H12-721 Online Practice Questions and Answers

Virtual firewall technology does not include which of the following characteristics?

A. Provides multi-instance routing, security, multi-instance, multi-instance configuration, NAT multi-instance, VPN multi-instance application flexibility to meet a variety of networking needs.

B. Each virtual firewalls can support four separate security zones TRUST, UNTRUST, DMZ, etc., flexible interface partitioning and allocation.

C. It guarantee that every virtual system and a separate firewall instance, and can be safely implement access between each virtual system.

D. Each virtual system provides independent administrator privileges.

SSL VPN authentication is successful, but it can not access the Web-link resources. Which statement is correct? (Choose three answers)

A. The server is not open Web services.

B. Strategies to limit user access.

C. The equipment and network server is unreachable.

D. SSL VPN users have reached the maximum limit.

DDos attacks work through the network to the target (usually a server, such as DNS server, WEB server) and sends a small amount of abnormal packets of non-traffic, so that the attacked server parses the message, causing the system to crash or become busy.

A. TRUE

B. FALSE

When configured behind a firewall stateful failover, in the Web configuration interface, select "System> High Reliability> hot standby", click "Check HRP configuration consistency" corresponding "check" button.

Pop-up window, as shown, which of the following configurations can solve the problem (assuming heartbeat interface is added to the DMZ zone)?

A. firewall packet-filter default permit interzone trust locaI

B. firewall packet-filter default permit interzone trust dmz

C. firewall packet-filter default permit interzone untrust dmz

D. firewall packet-filter default permit interzone local

The anti-DDoS device can implement traffic blocking or limiting to defend against attacks if the service learning function discovers that certain services do not run on the network or the service traffic volume is small.

A. TRUE

B. FALSE

In the TCP / IP protocol, TCP protocol provides reliable connectivity service using three- way handshake to achieve.

The first handshake: establish a connection, the client sends a SYN packet (SYN = J) to the server, and enter SYN_SENT state, waiting for the server to confirm.

Second handshake: the server receives a SYN packet and must issue an ACK packet (ACK = ) to confirm the client's SYN packet, but he is sending a SYN packet (SYN = K), ie, SYN-ACK packets, the server enters SYN_RCVD state.

Third handshake: the client receives the SYN-ACK packet, the server sends an acknowledgment packet ACK (SYN = ASK = ), this package has been sent, the client and server enter into the ESTABLISHED state, completing the three-way handshake.

About three-way handshake during the three parameters, which of the following statements is correct?

A. = J +1 = J +1 = K +1

B. = J = K +1 = J +1

C. = J +1 = K +1 = J +1

D. = J +1 = J = K +1

When an attack occurs, the attacked host (1.1.1.1) captured the results below. What type of attack is this?

A. Smurf attack

B. Land Attack

C. WinNuke

D. Ping of Death attack

In a Dual hot standby SSL VPN scenario as shown, the network administrator has enabled SSL extensions. Which of the following information about the configuration of SSL VPN functionality is correct?

A. When you create a virtual gateway the Master will not be synchronized to the Slave.

B. When configuring the network extension, the address pool with binds to theVRRP backup group number 2.

C. USG_ A virtual SSL VPN gateway must use IP address 202.38.10.2

D. USG_B virtual SSL VPN gateway must use IP address 10.100.10.2

As shown below, for the L2TP over IPsec scenarios, the following configuration shows how to protect data on the IPsec flow. Which one is correct?

A. [LNS] acl number 2001 [LNS-acl-basic-2001] rule permit udp source 10.10.1.0 0.0.0.255

B. [LNS] acl number 3001 [LNS-acl-adv-3001] rule permit source 10.10.1.0 0.0.0.255 destination 10.10.2.0 0.0.0.255

C. [LNS] acl number 3001 [LNS-acl-adv-3001] rule permit tcp source-port 1701

D. [LNS] acl number 3001 [LNS-acl-adv-3001] rule permit udp source-port eq 1701

When using the SSL VPN client, it initiates network expansion "Connect gateway mate lost", what are the causes of this failure? (Choose three answers)

A. If you are using a proxy server, network extension client proxy server settings wrong.

B. PC and virtual gateway routing between unreachable TCP .

C. Network expansion between the client and the virtual gateway connection is blocked by the firewall.

D. Username and password configuration errors.