H12-721 Online Practice Questions and Answers
IPsec VPN using digital certificates for authentication has the following steps:
1.
Certificate signature verification
2.
Find the certificate serial number in the CRL
3.
Both devices share their entity certificate
4.
Verify the certificate is valid
5.
Establish a VPN tunnel
Which of the following is the correct pattern?
A. 3-2-1-4-5
B. 1-3-2-4-5
C. 3-1-4-2-5
D. 2-4-3-1-5
After the firewall creates a new security instance, the firewall does not have any security zones assigned to the new instance and the administrator needs to configure them.
A. TRUE
B. FALSE
In the attack shown below, a victim host packet captures the traffic. According to the information shown, what kind of attack is this?
A. SYN Flood
B. SYN-ACK Flood
C. ACK-Flood
D. Connection Flood
Which of the following protocol packets can not be sent by default in an IPsec tunnel?
A. TCP
B. UDP
C. ICMP
D. IGMP
BFD static route topology is shown in Figure A. On the firewall, administrator needs to do the following configuration: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A-bfd-session-aa] discriminator local 10 [USG9000_A-bfd-session-aa] discriminator remote 20 [USG9000_A-bfd-session-aa] commit [USG9000_A-bfd-session-aa] quit Which of the following section of the configuration is correct there? (Choose two answers)
A. The command "bfd as bind peer-ip 1.1.1.2" is used to create BFD sessions to detect link status binding policy
B. The command [U5G9000_A] bfd configuration errors, should be replaced by [U5G9000_A] bfd enable BFD function to enable
C. [USG9000_A-bfd-session-aa] commit configuration is optional, if not configure the system will default to submit to configure and generate BFD session log information, but does not establish the session table
D. firewall on BFD session will also need to bind with a static route command: [USG9000_A] ip route-static
0.0.0.0 0 1.1.1.2 track bfd-session aa
A SSL VPN login authentication is unsuccessful, and the prompt says "wrong user name or password." What is wrong?
A. The username and password entered incorrectly.
B. There is a user or group filter field configuration error.
C. There is a certificates filter field configuration error.
D. The administrator needs to configure the source IP address of the terminal restriction policy.
An administrator using the following command to view the state of device components Slot3 board is status abnormal, what are the possible causes? (Choose three answers)
A. The device does not support this interface cards.
B. The Interface Card is damaged.
C. The backplane or damaged pins on the motherboard, such as incorrect installation lead pin board tilt.
D. The ADSL phone line is faulty.
As shown in Figure, firewall is in stateful failover networking environment, the firewall interfaces are in the business routing mode, and up and down are the router with OSPF configured.
Assuming the OSPF protocol convergence Recovery time is 30s, following best configuration management is to seize on the HRP?
A. hrp preempt delay 20
B. hrp preempt delay 40
C. hrp preempt delay 30
D. undo hrp preempt deplay
What do we want to achieve with Virtual firewalls on a single physical firewall device where we create virtual multiple logical firewalls and multiple instances? (Choose three answers)
A. Security multiple instances
B. VPN multi-instance
C. configure multiple instances
D. exchange multiple instances
The USG limited flow policy configuration is as follows: [USG] car-class class1 type shared [USG-shared-car-class-class1] car 1000 [USG-shared-car-class-class1] quit [USG-traffic-policy-interzone-trust-untrust-outbound-shared [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy 1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy car-class class1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy source 192.168.1.0.0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy destination 192.168.2.0 0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] action car Based on this information, which
of the following statements is correct?
A. Class1 limits the definition of the overall car-class, and limits to 1000bps
B. Policy1 traffic will match without limiting the direct release
C. The 192.168.1.0/24 hosts tthat access the data flow will be limited
D. Matching Policy1 traffic will be flow controlled for each source IP
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.