• Home
  • Articles
  • New PrepAwayExam H12-731-ENU Exam Questions Real H12-731-ENU Dumps Updated on Mar 09, 2023 [Q39-Q57]

New PrepAwayExam H12-731-ENU Exam Questions Real H12-731-ENU Dumps Updated on Mar 09, 2023 [Q39-Q57]

Share

New PrepAwayExam H12-731-ENU Exam Questions| Real H12-731-ENU Dumps Updated on Mar 09, 2023

H12-731-ENU Braindumps – H12-731-ENU Questions to Get Better Grades

NEW QUESTION 39
Regarding the firewall NAPT technology, the following description is incorrect:

  • A. NAPT translates both the source IP address and the source port number.
  • B. NAPT is a technique for extending Layer 3 addresses with Layer 4 information.
  • C. When configuring NAPT on the firewall, the security policy should match the IP address after address translation.
  • D. NAPT can theoretically achieve 65535 private network addresses sharing a public network address to access the public network.

Answer: C

 

NEW QUESTION 40
According to the following networking, a customer uses the BGP traffic diversion policy route back injection method. Which of the following configurations must be configured on the cleaning device?

  • A. ip route-static 0.0.0.0 0 10.1.3.1
  • B. firewall ddos bgp-next-hop 10.1.3.1
  • C. firewall ddos bgp-next-hop fib-filter
  • D. interface GigabitEthernet2/0/2 anti-ddos flow-statistic enable

Answer: B

 

NEW QUESTION 41
According to the following networking, a customer uses the following configuration on the cleaning equipment. The following statement is correct:
ip route-static 0.0.0.0 0 10.1.2.1

  • A. The default route is used for static route diversion
  • B. This default route is used to send probe traffic for attack prevention
  • C. The default route is used for BGP diversion
  • D. This default route is used for traffic back injection

Answer: B

 

NEW QUESTION 42
Huawei NIP5000 products are based on signature security.

  • A. TRUE
  • B. FALSE

Answer: B

 

NEW QUESTION 43
A network needs to replace the dual-system hot-standby USG_A and USG_B due to the network upgrade of the new hardware USG. Without affecting the business, how to upgrade:
USG_A is the Active device, and USG_B is the Standby device.
Which of the following are the correct cutover steps?
① Connect the 5th line to the new USG_B in turn.
② Connect lines 1 , 2 , and 3 from the old USG_A to the new USG A in turn,
③ Power on the new USG_B and the new USG_A, and import the configuration.
④ Input undo hrp enable in USG_B, and cut off lines 4, 5, and 3 in turn.
⑤ Adjust the routing cost so that all traffic passes through USB_B.
⑥ Enter hrp enable for new USG_A and new USG_B to adjust routing cost to meet expectations.

  • A. ③ -> ④ -> ① -> ⑤ -> ② -> ⑥
  • B. ④ -> ① -> ⑤ -> ③ -> ② -> ⑥
  • C. ③ -> ④ -> ① -> ② -> ⑥ -> ⑤
  • D. ③ -> ④ -> ⑤ -> ① -> ② -> ⑥

Answer: A

 

