• Home
  • Articles
  • Huawei Exam 2023 H12-731-ENU Dumps Updated Questions UPDATED May-2023 [Q74-Q95]

Huawei Exam 2023 H12-731-ENU Dumps Updated Questions UPDATED May-2023 [Q74-Q95]

Share

Huawei Exam 2023 H12-731-ENU Dumps Updated Questions UPDATED May-2023

Get The Most Updated H12-731-ENU Dumps To Huawei Specialist Certification

NEW QUESTION # 74
The firewall works in dual-system hot backup in active-standby mode. The intranet server provides web services, and the external network users often experience slow or inaccessible access when accessing. Intranet users can access normally.
What could be the reasons?

  • A. The business round-trip path may be inconsistent, and fast session backup is not enabled.
  • B. The tcp-mss value is not set correctly.
  • C. The backup channel is faulty, causing some session backups to fail.
  • D. Ospf Cost Adjustment not enabled

Answer: A,C


NEW QUESTION # 75
The correct deployment recommendations for the abnormal traffic cleaning system are:

  • A. Side-by-side deployment or in-line deployment at the network egress.
  • B. The testing center and cleaning center report logs to the collector.
  • C. The management server uses Telnet to monitor network devices.
  • D. The management server sends policies to network devices through SNMP protocol.

Answer: A,B


NEW QUESTION # 76
A server on the network has been responding very slowly recently. By looking at its running status, it is found that its CPU and memory usage ratio is high, but there is little or no data transmission in these TCP session connections.
For the following judgments about this problem phenomenon, please choose the best one:

  • A. The server is under a TCP spoofing attack.
  • B. The server is under HTTP POST slow attack.
  • C. The server is under SYN flood attack.
  • D. The server is under UDP flood attack.

Answer: B


NEW QUESTION # 77
Which of the following IPsec modes and encapsulation methods can be used in the application scenarios of IPSEC NAT traversal?

  • A. IPSEC tunnel mode + AH encapsulation
  • B. IPSEC tunnel mode + ESP encapsulation
  • C. IPSEC transport mode + ESP encapsulation
  • D. IPSEC transport mode + AH encapsulation

Answer: B


NEW QUESTION # 78
For some large IP data packets, in order to meet the requirements of the MTU (Maximum Transmission Unit) of the link layer, it needs to be fragmented and divided into several IP packets during the transmission process. In each IP header there is an offset field and a split flag (MF), where the offset field indicates the location of the fragment in the entire IP packet. If the attacker sets the offset field to an incorrect value after intercepting the IP data packet, the receiver cannot correctly combine the values of the offset field in the data packet after receiving the split data packets. In this way, the receiver will keep trying, and the operating system will crash due to resource exhaustion.
What is this attack method?

  • A. TCP packet flag attack
  • B. Ip Fragmented Packet Attack
  • C. WinNuke Attack
  • D. Teardrop Attack

Answer: D


NEW QUESTION # 79
Which of the following networking is not included in the common networking modes of the NIP5000?

  • A. Bypass deployment
  • B. One-arm deployment
  • C. Dual Arm Deployment
  • D. In-Line Deployment

Answer: C


NEW QUESTION # 80
A company is engaged in e-commerce through the Internet, and the enterprise network trading platform supports online settlement of credit cards. In order to meet the payment card industry data security standard PCI-DSS, the enterprise needs to deploy Huawei's firewall, VPN, log design and other security products.
At present, the project has completed the project design and product procurement. What necessary work needs to be done before it is officially launched for commercial use?

  • A. Security hardening of solutions and products.
  • B. Open-box penetration testing of solutions and products.
  • C. Black-box penetration testing of solutions and products.
  • D. Risk assessment of existing systems in the network.

Answer: A,C


NEW QUESTION # 81
Mobile employees access the headquarters through an L2TP over IPsec tunnel. The correct statement about planning and deployment is:

  • A. L2TP generally uses NAS-Initialized mode.
  • B. The security ACL of the USG gateway at the headquarters should be [USG] acl 3000 [USG-acl-adv-3000] rule permit udp source-port eq 1701
  • C. Since IKE V1 cannot assign addresses to remote users, address assignment must be achieved through L2TP.
  • D. The NAT traversal function cannot be used.

Answer: B,C


NEW QUESTION # 82
The whitelist + blacklist mode is adopted in terminal security management. Which of the following are normal behaviors?

  • A. The terminal host installs all the software on the whitelist terminal, and also installs some software in the blacklist.
  • B. Some software in the whitelist is installed on the terminal host, but the software in the blacklist is not installed.
  • C. The terminal host does not install the software in the white list, nor the software in the black list.
  • D. The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

Answer: D


NEW QUESTION # 83
When the link state detection function of the USG firewall is enabled, when the interval between sending the first fragmented packet and the second fragmented packet of a TCP session is greater than the aging time of the session table, the session table will be deleted, and the subsequent packets will be deleted. The text will recreate the session table.

