Professional Documents
Culture Documents
Vendor: Huawei Exam Code: HC-711-ENU: - Constructing Basic Security Network (HCNA-CBSN) - ENU
Vendor: Huawei Exam Code: HC-711-ENU: - Constructing Basic Security Network (HCNA-CBSN) - ENU
Version: Demo
QUESTION NO: 1
After using the vpn client user Wang l2tp vpn dial from outside the network normally get the
address and found able to access all the resources within the network, but it cannot open the page
on the internet, possible reasons for the?
Answer: D
Explanation:
QUESTION NO: 2
In tunnel mode, AH security protocol, which of the following new IP packet header fields without
data integrity check?
A. TTL
B. Source IP address
C. Destination IP address
D. The source IP address and destination IP address
Answer: A
Explanation:
QUESTION NO: 3
SSL VPN file sharing applications in use need to enter a user name, password, and domain
information, in order not to enter a user name and password, you can set the permissions on the
file sharing server.
A. True
B. False
Answer: A
Explanation:
2
QUESTION NO: 4
A. PPTP
B. L2F
C. L2TP
D. PP2F
Answer: C
Explanation:
QUESTION NO: 5
Difference IPSEC security protocol that AH AH and ESP can achieve data encryption, data
validation to support a wider range of ESP?
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 6
ASPF makes firewall to support multiple data channels of a control on the channel protocol, but
also to facilitate the formulation of policies in various security applications are very complex
situation.
A. True
B. False
Answer: A
Explanation:
3
QUESTION NO: 7
SVN3000 network expansion in the application, the client obtains an IP address in two ways: the
virtual gateway address pool and DHCP server within the network.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 8
Network Address Port Translation (NAPT) and Network Address Translation (NAT) what is the
difference? (Choose two)
A. After NAPT conversion for users outside the network,all packets from the same IP address or
IP address of a few
B. NAT only supports application layer protocol address translation
C. NAPT only supports network layer protocol address translation
D. NAT support network layer protocol address translation
Answer: A,D
Explanation:
QUESTION NO: 9
In the GRE configuration environment, under the Tunnel interface mode, destination address
generally refers to?
Answer: C
Explanation:
4
QUESTION NO: 10
A. AH
B. ESP
C. 3DES
D. AES
Answer: A,B
Explanation:
QUESTION NO: 11
1, file server accepts the request packet, the format of the response SMB packet to SVN;
2, the client user initiates a request inwards network file server HTTPS format, sent to SVN;
3, SVN SMB response packet will be converted to HTTPS format and forwarded to the client;
4, SVN HTTPS requests will be converted to the format of packets SMB packet format and
forwarded to the file server.
A. 1-2-3-4
B. 2-4-1-3
C. 3-1-4-2
D. 3-1-2-4
Answer: B
Explanation:
QUESTION NO: 12
Access control lists which mainly consists of the following scenarios? (Choose three)
5
Answer: A,B,C
Explanation:
QUESTION NO: 13
Which of the following protocols are GRE VPN technology in the world's most used Internet
transport protocol?
A. GRE
B. IPX
C. IP
D. TCP
Answer: C
Explanation:
QUESTION NO: 14
Use one or many- way NAT translation (non- PAT), when all are using the external IP address
(using NAT technology to access the Internet application scenarios), the subsequent network
users Internet For what will happen?
Answer: B
Explanation:
QUESTION NO: 15
A. FTP
B. Telnet
C. HTTP
D. SMTP
6
Answer: A
Explanation:
QUESTION NO: 16
About stateful inspection firewall and packet filtering firewall description is correct.
A. Packet filtering firewall is not required for each packet entering the firewall rule matching;
B. Because the UDP protocol is connectionless -oriented protocol,so stateful inspection firewall
UDP packetscannotmatch state table;
C. When stateful inspection firewall to inspect packets,packets of the same before and after the
connection is not relevant.
D. Stateful inspection firewall only needs to connect to the first packet to match the access
rule,which is connected directly to the subsequent packets matching(to TCP applications,for
example) in the state table
Answer: D
Explanation:
QUESTION NO: 17
Firewalls can protect the internal network security in the Internet, but cannot protect the host
security in an internal network.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 18
Applied on the interface of the firewall packet filtering, cited acl2000, the source IP address of the
IP address 192.168.0.55 to reach the interface, the following statements is correct? (Choose two)
7
rule deny source 192.168.0.32 0.0.0.31
Answer: B,D
Explanation:
QUESTION NO: 19
SVN file sharing technology is to convert the file sharing protocol to SSL-based Hypertext Transfer
Protocol (Https), for end-users feel is a Web-based file server application.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 20
LNS through what information (protocol field) to determine the packet as L2TP packet and sent
L2TP protocol processing module for processing?