NEW QUESTION 44
Determine which QoS technology the USG device uses according to the following status information:
[USG_A] display qos policy interface tunnel 1
Interface: GigabitEthernet0/0/1
Direction: Outbound
Policy: dscp
Classifier: default-class
Matched: 0/0
(Packets/Bytes)
Rule(s): if-match any
Behavior: be
-none-
Classifier: server
Matched: 480154/41293244
(Packets/Bytes)
Offered rate: 7244746 bps, drop
rate: 242352 bps
Operator: AND
Rule(s): if-match acl 2001
Behavior: server
Assured Forwarding:
Bandwidth 40000
(Kbps)
Matched:
713659/71365900 (Packets/Bytes)
Enqueued:
36606/3660600 (Packets/Bytes)
Discarded:
677053/67705300 (Packets/Bytes)
Classifier: pc
Matched: 478498/41150828
(Packets/Bytes)
Offered rate: 7344746 bps, drop
rate: 342352
Operator: AND
Rule(s): if-match acl 2002
Assured Forwarding:
Bandwidth 40000 (Kbps)
Matched:
765394/76539400 (Packets/Bytes)
Enqueued:
39235/3923500 (Packets/Bytes)
Discarded:
726159/72615900 (Packets/Bytes)
Classifier: telephone
Matched: 550057/47304902
(Packets/Bytes)
Offered rate: 8244746 bps, drop
rate: 252352 bps
Operator: AND
Rule(s): if-match acl 2003
Behavior: telephone
Expedited Forwarding:
Bandwidth 240000
(Kbps), CBS 600000 (Bytes)
Matched:
765644/76564400 (Packets/Bytes)
Enqueued:
70553/7055300 (Packets/Bytes)
Discarded:
695091/69509100 (Packets/Bytes)

  • A. GTS
  • B. CAR
  • C. CBWFQ
  • D. WRED

Answer: C

 

NEW QUESTION 45
There are hundreds of people in a medium-sized enterprise network accessing the Internet through the company's firewall, and the company has deployed a corporate portal website in the firewall DMZ. Which of the following criteria should be followed as an IT security professional for purchasing and deploying Internet access auditing products.

  • A. NIST800-53
  • B. ISO27002
  • C. State Office issued No. 28
  • D. Order No. 82 of the Ministry of Public Security

Answer: D

 

NEW QUESTION 46
As shown in the figure, which illustrates the negotiation process of IPsec, which of the following descriptions are correct?

  • A. The red boxed part is the EAP authentication process.
  • B. This process is an IKEv2 negotiation process.
  • C. The red box is a mandatory negotiation process
  • D. ①② Refers to the two parties negotiating the data flow to be protected and the IPsec security proposal.

Answer: A,B

 

NEW QUESTION 47
A company has the following requirements:
The intranet users in the Trust area are on the 192.168.1.0/24 network segment and can access the Internet. There are a total of 50 hosts (192.168.1.1-192.168.1.50) with a total curtain of 500M.
The following plans are reasonable:

  • A. The overall belt curtain is limited to 500M, the guaranteed belt curtain is 500M, and the maximum belt curtain per IP is 10M.
  • B. The overall bandwidth is limited to 500M, and the maximum bandwidth of each IP is 12M.
  • C. The overall bandwidth is limited to 400M, and the maximum bandwidth per IP is 12M.
  • D. The overall bandwidth is limited to 500M, and the maximum bandwidth of 192.168.1.1-192.168.1.50 per IP is 12M.

Answer: D

 

NEW QUESTION 48
The correct description of the no-reverse parameter in the firewall NAT Server configuration command is:

  • A. Configure the nat server with the parameter no-reverse. When the public network user accesses the server, the firewall can convert the server's public network address into a private network address; when the server actively accesses the public network, the firewall can also convert the server's public network address. Convert the private network address to the public network address.
  • B. Configure nat server without the no-reverse parameter. When a public network user accesses the server, the firewall can convert the server's public network address into a private network address; when the server actively accesses the public network, the firewall can also convert the server's public network address. The private network address is converted into a public network address.
  • C. Configure the nat server without the no-reverse parameter, the device only converts the public network address to the private network address, and cannot convert the private network address to the public network address.
  • D. Configure the nat server with the parameter no-reverse, the device only converts the public network address to the private network address, and cannot convert the private network address to the public network address.

Answer: B,D

 

NEW QUESTION 49
Regarding the trigger mechanism of 802.1X authentication, which of the following descriptions are correct?

  • A. 802.1X authentication can only be initiated by an authentication device (such as an 802.1X switch).
  • B. The authentication device can trigger authentication in multicast or unicast.
  • C. The 802.1X client can trigger authentication by multicast or broadcast.
  • D. The 802.1X authentication trigger can only be initiated by the client.

