• Home
  • Articles
  • HCIP-Security Real Exam Questions and Answers FREE H12-723_V3.0 Updated on Mar 21, 2022 [Q49-Q74]

HCIP-Security Real Exam Questions and Answers FREE H12-723_V3.0 Updated on Mar 21, 2022 [Q49-Q74]

Share

HCIP-Security H12-723_V3.0 Real Exam Questions and Answers FREE Updated on Mar 21, 2022

H12-723_V3.0 Ultimate Study Guide - PrepAwayExam

NEW QUESTION 49
Regarding patch management and Windows patch checking strategies, which of the following descriptions is wrong?

  • A. Patch management and Windows The patch check strategy can check whether the terminal host has installed the specified Windows Make system patches.
  • B. Windows Patch check strategy focuses on checking whether the terminal host is installed Windows Operating system patches.
  • C. When the terminal host does not install the specified Windows When making a system patch, according toWindows The patch check policy prohibits terminal hosts from accessing the controlled network.
  • D. Patch management focuses on checking whether the terminal host has installed the specified patch,Perform access control on the terminal host.

Answer: D

 

NEW QUESTION 50
Theaccess control server is the implementer of the corporate security policy, responsible for implementing the corresponding access control in accordance with the security policy formulated by the customer's network(Allow, deny, leave or restrict).

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 51
The following is the 802.1X access control switch configuration:
[S5720]dot1x authentication-method eap
[S5720-GigabitEthernet0/0/1] port link-type access
[S5720-GigabitEthemet0/0/1] port default vlan 11
[S5720-GigabitEthernet0/0/1] authentication dot1x
Assuming that GE0/0/1 is connected to user 1 and user 2through the HUB, which of the following options is correct?

  • A. User 1 and User 2 must be individually authenticated before they can access networkresources
  • B. Neither user 1 nor user 2 can pass the authentication and access network resources.
  • C. After user 1 is authenticated, user 2 can access network resources without authentication
  • D. GE0/0/1 does not need to enable dot1X

Answer: C

 

NEW QUESTION 52
Terminal security access technology does not include which of the following options?

  • A. Access control
  • B. Authentication
  • C. System Management
  • D. safety certificate

Answer: C

 

NEW QUESTION 53
The useraccesses the network through the network access device, and the third-party RADIUS server authenticates and authorizes the user. Regarding the certification process, which of the following options is wrong?

  • A. Configure RADIUS authentication and accounting on the device side. W"
  • B. ConfigureRADIUS authentication and authorization on the Agile Controller-Campus.
  • C. Configure the Agile Controller-Campus for local data source authentication, receive the packets sent by the device, and perform authentication.
  • D. Configure RADIUS authentication and accountingon the RADIUS server.

Answer: C

 

NEW QUESTION 54
Regarding CAPWAP encryption, which of the following statements is wrong?

  • A. DTLS Encryption can guarantee AC The issued control messages will not be eavesdropped on.
  • B. Use the certificate method to carry out DTLS Negotiation, the certificate is only used to generate the key, not right AP Perform authentication.
  • C. DTLS Support two authentication methods:Certificate authentication(out AC,AP Already brought)with PSK Password authentication.
  • D. CAPWAP The data tunnelcan be used DTLS Encrypted.

Answer: D

 

NEW QUESTION 55
The terminal host access control function does not take effect, the following is SACG View information on:
<FW> display right- manager role-id rule
Advanced ACL 3099 ,25 rules,not bingding with vpn-instance Ad's step is 1 rule 1000 permit ip (1280 times matched) rule 1001 permit ip destination 172.18.11.2210 (581 times matched) rule 1002 permit ip destination 172:18.11.2230 (77 times matched) rule 1003 permit ip destination 172.19.0.0 0.0 255.255 (355 Book times matched) rule 1004 deny ip (507759 times matched) Which of the following statements is correct?

  • A. 172.18.11.223 It is a post-domain server.
  • B. The terminal host stream is the default ACL Blocked.
  • C. The escape route wasopened.
  • D. 172.18.11.221 It is the server of the isolation domain.

Answer: C

 

NEW QUESTION 56
Regarding the trigger mechanism of 802.1X authentication, which of the following descriptions is correct?
(multiple choice)

  • A. 802.1X Authentication can only be initiated by the client.
  • B. 8021X The client can trigger authentication through multicast or broadcast.
  • C. 802.1X Certification can only be done by certified equipment(like 802.1X switch)Initiate
  • D. The authentication equipment department triggers authentication through multicast orunicast.

Answer: B,D

 

NEW QUESTION 57
There is a three-layer forwarding device between the authentication client and the admission control device:If at this time Portal The certified three-layer authentication device can also obtain the authentication client's MAC address,So you can use IP Addressand MC The address serves as the information to identify the user.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 58
If youdeploy Free Mobility, in the logic architecture of Free Mobility, which of the following options should be concerned by the administrator?

  • A. Does the strategy deployment target a single department?
  • B. Is the strategy automatically deployed?
  • C. Choose the appropriate policy control point and user authentication point
  • D. Does the strategy deployment target a single user?

Answer: C

 

NEW QUESTION 59
In a centralized networking, the database, SM server, SC server, and AE server are all centrally installed in the corporate headquarters. This networking method is suitable. It is used for enterprises with a wide geographical distribution of users and a large number of users.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 60
Identity authentication determines whether to allow access by identifying the identity of the access device or user.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 61
Use on the terminalPortal The authentication is connected to the network, but you cannot jump to the authentication page. The possible reason does not include which of the following options?

