150
- D . 200
The default sending interval of BFD detection packets is?
- A . 1000ms
- B . 10s
- C . 5s
- D . 100ms