Free Exam/Cram Practice Materials - Best Exam Practice Materials

IT Certification Guaranteed, The Easy Way!

NO.1 Which of the following is true about the description of the TCP/IP protocol stack packet
decapsulation? (Multiple choice)
A. After the application layer receives the data packet, the application layer information is stripped
after parsing, and the user data displayed at the end is exactly the same as the data sent by the
sender host.
B. After the transport layer (TCP) receives the data packet, the transport layer information is stripped
after parsing, and the upper layer processing protocol, such as UDP, is known according to the
parsing information.
C. After receiving the data packet, the network layer is stripped after parsing, and the upper layer
processing protocol is known according to the parsing information, such as HTTP.
D. The data packet is first transmitted to the data link layer. After parsing, the data link layer
information is stripped, and the network layer information is known according to the parsing
information, such as IP.
Answer: A,D

NO.2 Which of the following are the versions of the SNMP protocol? (Multiple choice)
A. SNMPv1
B. SNMPv2b
C. SNMPv2c
D. SNMPv3
Answer: A,C,D

NO.3 Regarding the firewall security policy, which of the following options are wrong?
A. Adjust the order of security policies without saving the configuration file.
B. If the security policy is permit, the discarded message will not accumulate the number of hits.
C. When configuring the security policy name, you cannot reuse the same name.
D. The number of security policy entries of Huawei USG series firewalls cannot exceed 128.
Answer: B

NO.4 Which of the following protection levels are included in the TCSEC standard? (Multiple Choice)
A. Verify protection level
B. Independent protection level
C. Passive protection level
D. Forced protection level
Answer: A,B,D

NO.5 When establishing their own information systems, companies check each operation according
to internationally established authoritative standards and can check whether their information
systems are safe.
A. True
B. False
Answer: A

2 from Freecram.com.
Get Latest & Valid H12-711 Exam's Question and Answers 1
https://www.freecram.com/exam/H12-711-hcia-security-v3.0-e10342.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

NO.6 Which of the following statements is wrong about VPN?

A. VPN technology necessarily involves encryption technology
B. VPN technology is a technology that multiplexes logical channels on actual physical lines.
C. Virtual private network is cheaper than dedicated line
D. The generation of VPN technology enables employees on business trips to remotely access
internal corporate servers.
Answer: A

NO.7 Digital signature technology obtains a digital signature by encrypting which of the following
data?
A. sender public key
B. User data
C. Receiver public key
D. Digital fingerprint
Answer: D

NO.8 For the occurrence of network security incidents, the remote emergency response is generally
adopted first. If the problem cannot be solved for the customer through remote access, after the
customer confirms, it is transferred to the local emergency response process.
A. True
B. False
Answer: A

NO.9 Which of the following mechanisms are used in the MAC flooding attack? (Multiple choice)
A. MAC learning mechanism of the switch
B. Number of MAC entries is limited
C. ARP learning mechanism
D. forwarding mechanism of the switch
Answer: A,B,C,D

NO.10 Which of the following is not a rating in the network security incident?
A. Larger network security incidents
B. General network security incidents
C. Special network security incidents
D. Major network security incidents
Answer: C

NO.11 Which types of encryption technology can be divided into? (Multiple Choice)
A. Asymmetric encryption
B. Fingerprint encryption
C. Data encryption
D. Symmetric encryption
Answer: A,D

3 from Freecram.com.
Get Latest & Valid H12-711 Exam's Question and Answers 2
https://www.freecram.com/exam/H12-711-hcia-security-v3.0-e10342.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

NO.12 In the USG series firewall, which of the following commands can be used to query the NAT
translation result?
A. display firewall nat translation
B. display firewall session table
C. display nat translation
D. display current nat
Answer: B

NO.13 Which of the following are key elements of information security prevention? (Multiple
choice)
A. Personnel
B. Security products and technologies
C. Asset management
D. Security operation and management
Answer: A,B,C,D

NO.14 Which of the following descriptions is wrong about the source of electronic evidence?
A. Operating system, e-mail, chat records can be used as a source of electronic evidence
B. Fax data, mobile phone recording is an electronic evidence related to communication technology.
C. Database operation records, operating system logs are computer-related electronic evidence
D. Movies and TV shows belong to electronic evidence related to network technology.
Answer: D

NO.15 Digital signature is to achieve the integrity of data transmission by using a hash algorithm to
generate digital fingerprints.
A. False
B. True
Answer: B

NO.16 Which of the following are part of the SSL VPN function? (Multiple choice)
A. File sharing
B. WEB rewriting
C. User authentication
D. Port scanning
Answer: A,C

NO.17 Which of the following is not the identity of the IPSec SA?
A. Security policy
B. SPI
C. Source address
D. Destination address
Answer: C

4 from Freecram.com.
Get Latest & Valid H12-711 Exam's Question and Answers 3
https://www.freecram.com/exam/H12-711-hcia-security-v3.0-e10342.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

NO.18 Some applications, such as Oracle database application, there is no data transfer for a long
time, so that firewall session connection is interrupted, thus resulting in service interruption, which
of the following technology can solve this problem?
A. Turn fragment cache
B. Optimization of packet filtering rules
C. Configure default session aging time
D. Configure a long business connection
Answer: D

NO.19 Use iptables to write a rule that does not allow the network segment of 172.16.0.0/16 to
access the device. Which of the following rules is correct?
A. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j DROP
B. iptables -t filter -A INPUT -s 172.16.0.0/16 -p all -j DROP
C. iptables -t filter -P INPUT -d 172.16.0.0/16 -p all -j ACCEPT
D. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j ACCEPT
Answer: B

NO.20 Which of the following options belong to the encapsulation mode supported by IPSec VPN?
(Multiple Choice)
A. Transmission mode
B. AH mode
C. ESP mode
D. Tunnel mode
Answer: A,D

5 from Freecram.com.
Get Latest & Valid H12-711 Exam's Question and Answers 4
https://www.freecram.com/exam/H12-711-hcia-security-v3.0-e10342.html