  • A. CS Did not start
  • B. Agile Controller-Campus Configured on Portal The authentication parameters are inconsistent with the access control device.
  • C. Access device Portal The authentication port number of the template configuration is 50100 ,Agile Controlle-Campus The above is the default.
  • D. When the page is customized, the preset template is used.

Answer: D

 

NEW QUESTION 62
Which of the following options is about SACG The description of the online process is wrong?

  • A. Terminal and Agile Controller-Campus Server communication SSL encryption
  • B. Security check passed,Agile Controller-Campus Server notification SACG Will end user's IP Address switch to isolated domain
  • C. Agile Controller-Campus Server gives SACG Carrying domain parameters in themessage
  • D. Authentication fails, end users can onlyaccess resources in the pre-authentication domain

Answer: B

 

NEW QUESTION 63
The multi-level defense system is mainly reflected in the network level and the system level. Which of the following options are used for security defense at the network level? (Multiple choice)

  • A. 802.1X switch
  • B. Authentication server
  • C. software SACG
  • D. hardware SACG

Answer: A,C,D

 

NEW QUESTION 64
Using Agile Controller-Campus for visitor management, users can obtain the account they applied for in a variety of ways, but which of the following are not included A way?

  • A. E-mail
  • B. Web Print
  • C. Short message
  • D. Voicemail

Answer: D

 

NEW QUESTION 65
Wired 802.1X During authentication, if the access control equipment is deployed at the Jiangju layer, this deployment method has the characteristics of high security performance, multiple management equipment, and complex management.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 66
The following configuration is in A with B The authentication commands are configured on the two admission control devices. For the analysis of the following configuration commands, which ones are correct? (Multiple choice)

  • A. B On the device GE1/0/1 Can access PC It can also access dumb terminal equipment. Upper
  • B. A On the device 2GE1/01 Can access PC Can also access dumb terminal equipment
  • C. A What is configured on the device is MAC Bypass authentication
  • D. B What is configured on the device is MAC Bypass authentication o

Answer: B,C

 

NEW QUESTION 67
When the -aa command is used on the access control device to test the connectivity with the Radius server, the running result showssuccess, but the user cannot Normal access, the possible reason does not include which of the following options?

  • A. AD The service controller is not added in the authentication scenario AD area.
  • B. The access layer switch does not start EAP Transparent transmission function.
  • C. wireless 02K In the scenario, the access control device isnot equipped with a security board
  • D. The user account or password is incorrectly configured.

Answer: D

 

NEW QUESTION 68
In the scenario of SACG linkage in bypass mode, only the traffic initiated by the terminal user will pass through the firewall, and the server will return to the terminal in use.
The traffic does not need to go through the firewall y. For the firewall, it belongs to the scenario ofinconsistent traffic back and forth paths, this needs to turn off the session state check function.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 69
Regarding asset management, which of the following descriptions is wrong?

  • A. Automatic registration of assets is suitable for situations where the asset number is automatically maintained by the business manager.
  • B. Asset management can register assets automatically or manually.
  • C. Manually registering assets means that the administrator I Way to create an asset record on the business manager, and put the asset number in Any Office Enter it to complete the asset registration process.
  • D. Enable the automatic asset registration mode, the asset registration process does not require end users to participate.

Answer: C

 

NEW QUESTION 70
SACG Inquire right-manager The information is as follows, which options are correct? (Multiple choice)

  • A. SACG Thelinkage with the controller is successful.
  • B. SACG and IP Address is 2.1.1.1 The server linkage is unsuccessful.
  • C. main controller IP address is 1.1.1.2.
  • D. main controller IP address is 2.1.1.1.

Answer: A,C

 

NEW QUESTION 71
When using local guest account authentication, usually use(Portal The authentication method pushes the authentication page to the visitor. Before the user is authenticated, when the admission control device receives the HTTP The requested resource is not Portal Server authentication URL When, how to deal with the access control equipment.

  • A. Send authentication information to authentication server
  • B. Direct travel
  • C. URL Address redirected to Portal Authentication page
  • D. Discard message

Answer: C

 

NEW QUESTION 72
In the terminal host check strategy, you can check whether the importantsubkeys and key values of the registry meet the requirements to control the terminal host's Access, which of the following check results will be recorded as violations? (multiple choice)

  • A. The registry contains the prohibited"Subkeys and key values"W
  • B. The registry contains the mandatory requirements of the policy"Subkeys and key values",
  • C. The registry does not contain any prohibited by this policy"Subkeys and key values"
  • D. The registry does not contain the mandatory requirements of thepolicy"Subkeys and key values".

Answer: A,D

 

NEW QUESTION 73
802.1X During the authentication, if the authentication point is at the aggregation switch, in addition to RADIUS,AAA,802.1X In addition to theconventional configuration, what special configuration is needed?

  • A. Both the aggregation layer and the access layer switches need to be turned on 802.1X Function.
  • B. The aggregation switch needs to be configured 802 1X Transparent transmission of messages.
  • C. No special configuration required
  • D. Access layer switch needs to be configured 802. 1X Transparent transmission of messages.

Answer: D

 

NEW QUESTION 74
......

Ultimate Guide to Prepare H12-723_V3.0 Certification Exam for HCIP-Security: https://www.prepawayexam.com/Huawei/braindumps.H12-723_V3.0.ete.file.html

Related Articles

more
Huawei H12-723_V3.0 Certification Practice Exam