Answer: D
Explanation:
QUESTION NO: 21
When TSM system supports strong linkage anti-virus software, anti-virus software will be able to
drive anti-virus and other operations.
8
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 22
In these types of scenarios, mobile users need to install additional features (L2TP) for VPDN
software?
Answer: B
Explanation:
QUESTION NO: 23
The following are the main features stateful inspection firewall is which?
A. Processing speed
B. Excellent follow-up packet processing performance
C. Only detect the network layer
D. Packet filtering detection for each package
Answer: B
Explanation:
QUESTION NO: 24
When configuring l2tp, for commands allow l2tp virtual-template, statements is correct?
9
D. LNS to accept the call to specify the use of Virtual-Template
Answer: D
Explanation:
QUESTION NO: 25
Answer: A,C,D
Explanation:
QUESTION NO: 26
A. WWW
B. FTP
C. PING
D. TELNET
Answer: B
Explanation:
QUESTION NO: 27
10
Answer: A
Explanation:
QUESTION NO: 28
Answer: A,C,D
Explanation:
QUESTION NO: 29
Packet filtering firewall at the application layer for each packet inspection, forwarding or discarding
packets according to the configured security policy:
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 30
Interzone packet filtering matching principle is: first find inter-domain Policy, if there is no matching
policy, the domain will not find among other strategies, but directly to discard the packet, refused
to pass.
A. True
B. False
Answer: B
Explanation:
11
QUESTION NO: 31
Meaning Trunk Access Port PVID value and significance of the port PVID bit different, in Access
represents the value of the default VLAN, but said the port belongs to the VLAN Trunk actually.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 32
Compare similar symmetric encryption algorithms and asymmetric encryption algorithm key
distribution method, encryption and decryption are performed by the information sent to the
receiver key, the method can be used to send E-mail and other means.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 33
Packet filtering firewall does not check the session state data content analysis, safety cannot be
adequately protected.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 34
Asymmetric encryption algorithm strength stronger than symmetric algorithms, asymmetric
12
algorithms because the longer the key length.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 35
SVN3000 virtual gateway, which can be accessed using the IP address, and can be accessed
using the domain name which of the following types?
A. Exclusive type
B. Share -based
C. Fixed
D. Manual type
Answer: A
Explanation:
QUESTION NO: 36
Stateful inspection firewall intercepts packets at the network layer and application layer extracted
from each state information security policies need, and save the session table, through the
analysis of these sessions tables and data packets associated with the connection request to
make a follow-up appropriate decision.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 37
Which of the following ways L2TP VPN, the tunnel is established between the client and the LNS
Client -side?
13
A. Client-Initialized L2TP way
B. NAS-Initialized L2TP way
C. Unsolicited L2TP
D. VPDN
Answer: A
Explanation:
QUESTION NO: 38
A. GRE
B. L2TP
C. MPLS
D. L2TP + IPSec
Answer: B,D
Explanation:
QUESTION NO: 39
nat server 1 protocol tcp global 1.1.1.1 ftp inside 10.1.1.2 ftp
policy 0
action source-nat
address-group 1
14
The following statement is correct that:
A. NAT outbound configuration,network users to access the external network into an address in
the address pool 10.1.1.5 10.1.1.10
B. untrust host access nat server 1.1.1.1, destination address into 10.1.1.2, the original address
unchanged
C. Built- domain nat,DMZ host access nat server 1.1.1.1, destination address into 10.1.1.2, the
source address into the address pool 1
D. NAT inbound configuration,untrust host access nat server 1.1.1.1, destination address into
10.1.1.2, the source address into the address pool 1
Answer: D
Explanation:
QUESTION NO: 40
A. DES
B. 3DES
C. AES
D. MD5
Answer: A,B,C
Explanation:
QUESTION NO: 41
A. 192.168.11.0-192.168.11.255
B. 192.168.11.32-192.168.11.63
C. 192.168.11.31-192.168.11.64
D. 192.168.11.32-192.168.11.64
Answer: B
Explanation:
15
QUESTION NO: 42
The following statement about the NAT address translation Which is correct: (Choose three)
A. NAT technology can effectively hide the hosts on the LAN,is an effective network security
technology.
