FreeDumps

http://www.freedumps.top
Latest valid dumps torrent and free demo for certification exam prep
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : H12-711-ENU

Title : HCIA-Security V3.0

Vendor : Huawei

Version : DEMO

1
Get Latest & Valid h12-711-enu Exam's Question and Answers from Freedumps.top. 1
https://www.freedumps.top/H12-711-ENU-real-exam.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 The content of intrusion detection covers authorized and unauthorized intrusions. Which of
the following is not in the scope of intrusion detection?
A. Leaking data information
B. Planting worms and Trojans
C. Pretending to be another user
D. Administrator mistakenly delete configuration
Answer: D

NO.2 Both A and B communicate data. If an asymmetric encryption algorithm is used for encryption,
when A sends data to B, which of the following keys will be used for data encryption?
A. A private key
B. B private key
C. A public key
D. B public key
Answer: D

NO.3 Which of the following are the ways in which a PKI entity applies for a local certificate from
CA? (Multiple Choice)
A. Network application
B. Local application
C. Online application
D. Offline application
Answer: C,D

NO.4 Which of the following statement is wrong about NAT?

A. Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services
outside the LAN
B. For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do NAT.
C. Some application layer protocols carry IP address information in the data, but also to modify the
data in the upper layer of the IP address information when they make NAT
D. Configure a NAT address pool in the source NAT technology. You can configure only one IP address
in the address pool.
Answer: B

NO.5 Which of the following description is wrong about the operating system?
A. The operating system is responsible for managing the execution of all hardware resources and
control software of the computer system.
B. The operating system itself is also a software
C. The operating system is the interface between the user and the computer
D. The interface between the operating system and the user is a graphical interface.
Answer: D

NO.6 A company employee account authority expires, but can still use the account to access the

2
Get Latest & Valid h12-711-enu Exam's Question and Answers from Freedumps.top. 2
https://www.freedumps.top/H12-711-ENU-real-exam.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

company server.
What are the security risks of the above scenarios? (Multiple Choice)
A. System security risk
B. Access security risk
C. Physical security risk
D. Managing security risk
Answer: A,B,D

NO.7 Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are
correct? (Multiple choice)
A. VGMP is responsible for monitoring equipment failures and controlling fast switching of
equipment.
B. VGMP group in the active state may include the VRRP group in the standby state.
C. VRRP is responsible for sending free ARP to direct traffic to the new primary device during
active/standby switchover.
D. HRP is responsible for data backup during hot standby operation.
Answer: A,C,D

NO.8 In the information security system construction management cycle, which of the following
actions is required to be implemented in the "check" link?
A. Risk assessment
B. Safety management system design
C. Safety management system operation monitoring
D. Implementation of the safety management system
Answer: A

NO.9 Which of the following is non-symmetric encryption algorithm?

A. DH
B. 3DES
C. RC4
D. AES
Answer: A

NO.10 Some applications, such as Oracle database application, there is no data transfer for a long
time, so that firewall session connection is interrupted, thus resulting in service interruption, which
of the following technology can solve this problem?
A. Turn fragment cache
B. Optimization of packet filtering rules
C. Configure a long business connection
D. Configure default session aging time
Answer: C

NO.11 Which of the following are the standard port numbers for the FTP protocol? (Multiple choice)

3
Get Latest & Valid h12-711-enu Exam's Question and Answers from Freedumps.top. 3
https://www.freedumps.top/H12-711-ENU-real-exam.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

A. 80
B. 23
C. 21
D. 20
Answer: C,D

NO.12 Which of the following attacks can DHCP Snooping prevent? (Multiple Choice)
A. Counterfeit DHCP lease renewal packet attack using option82 field
B. IP spoofing attack
C. Intermediaries and IP/MAC spoofing attacks
D. DHCP Server counterfeiter attack
Answer: A,B,C,D

NO.13 Which of the following are correct about configuring the firewall security zone? (Multiple
Choice)
A. Firewall can have 12 security zones at most.
B. The firewall has four security zones by default, and the four security zone priorities do not support
modification.
C. The firewall can create two security zones of the same priority
D. When data flows between different security zones, the device security check is triggered and the
corresponding security policy is implemented.
Answer: B,D

NO.14 Which of the following options belong to the encapsulation mode supported by IPSec VPN?
(Multiple Choice)
A. AH mode
B. ESP mode
C. Transmission mode
D. Tunnel mode
Answer: C,D

NO.15 Security technology has different methods at different technical levels and areas. Which of
the following devices can be used for network layer security protection? (Multiple choice)
A. Firewall
B. Vulnerability scanning device
C. IPS/IDS device
D. Anti-DDoS device
Answer: A,C,D

NO.16 Which of the following descriptions is wrong about IKE SA?

A. IKE SA for IPSec SA services
B. IKE SA is two-way
C. IKE is a UDP- based application layer protocol

4
Get Latest & Valid h12-711-enu Exam's Question and Answers from Freedumps.top. 4
https://www.freedumps.top/H12-711-ENU-real-exam.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

D. The encryption algorithm used by user data packets is determined by IKE SA.
Answer: D

NO.17 Which of the following is the core part of the P2DR model?
A. Detection
B. Protection
C. Policy Strategy
D. Response
Answer: C

NO.18 The SIP protocol establishes a session using an SDP message, and the SDP message contains a
remote address or a multicast address.
A. False
B. True
Answer: B

NO.19 Which of the following protocols can guarantee the confidentiality of data transmission?
(Multiple Choice)
A. Telnet
B. FTP
C. HTTPS
D. SSH
Answer: C,D

NO.20 In the classification of the information security level protection system, which of the following
levels defines the damage to the social order and the public interest if the information system is
destroyed? (multiple choice)
A. Second level System audit protection level
B. Fourth level Structured protection
C. Third level Security mark protection
D. First level User-independent protection level
Answer: A,B,C,D

5
Get Latest & Valid h12-711-enu Exam's Question and Answers from Freedumps.top. 5
https://www.freedumps.top/H12-711-ENU-real-exam.html