Pass Huawei H12-722_V3.0 Exam With Practice Test Questions Dumps Bundle [Q61-Q80]

Share

Pass Huawei H12-722_V3.0 Exam With  Practice Test Questions Dumps Bundle

2021 Valid H12-722_V3.0  test answers & Huawei Exam PDF

NEW QUESTION 61
UDP is a connectionless protocol. UDP Flood attacks that change sources and ports will cause performance degradation of network devices that rely on session forwarding.
Even the session table is exhausted, causing the network to be paralyzed. Which of the following options is not a preventive measure for UDP Flood attacks?

  • A. Associated defense
  • B. First packet discarded
  • C. UDP fingerprint learning
  • D. current limit

Answer: B

 

NEW QUESTION 62
The analysis and processing capabilities of traditional firewalls at the application layer are weak, and they cannot correctly analyze malicious codes that are mixed in the flow of allowed application teaching: many Attacks or malicious behaviors often use the firewall's open application data flow to cause damage, causing application layer threats to penetrate the firewall

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 63
Huawei NIP6000 products have zero-setting network parameters and plug-and-play functions, because the interfaces and interface pairs only work on layer 2 without Set the IP address.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 64
Network attacks are mainly divided into two categories: single-packet attacks and streaming attacks.
Single-packet attacks include scanning and snooping attacks, malformed packet attacks, and special reports.
Wen attack.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 65
The status code in the HTTP response message indicates the type of the response message, and there are many possible values. Which of the following status codes represents the client request The resource does not exist?

  • A. 0
  • B. 400.
  • C. 1
  • D. 2

Answer: C

 

NEW QUESTION 66
The administrator has configured file filtering to prohibit internal employees from uploading development files, but internal employees can still upload development files. Which of the following is not allowed Can the reason?

  • A. File filtering configuration file is incorrect
  • B. License is not activated.
  • C. The action configuration of the file extension does not match is incorrect
  • D. The file filtering configuration file is not referenced in the security policy

Answer: C

 

NEW QUESTION 67
Which of the following statement on the scanner is wrong?

  • A. When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.
  • B. scanner and Policy Center controller linkage scan tasks.
  • C. When the terminal NAC Agent uninstall, the scanner can send alarm information.
  • D. the scanner by the SNMP protocol to obtain network equipment resources information.

Answer: A,B

 

NEW QUESTION 68
Anti-DDoS defense system includes: management center, detection center and cleaning center.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 69
Regarding intrusion detection I defense equipment, which of the following statements are correct? (multiple choice)

  • A. Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc.
    from flooding and spreading to the intranet.
  • B. Ability to quickly adapt to threat changes
  • C. It cannot effectively prevent the virus from spreading from the Internet to the intranet.
  • D. The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services Experience.

Answer: A,B,D

 

NEW QUESTION 70
What content can be filtered by the content filtering technology of Huawei USG6000 products?

  • A. Voice content filtering
  • B. The source of the video content
  • C. File content filtering
  • D. Apply content filtering..

Answer: C,D

 

NEW QUESTION 71
Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

  • A. Host
  • B. A group of users
  • C. Single user
  • D. A key program and file in the system

Answer: A,B,C,D

 

NEW QUESTION 72
Regarding the global configuration of file filtering configuration files for Huawei USG6000 products, which of the following descriptions is correct?

  • A. When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.
  • B. File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.
  • C. When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.
  • D. When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type Detection.

Answer: A

 

NEW QUESTION 73
The network-based intrusion detection system is mainly used to monitor the information of the critical path of the network in real time, listen to all packets on the network, collect data, and divide Analyze the suspicious object, which of the following options are its main features? (multiple choices)

  • A. The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes
  • B. Need a lot of monitors.
  • C. It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.
  • D. Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so Not vulnerable to attack.

Answer: A,D

 

NEW QUESTION 74
Regarding the strong statement of DNS Request Flood attack, which of the following options is correct?

  • A. The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source
  • B. In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process It will consume the TCP connection resources of the OINS cache server.
  • C. For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify The legitimacy of the source IP.
  • D. Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

Answer: B

 

NEW QUESTION 75
For the description of the Anti DDOS system, which of the following options is correct? C

  • A. The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.
    User network, send to the real destination.
  • B. The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.
    View in categories and generate reports.
  • C. The firewall can only be used for inspection equipment
  • D. The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to The management center makes a judgment.

Answer: B

 

NEW QUESTION 76
The following is a hardware SACG increase firewall configuration, which statement below is true?

  • A. Main IP is the Policy Center reaches the next-hop firewall device interface address
  • B. Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.
  • C. Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.
  • D. Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

Answer: C,D

 

NEW QUESTION 77
Which of the following descriptions are correct for proxy-based anti-virus gateways? (multiple choice)

  • A. System overhead will be relatively small
  • B. The detection rate is higher than the flow scanning method
  • C. Cache all files through the gateway's own protocol stack
  • D. More advanced operations such as decompression, shelling, etc. can be performed

Answer: B,C,D

 

NEW QUESTION 78
After the user deploys the firewall anti-virus strategy, there is no need to deploy anti-virus software

  • A. True
  • B. False.

Answer: B

 

NEW QUESTION 79
IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.
Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

  • A. IPS unifies IDS and firewall
  • B. Common IPS deployment modes are in-line deployment,
  • C. IPS is an intrusion detection system that can block real-time intrusions when found
  • D. IPS must use bypass deployment in the network

Answer: D

 

NEW QUESTION 80
......

Top Huawei H12-722_V3.0 Courses Online: https://www.fast2test.com/H12-722_V3.0-premium-file.html

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어