B. NAT can follow the user’s needs, providing FTP, WWW, Telnet and other services outside the
LAN.
C. Some application layer protocols carry IP address information in the data,but also to modify the
data in the upper IP address information when they make NAT.
D.
For some non- TCP, UDP protocol(such as ICMP, PPTP), NATcannotdo the conversion.
Answer: A,B,C
Explanation:
QUESTION NO: 43
When you configure ipsec, ike local-name for the command statement is correct? (Choose two)
A. When using aggressive mode,when the name of the authentication,you need to configure the
local name
B. Use main mode when you need to configure the local name
C. The local name must be on the side of the remote-name consistent configuration
D. Local name must configure remote-name local consistency
Answer: A,C
Explanation:
QUESTION NO: 44
SVN3000 following ways in which you can access the user control? (Choose three)
A. IP
B. MAC
C. PORT
D. URL
Answer: A,C,D
Explanation:
16
QUESTION NO: 45
When the device at both ends of the tunnel is using IPSec non-template approach, ACL need to
completely mirror configuration?
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 46
Answer: D
Explanation:
QUESTION NO: 47
The following protocol, the data link layer to work with? (Choose three)
A. IP
B. PPP
C. HDLC
D. FR
Answer: B,C,D
Explanation:
17
QUESTION NO: 48
Which of the following hardware components SACG primarily for data exchange?
A. SM management server
B. SC control server
C. Agent
D. The database server
Answer: B
Explanation:
QUESTION NO: 49
Which of the following types of Ethernet switch ports, after the data flow out of the port may also
carry VLAN identification? (Choose two)
A. Access Port
B. Trunk port
C. Hybrid port
D. Switch port
Answer: B,C
Explanation:
QUESTION NO: 50
SVN3000 network expansion capabilities, the need to implement a remote user can only access
the corporate network, you cannot access the local LAN and Internet, the client needs to use
routing as follows:
Answer: A
Explanation:
18
QUESTION NO: 51
Source socket means: source IP address + port + source and destination IP address
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 52
For inter-domain packet filtering, the following statements is correct? (Choose three)
Answer: A,B,D
Explanation:
QUESTION NO: 53
When a router receives a packet, if no match is found, the specific route entry, the default routing
table can be forwarded.
A. True
B. False
Answer: A
Explanation:
19
QUESTION NO: 54
Source address, destination address, protocol type, IP bearer senior ACL2000 ~ 2999 can use the
packet (such as TCP source port, destination port, ICMP protocol type, message code, etc.)
defined rules.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 55
In the inter- domain packet filtering firewall, the following is not a direction (Outbound)?
Answer: D
Explanation:
QUESTION NO: 56
Answer: C
Explanation:
QUESTION NO: 57
20
Here on Client-Initialized the L2TP VPN, right there saying? (Choose three)
A. L2TP tunnel connection request initiated remote users via PSTN / ISDN access to NAS, to get
permission to access the Internet directly to the remote LNS.
B. L2TP LNS device receives user connection requests,based on the user name and password to
authenticate the user
C. LNS assigns a private IP address for the remote user.
D. VPN remote dial-up users do not need to install software
Answer: A,B,C
Explanation:
QUESTION NO: 58
Which of the following products can be achieved on NAT audit log management?
A. TSM
B. DSM
C. eLog
D. VSM
Answer: C
Explanation:
QUESTION NO: 59
Note that when the Clear to clear ISAKMP SA SA Stage 1, and then remove IPSEC SA Phase 2.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 60
21
A. TMC (TSM Management Center)
B. SM Security Manager
C. SC safety controller
D. SA Security Agent
Answer: A
Explanation:
QUESTION NO: 61
Under the same conditions for an encryption algorithm, key lengths longer need to crack the
higher the cost.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 62
IPSec if want to do a new IP packet header validation, you need to use what IPSec security
protocol?
A. AH
B. ESP
C. MD5
D. SHA1
Answer: A
Explanation:
QUESTION NO: 63
22
C. Public key certificate
D. Certificate private key
Answer: D
Explanation:
QUESTION NO: 64
Answer: C
Explanation:
QUESTION NO: 65
Which of the following three types of VPN more assurance in terms of security?