Answer: B,C

 

NEW QUESTION 50
According to the "GB/T 22240-2008 Information Security Technology Information System Security Level Protection Grading Guide", information systems are divided into five levels according to different levels, of which the protection capabilities of the five levels include:

  • A. Able to protect the system from malicious attacks from external small organizations, threat sources with few resources, general natural disasters, and other threats of considerable damage to important resources, and to discover important security Vulnerabilities and security incidents, after the system is compromised, can restore some functions for a period of time.
  • B. Resources that can protect the system from malicious attacks, severe natural disasters, and other threats of considerable severity from national-level, hostile organizations, and resource-rich threat sources under a unified security strategy Damage, can find security breaches and security incidents, after the system is damaged, can quickly restore all functions.
  • C. undefined
  • D. It can protect the system from malicious attacks from external organized groups, threat sources with relatively rich resources, serious natural disasters, and other major threats caused by relatively harmful threats under a unified security strategy. Resource damage can find security loopholes and security incidents, and after the system is damaged, most functions can be restored.

Answer: C

 

NEW QUESTION 51
What is the main function of the SM component in Agile Controller?

  • A. As the management center of the Agile Controller, it is responsible for formulating the overall strategy.
  • B. As the management interface of Agile Controller, configure and monitor the system.
  • C. As the management center of Agile Controller, it integrates standard RADIUS server, Portal server, Auth server and Network server.
  • D. As the security defense server of Agile Controller, it is responsible for analyzing and calculating the security events reported by iRadar.

Answer: A,B

 

NEW QUESTION 52
The difference between IKEv1 and IKEv2, which of the following descriptions are correct?

  • A. Both IKEv1 and IKEv2 use INITIAL_CONTACT to synchronize the SAs of the local and peer ends.
  • B. NAT traversal is an optional feature of both IKEv1 and IKEv2.
  • C. IKEv2 is compatible with IKEv1 protocol.
  • D. IKEv2 supports EAP authentication, IKEv1 does not.
  • E. IKEv1 uses the IKE_AUTH exchange for user authentication, and IKEv2 uses the X_AUTH exchange.

Answer: A,B,D

 

NEW QUESTION 53
Which route distribution modes does the SSL VPN network extension support?

  • A. full routing mode ( full )
  • B. dynamic mode ( dynamic )
  • C. split mode ( split )
  • D. automatic mode ( auto )
  • E. Manual mode ( manual )

Answer: A,C,E

 

NEW QUESTION 54
Which of the following packets can be unicast packets

  • A. VRRP Hello
  • B. BFD
  • C. HRP Hello
  • D. OSPF Hello
  • E. VGMP Hello

Answer: C,D,E

 

NEW QUESTION 55
The IPsecVPN tunnel is successfully established, but the speed of accessing the peer's private network web page is slow or the access is intermittent. The influence of the Internet network quality has been ruled out. The following possible faults are:

  • A. The CPU usage of the egress gateway is too high
  • B. There is a NAT device in the middle of the network
  • C. Packet filtering policy is not enabled
  • D. The problem of packet fragmentation

Answer: A,D

 

NEW QUESTION 56
Which of the following IPsec modes and encapsulation methods can be used in the application scenarios of IPSEC NAT traversal?

  • A. IPSEC tunnel mode + ESP encapsulation
  • B. IPSEC transport mode + AH encapsulation
  • C. IPSEC tunnel mode + AH encapsulation
  • D. IPSEC transport mode + ESP encapsulation

Answer: A

 

NEW QUESTION 57
......

H12-731-ENU Exam Dumps - Try Best H12-731-ENU Exam Questions: https://www.prepawayexam.com/Huawei/braindumps.H12-731-ENU.ete.file.html

Get New H12-731-ENU Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1OcOxI65j9zf146VRFaUreVAGHGathA3Z

Related Articles

more
Huawei H12-731-ENU Certification Practice Exam