H12-725_V4.0-ENU Questions
V8.02
HCIP-Security
Topics - HCIP-Security V4.0 Boost Your Abilities with H12-725_V4.0-ENU Materials - Confidently Approach the H12-725_V4.0-ENU Exam 1. During the dual-machine hot standby system version upgrade process, which of the
following sequences should be followed for the backup machine upgrade steps?
2. Shutdown the heartbeat interface of the standby machine;
3. Undo shutdown the heartbeat interface of the standby machine;
4. Upgrade the system software version of the backup machine;
5. Undo shutdown the business interface of the standby machine;
6. Verify the upgrade results of the standby machine;
7. Save configuration;
8. Wait for the active and standby firewalls to synchronize session tables and other
entries;
9. Shutdown the business interface of the standby machine;
A. 1-8-3-2-7-4-5-6
B. 8-1-3-2-4-7-5-6
C. 8-1-3-2-7-4-5-6
D. 1-8-3-4-2-7-5-6
Answer: C
10. Bandwidth channels define specific bandwidth resources and are the basis for
bandwidth management.
Which of the following is a resource that can be defined in a bandwidth channel?
A. Bandwidth policy
B. Daily traffic quota
C. Egress bandwidth restrictions
D. Strategic exclusivity
Answer: D
11. Which of the following parameters is not a condition for global routing policy
classification?
A. Bandwidth
B. Port number
C. Quality
D. Weight
Answer: B Boost Your Abilities with H12-725_V4.0-ENU Materials - Confidently Approach the H12-725_V4.0-ENU Exam 12. In a NAT traversal scenario, if a NAT device is detected, the destination port
number of the ISAKMP message will become which of the following?
A. 4500
B. 51
C. 50
D. 500
Answer: A
13. Which of the following descriptions about GRE over IPSec is incorrect?
A. The IP header added during the IPSec encapsulation process, that is, the source
address is the interface address of the IPSec gateway to which the IPSec security
policy is applied, and the destination address is the interface address of the IPSec
peer to which the IPsec security policy is applied.
B. When gateways use GRE over IPSec to connect, GRE encapsulation is performed
first, and then IPSec encapsulation is performed.
C. The IP header added during the GRE encapsulation process, that is, the source
address is the source address of the IPSec tunnel, and the destination address is the
destination address of the IPSec tunnel.
D. The data flow that IPSec needs to protect is the data flow from the GRE starting
point to the GRE ending point.
Answer: C
14. Which of the following descriptions of the characteristics of SSL VPN is incorrect?
A. SSL VPN supports few authentication types and is difficult to integrate with the
original identity authentication system.
B. SSL VPN can support various IP applications
C. SSL VPN can parse intranet resources to the application layer and publish
applications in a granular manner
D. Since the SSL VPN login method uses a browser, the automatic installation and
configuration of the client is realized, so that users can quickly log in with their devices
anytime and anywhere, and it also relieves the pressure of network administrators in
maintaining the client.
Answer: A
15. Which of the following is not an intranet resource that SSL VPN can provide to
mobile office users?
A. File resources
B. UDP resources Boost Your Abilities with H12-725_V4.0-ENU Materials - Confidently Approach the H12-725_V4.0-ENU Exam C. Web resources
D. IP resources
Answer: B
16. As shown in the figure, which of the following is the UDP defense principle shown
in the figure?
A. Fingerprint learning
B. Load Check
C. Relevant defense
D. Session check
Answer: B
17.Which of the following is a method to prevent Tracert packet attacks?
A. Discard IP packets with time offset
B. Discard the detected ICMP messages or UDP messages that have expired, or the
destination port is unreachable.
C. Users can configure the maximum length of ICP packets allowed to pass according
to actual network needs. When the length of the actual IP packet exceeds this value,
the packet will be discarded.
D. Discard ICMP unreachable messages and record attack logs
Answer: B