A. GRE
B. PPTP
C. IPSec
D. L2F
Answer: C
Explanation:
QUESTION NO: 66
A. Link Aggregation
B. Static Routing
C. Hot Standby
D. Long connection
23
Answer: B,C
Explanation:
QUESTION NO: 67
A. ASPF checking application layer protocol application layer protocol information and monitor the
connection status
B. ASPF by dynamically generating ACL to determine whether the packet through the firewall
C. Servermap table is a temporary table entry
D. Servermap table with the five-tuple to represent a conversation
Answer: A,C
Explanation:
QUESTION NO: 68
No matter under what circumstances? 2 packets between interfaces must flow through the firewall
interzone packet filtering?
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 69
For E1/CE1 configuration (1, 2 configure virtual serial port IP address, configure virtual serial link
layer protocol 3, 4 E1 configuration mode, configure timeslot bundling), correct configuration
sequence is:
A. 1-2-3-4
B. 2-1-3-4
C. 3-4-2-1
D. 4-3-2-1
24
Answer: C
Explanation:
QUESTION NO: 70
A. Availability
B. Confidentiality
C. Integrity
D. Truth
Answer: A
Explanation:
QUESTION NO: 71
A. Access VPN
B. Intranet VPN
C. Internet VPN
D. Extranet VPN
Answer: A
Explanation:
QUESTION NO: 72
A. NAT Outbound refers to the source IP address conversion,NAT Inbound refers to the
destination IP address conversion
B. NAT Inbound NAT Server commands and command consistent feature configuration can be
selected according to personal preference
C. Outbound direction NAT supports the following applications: one -many,many-to-
D. NAT technology to support multi-channel protocols, such as FTP and other standard multi-
25
channel protocol
Answer: A,B
Explanation:
QUESTION NO: 73
In the system view, execute the command reset saved-configuration, the configuration file will be
erased.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 74
In IPSEC VPN, the tunnel mode is mainly used in which of the following scenarios?
Answer: C
Explanation:
QUESTION NO: 75
Answer: A
26
Explanation:
QUESTION NO: 76
A. Pre-authentication domain
B. After authentication domain
C. Isolated domain
D. TSM domain
Answer: A,B,C
Explanation:
QUESTION NO: 77
Between the Client and the LAC protocol by which to communicate? (Choose two)
A. PPP
B. PPPOE
C. IP
D. UDP
Answer: A,B
Explanation:
QUESTION NO: 78
In some scenarios, it is necessary to convert the source IP address, destination IP address but
also for the conversion, is called bidirectional NAT.
A. True
B. False
Answer: A
Explanation:
27
QUESTION NO: 79
Which of the following devices will not be affected "Monitoring USB storage device " policy
control?
A. USB mouse
B. U disk
C. USB drive
D. USB hard drives
Answer: A
Explanation:
QUESTION NO: 80
Execution acl 3000 match-order auto configured, the data flow will match what way the ACL?
Answer: A
Explanation:
QUESTION NO: 81
GRE Tunnel ends of the device if configured to identify keyword, keyword identification must be
consistent in order to pass validation.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 82
28
In the firewall, detect ftp command configuration in which mode?
A. System Mode
B. Interface Mode
C. Domain mode
D. Inter-domain model
Answer: D
Explanation:
QUESTION NO: 83
Tunnel interface (Tunnel Interface) is a virtual interface to achieve multipoint type of packet
encapsulation provided.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 84
SVN3000 product extensions supported by the network access methods, including what?
(Choose three)
Answer: A,B,D
Explanation:
QUESTION NO: 85
29
A. L2TP supports two types of messages : control messages and data messages
B. Control messages for tunnel and session connection establishment, maintenance,and
transmission control.
C. Data messages are used to encapsulate PPP frames and transmitted over the tunnel.
D. Control messages and data messages are transmitted reliably provide flow control and
congestion control.
Answer: D
Explanation:
QUESTION NO: 86
When a data frame into the switch port VLAN Access will check whether the data frame with VLAN
tag tag tag tag if carry, then discarded; If no tag tag, be marked PVID of the port.
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 87
About GRE checksum verification techniques, when the end of the configuration checksum while
the client does not check and when configured correctly described below have () (Choose two)
Answer: B,C
Explanation:
QUESTION NO: 88
Private business network address cannot be on the road in the internet, if the user needs to
access the private network address internet, need to go through the NAT.
30
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 89
Security Alliance (SA) is composed of tuples which uniquely identify? (Choose three)
A. SPI
B. Source IP address
C. Destination IP address
D. Security Protocol No.
Answer: A,C,D
Explanation:
QUESTION NO: 90
Matching advanced ACL, you can dimension source IP address, destination IP address, source
MAC address, destination MAC address, protocol traffic to match.
A. True
B. False
Answer: B
Explanation:
QUESTION NO: 91
31
authentication and access control,and other business.
Answer: B,C,D
Explanation:
QUESTION NO: 92
A. True
B. False
Answer: A
Explanation:
QUESTION NO: 93
Which of the following IKE exchange mode IP address can be used to identify or by Name manner
peer?
A. Master Mode
B. Aggressive Mode
C. Fast mode
D. Passive mode
Answer: B
Explanation:
QUESTION NO: 94
When configuring l2tp, the command start l2tp {ip ip-address, statement is correct? (Choose three)
Answer: B,C,D
32
Explanation:
QUESTION NO: 95
A. 1
B. 3
C. 5
D. 10
Answer: C
Explanation:
QUESTION NO: 96
Which of the following techniques can be implemented to refuse illegal host or illegal data
packets? (Choose three)
Answer: A,B,C
Explanation:
QUESTION NO: 97
For VPN Client users, you can use the following way to the LAC device which initiated the
request? (Choose two)
A. PPP
B. PPPOE
C. IP
D. TCP
Answer: A,B
33
Explanation:
QUESTION NO: 98
GRE is a technology by which of the following protected data stream that is selected packets are
encapsulated into GRE packets?
A. ACL
B. Static Routing
C. Routing Policy
D. User Account
Answer: B
Explanation:
QUESTION NO: 99
IKE main mode and aggressive mode are the main differences? (Choose two)
A. Exchange messages using the three main mode packet mode uses six brutal message
B. Finally, there are two main mode message encryption, identity protection
C. Finally, there are two messages savage mode encryption, identity protection
D. Master mode only way to identify the IP address of the peer,and barbarous mode can be used
to identify the IP address or name of the peer manner.
Answer: B,D
Explanation:
In tunnel mode IPSec applications in which data packets following areas protected by encryption?
(Choose two)
34
Answer: B,D
Explanation:
A. interface Virtual-Template 1
B. interface Ethernet 0/0(within the network)
C. interface Ethernet 0/0(external network)
D. interface loopback 1
Answer: A
Explanation:
For stateful inspection firewall, if not the first TCP packet package will not be interzone packet
filtering checks.
A. True
B. False
Answer: A
Explanation:
A. 5000
B. 10000
C. 20000
D. 40000
Answer: C
Explanation:
35
QUESTION NO: 104
Which of the following IKE exchange mode can only use IP addresses to identify peer manner?
A. Master Mode
B. Aggressive Mode
C. Fast mode
D. Passive mode
Answer: A
Explanation:
A. ARP
B. IGMP
C. TELNET
D. TFTP
Answer: C,D
Explanation:
After the LAC configure the Ethernet interface to bind the virtual template interface, Ethernet
interface may configure the IP address.
A. True
B. False
Answer: A
Explanation:
36
QUESTION NO: 107
For the firewall that comes trust and untrust security zone statement right there? (Choose two)
A. Untrust zone access area from the trust direction outboud direction
B. Untrust zone access area from the trust direction inboud direction
C. Follow the direction of inter-domain access does not matter which area initiated only associated
with priority
D. When entering the inter-domain view,the trust must be placed in front of the area
Answer: A,C
Explanation:
Following the agreement, the work at the network layer have? (Choose two)
A. ICMP
B. IGMP
C. FTP
D. TELNET
Answer: A,B
Explanation:
Packet forwarding based routing table information, which of the following information will then be
routed to match forwards?
Answer: A
Explanation:
37
QUESTION NO: 110
A. User address allocation has been assigned an IP address bound and dynamically assigned IP
addresses from the address pool in two ways
B. L2TP user-assigned IP address can be any address
C. L2TP user-assigned IP address and the address of the network to be accessed in the same
network segment
D. Address assignment plan well in advance to avoid address conflicts exist
Answer: B
Explanation:
Answer: A
Explanation:
A. The LNS L2TP client must configure the IP address of the virtual interface template,and the
virtual interface template need to join the security domain
B. Firewall policies in order to ensure the normal dial-up users log on,you must configure the
firewall to receive L2TP tunnel packets security zone where the physical interface between the
regions and the Local
C. Dial-up users need access to internal network resources, you must configure the firewall policy
template region corresponding virtual interface and internal security network located between
areas where security
38
D. If a virtual template interface is added to a safe area,you can directly delete the security zone.
Answer: A,B,C
Explanation:
Users log in via TELNET device, because many times forgotten password login authentication
fails, resulting in the account is frozen for several minutes, what is the role of technology?
A. ACL
B. Attack prevention
C. Blacklist
D. Account frozen
Answer: C
Explanation:
A. Simple mechanism
B. CPU load on both ends of the small tunnel
C. Encrypt data
D. Does not provide traffic control and QoS.
Answer: A,B,D
Explanation:
When configuring L2TP group, which of the following commands can be described l2tp-group 1 is
the default L2TP group?
39
D. allow l2tp virtual-template 1 default
Answer: C
Explanation:
TSM system support and Duba Online version 5.0, KV2010 Jiangmin and Rising Online antivirus
software, such as the strong linkage.
A. True
B. False
Answer: B
Explanation:
A. Pre-authentication domain is the area by the client before authentication can be accessed
B. After authentication domain is the area the client can access through the security certification
C. Isolated domain refers to the area by the client access authentication must
D. Isolated domain is required for access to the area when the client security authentication failure
Answer: C
Explanation:
Answer: A,B,C
40
Explanation:
eLog log management system products using the B / S architecture supports centralized,
distributed deployment, diverse log acquisition mode, provides the industry's most extensive
device support.
A. True
B. False
Answer: A
Explanation:
Proxy Firewall role in the transport layer of the network, its essence is the business directly
between the internal network and external network users by the proxy firewall takes over.
A. True
B. False
Answer: B
Explanation:
The following information about the different types of firewalls correct to say there? (Choose three)
A. Packet filtering firewall for each packet through the firewall,should be carried out to check ACL
match
B. Stateful inspection firewall does not hit only the first session packets matching ACL checks
C. Stateful inspection firewall needs to be configured packet " go " and "back" in both directions
ACL
D. Proxy Firewall is the essence of the business directly between the internal network and external
network users to take over
Answer: A,B,D
41
Explanation:
A. 5
B. 50
C. 85
D. 100
Answer: B
Explanation:
A. DES
B. 3DES
C. SHA-1
D. MD5
Answer: A,B
Explanation:
SVN can be achieved only allows users to access remote enterprise network cannot access the
Internet and local area networks.
A. True
B. False
Answer: A
Explanation:
42
QUESTION NO: 125
A. Tunneling algorithm
B. Key
C. Ciphertext
D. Encryption Algorithm
Answer: B,C,D
Explanation:
About the VLAN tag processing, the following description of the error is?
A. When Trunk port receives a frame,if the frame does not contain 802.1Q tag header, will be
marked with PVID port; If the frame contains the 802.1Q tag header, no change.
B. When Trunk port to send the frame,when the port’s PVID VLAN ID of the frame is not the
same,discarded; When PVID VLAN ID and port with the same time frame,the pass-through
C. When Access port receives a frame,if the frame does not contain 802.1Q tag header, will be
marked with PVID port; If the frame contains the 802.1Q tag header, the switch does not deal with
them directly discarded.
D. When Access port to send frames,stripping 802.1Q tag header, frame issued ordinary Ethernet
frames
Answer: B
Explanation:
About domain NAT statement is correct (Note: the internal network IP address is a private
address, the IP address of the network boundary public address) (Choose two)
A. First NAT within the user's source IP address of the request packet into the network server IP
address
B. Will request packets based on source and destination IP address conversion
C. The request packet destination IP address into the IP address of the network server
D. After the data within the network server will receive a packet processing, packet destination IP
address back to convert that into a public IP address(the IP address of the network boundary)
43
Answer: B,C
Explanation:
A. 2000-2999
B. 3000-3999
C. 4000-4999
D. 9000-9499
Answer: D
Explanation:
Proxy firewall to check request from the user, the user checks the security policy through the
firewall on behalf of external users to establish a connection to the real server, forwarding an
external user request, and returns a response back to the real server to the external user.
A. True
B. False
Answer: A
Explanation:
GRE VPN itself does not have to provide data integrity verification and confidentiality of
transmission capacity.
A. True
B. False
Answer: A
Explanation:
44
QUESTION NO: 131
If the main mode IKE negotiation mode, you can only configure the IP address in the form of ID
type. If aggressive mode negotiation mode, you can only configure the ID type the name of the
form.
A. True
B. False
Answer: B
Explanation:
Outbound NAT configuration based on the direction, in the case of no-pat configuration
commands, the following description of what is wrong? (Choose three)
Answer: B,C,D
Explanation:
VPN tunneling technology is to achieve data encryption algorithm (such as DES, 3DES)
transmission in the network will not be intercepted.
A. True
B. False
Answer: B
Explanation:
45
QUESTION NO: 134
A. Source IP address
B. Destination MAC address
C. Agreement No.
D. Source port
Answer: B
Explanation:
Firewall supports three main VPDN VPN, namely, L2TP, PPTP, IPSec:
A. True
B. False
Answer: B
Explanation:
SVN3000 port proxy function is mainly used for C / S and other techniques cannot be used to
access web applications.
A. True
B. False
Answer: A
Explanation:
In order to ensure the normal remote L2TP dial-up users to access the corporate network, the user
is required to assign an IP address within the enterprise network services and resources to be
46
accessed not on the same network segment (without considering the ARP Proxy technology).
A. True
B. False
Answer: A
Explanation:
When the port is configured to allow certain vlan trunk through, trunk belongs to these vlan.
A. True
B. False
Answer: A
Explanation:
In some scenarios, it is necessary to convert the source IP address, destination IP address but
also for the conversion, is called bidirectional NAT.
A. True
B. False
Answer: A
Explanation:
47
Answer: A
Explanation:
SVN3000 network expansion feature is the use of technology for which the following business
resource access control?
A. Static Routing
B. Dynamic Routing
C. ACL
D. Policy Routing
Answer: A
Explanation:
SVN3000 virtual gateway, domain names can only be accessed using a virtual gateway is which
of the following types?
A. Exclusive type
B. Share -based
C. Fixed
D. Manual type
Answer: B
Explanation:
LAC is to achieve the established L2TP VPN tunnel by what means? (Choose two)
A. User Account
B. Domain name
C. ACL
D. Routing Table
48
Answer: A,B
Explanation:
In the configuration time for ACL, they can specify the name of the binding period, while in the
same time period name, you can configure multiple time periods, these time periods are ()
relationship.
A. "Or"
B. "And"
C. "XOR"
D. " With or"
Answer: A
Explanation:
A. Quintuple
B. Quad
C. Triples
D. Tuple
Answer: C
Explanation:
To make the trip within the enterprise mobile users can access the file server, which can use the
following functions to achieve optimal SSL VPN?
A. Web Proxy
B. File Sharing
C. Port Forwarding
D. Network expansion
49
Answer: B
Explanation:
A. IP
B. IPX
C. NetBEUI
D. More support
Answer: D
Explanation:
Firewall trust untrust domain client wants to access the ftp server services, has allowed clients to
access the server tcp 21 port, but only log in to the server, but cannot download the file, the
following solutions are possible: (Choose three)
A. Untrust domain repair the trust between the two-way access policy to allow default
B. FTP works when port mode,modify untrust trust between domains inbound direction to permit
the default access policy
C. Enable detect ftp between trust untrust domain configuration
D. FTP works when passive mode,modify untrust trust between domains inbound direction to
permit the default access policy
Answer: A,B,C
Explanation:
To support dynamic routing protocols, IP addresses Tunnel interfaces at both ends must be
configured in the same segment.
A. True
B. False
50
Answer: A
Explanation:
What are the main features Secospace DSM product? (Choose three)
Answer: A,B,C
Explanation:
A. NAT outbound
B. NAT server
C. NAT Traversal
D. NAT Inbound
Answer: A,B,D
Explanation:
Stateful inspection firewall subsequent packets (non- first packet) forwarding mainly based on
which of the following?
A. route table
B. MAC address
C. session table
D. FIB table
Answer: C
51
Explanation:
A. 23
B. 21
C. 20
D. 25
Answer: B,C
Explanation:
SVN3000 network expansion capabilities, the need to implement remote users can access the
corporate network and local area network, you cannot access the Internet, the client needs to use
routing as follows:
Answer: B
Explanation:
Which of the following does not support GRE technology? (Choose two)
A. Tunneling
B. Encryption and decryption technology
C. Key management technology
D. End checksum
Answer: B,C
52
Explanation:
Answer: A,D
Explanation:
Answer: B
Explanation:
When you configure the security level of firewall security zone, the principles to be followed arE.
(Choose three)
A. New security zone,the security level is not set before it,the system requirements of its security
level to 100
B. Can set the security level for the custom security zones
C. Once you set the security level is not allowed to change
D. The same system,two security zones do not allow the same level of security configuration
Answer: B,C,D
53
Explanation:
A. True
B. False
Answer: B
Explanation:
Answer: C,D
Explanation:
A. Handshake protocol
B. Record Protocol
C. Warning agreement
D. Heartbeat Protocol
Answer: A,B,C
Explanation:
54
QUESTION NO: 162
GRE VPN technology itself can provide which of the following techniques?
A. Tunneling
B. Encryption and decryption technology
C. Flow control and QoS
D. Key Management
Answer: A
Explanation:
L2TP technology, LAC client uses port number _____ _____ protocol encapsulated packets.
A. TCP 51
B. UDP 51
C. UDP 1701
D. TCP 1701
Answer: C
Explanation:
You can connect to a specific length of TCP, UDP data streams to set long aging time, ensure that
the session information for a long time not to be aging.
A. True
B. False
Answer: B
Explanation:
When you configure ipsec vpn, for the sa duration command statement is correct? (Choose two)
55
A. Is used to configure sa lifetime
B. Can be configured based on the flow and cycle time based on survival
C. After configuring the life cycle,and for the use of ike sa created manually take effect
D. For IKE sa way to build both ends,the configuration must be consistent sa lifetime
Answer: A,B
Explanation:
You cannot add any interface to the firewall Local security zone, the firewall interface itself belongs
to the Local security zone.
A. True
B. False
Answer: A
Explanation:
When configuring ACL need to use anti- mask, elected the following statements are true about the
anti-mask option.
A. Take anti- mask bit 0,which means that the network needs to match the corresponding bit
comparison
B. Take anti- mask bit 1,which means that the network needs to match the corresponding bit
comparison
C. Not all anti- mask value of 0
D. Not all anti- mask value of 1
Answer: A
Explanation:
There is VPN Client -side, LAC, LNS and other three components of the application scenario,
which of the following components used between the L2TP TUNNEL? (Choose two)
56
A. Between the VPN Client and LAC
B. Between the VPN Client and LNS
C. Between LAC and LNS
D. All other options are correct
Answer: B,C
Explanation:
MAC address -based ACL application, which of the following description is correct?
Answer: C
Explanation:
A. L2TP
B. GRE
C. PPTP
D. L2F
Answer: A,C,D
Explanation:
Which of the following configuration command parameter is not consistent with the actual scenario
or technology implementations?
A. ah authentication-algorithm md5
57
B. ah encryption-algorithm des
C. esp authentication-algorithm md5
D. esp encryption-algorithm des
Answer: B
Explanation:
In the transmission mode IPSec applications, the following data packets which area may be
subject to encryption security?
Answer: D
Explanation:
In tunnel mode and ESP, which of the following regional information is expressly transfusion?
Answer: A
Explanation:
In the inter-domain packet filtering, and firewall into the direction of data flow (Inbound) refers to
the direction of data from high to low security zones security zone transfer.
A. True
58
B. False
Answer: B
Explanation:
IPSEC WEB configuration wizard which does not support the following scenarios?
A. Gateway to Gateway
B. Gateway Center
C. Branch Gateway
D. Host and Host
Answer: D
Explanation:
Which of the following addresses can be used to manage the SVN web address? (Choose three)
A. Interface address
B. Sub- interface address
C. Sub- IP address of the interface
D. loopback address
Answer: A,B,C
Explanation:
After the firewall interface is added to a security zone, the interface will no longer belong to the
Local area
A. True
B. False
Answer: B
59
Explanation:
Answer: C
Explanation:
A. AH
B. ESP
C. SA
D. IKE
Answer: B
Explanation:
Before SVN3000 configure Web proxy basic functions, you need those data for the following:
(Choose two)
Answer: A,B
Explanation:
60
To Read the Whole Q&As, please purchase the Complete Version from Our website.
Need Help
Please provide as much detail as possible so we can best assist you.
To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited.
All trademarks are the property of their respective owners.