  • A. TRUE
  • B. FALSE

Answer: B


NEW QUESTION # 84
Which authentication methods does L2TP over IPsec dial-up support?

  • A. LDAP
  • B. PEAP authentication
  • C. Support local authentication
  • D. Radius
  • E. TSM Certified

Answer: A,C,D


NEW QUESTION # 85
Determine which QoS technology the USG device uses according to the following status information:
[USG_A] display qos policy interface tunnel 1
Interface: GigabitEthernet0/0/1
Direction: Outbound
Policy: dscp
Classifier: default-class
Matched: 0/0
(Packets/Bytes)
Rule(s): if-match any
Behavior: be
-none-
Classifier: server
Matched: 480154/41293244
(Packets/Bytes)
Offered rate: 7244746 bps, drop
rate: 242352 bps
Operator: AND
Rule(s): if-match acl 2001
Behavior: server
Assured Forwarding:
Bandwidth 40000
(Kbps)
Matched:
713659/71365900 (Packets/Bytes)
Enqueued:
36606/3660600 (Packets/Bytes)
Discarded:
677053/67705300 (Packets/Bytes)
Classifier: pc
Matched: 478498/41150828
(Packets/Bytes)
Offered rate: 7344746 bps, drop
rate: 342352
Operator: AND
Rule(s): if-match acl 2002
Assured Forwarding:
Bandwidth 40000 (Kbps)
Matched:
765394/76539400 (Packets/Bytes)
Enqueued:
39235/3923500 (Packets/Bytes)
Discarded:
726159/72615900 (Packets/Bytes)
Classifier: telephone
Matched: 550057/47304902
(Packets/Bytes)
Offered rate: 8244746 bps, drop
rate: 252352 bps
Operator: AND
Rule(s): if-match acl 2003
Behavior: telephone
Expedited Forwarding:
Bandwidth 240000
(Kbps), CBS 600000 (Bytes)
Matched:
765644/76564400 (Packets/Bytes)
Enqueued:
70553/7055300 (Packets/Bytes)
Discarded:
695091/69509100 (Packets/Bytes)

  • A. CAR
  • B. CBWFQ
  • C. WRED
  • D. GTS

Answer: B


NEW QUESTION # 86
IKE V1 - Phase negotiation is unsuccessful, what information needs to be checked, and what may be the reasons?

  • A. Check the IPsec proposal parameter configuration.
  • B. Check if the ACL configuration matches.
  • C. Check whether the physical link is normal.
  • D. View IKE debug information and UDP port 500 packet session statistics.

Answer: C,D


NEW QUESTION # 87
The description of the basic forwarding processing flow of the USG stateful inspection firewall is correct:

  • A. For the first packet, first perform single-packet-based attack defense detection, and then perform packet filtering.
  • B. When the source address network address translation is required, NAT is performed first, and then the inter-zone policy matching detection is performed.
  • C. When the destination address NAT is required, NAT is performed first, and then the inter-zone policy matching detection is performed.
  • D. When the data packets enter the firewall, the blacklist matching is performed first, and then the session table matching is performed.

Answer: A,C


NEW QUESTION # 88
In the networking application of the dual-system hot-standby mode using the USG6600, which aspects should be paid attention to?

  • A. NAT address pool and VRRP should be bound
  • B. Fast session backup
  • C. The IP addresses of the active and standby interfaces should be the same
  • D. The back and forth paths should be the same

Answer: B,D


NEW QUESTION # 89
When the network traffic is heavy, if you do not want the downstream network to be congested or directly discard a large number of packets due to the excessive data traffic sent by the upstream, you can limit and cache the traffic on the outbound interface of the upstream device, so that such packets can be compared with each other. Send out at an even speed.
This technique can be:

  • A. CBWFQ
  • B. GTS
  • C. Car
  • D. WRED

Answer: B


NEW QUESTION # 90
Mainframe hardening mainly includes which of the following aspects?

  • A. Vulnerability Scan
  • B. Database hardening
  • C. Network management system reinforcement
  • D. OS Hardening
  • E. Account password security

Answer: B,D,E


NEW QUESTION # 91
The ISO27000 series includes several security standards, which of these standards are relevant to information security technology risk management:

  • A. ISO27002
  • B. ISO27004
  • C. ISO27003
  • D. ISO27005

Answer: D


NEW QUESTION # 92
The correct order of URL filtering processing flow is:
① The NGFW matches the URL information with the blacklist.
② The NGFW matches the URL information with the whitelist.
③ NGFW matches URL information with custom categories.
④ Start remote server classification query.
⑤ NGFW matches URL information with predefined categories in the local cache.

  • A. ①②③⑤④
  • B. ④③⑤①②
  • C. ②①③⑤④
  • D. ①②③④⑤

Answer: C


NEW QUESTION # 93
In the networking of MPLS Spoke-Hub, what routing protocol is used between Hub-PE and Spoke-PE to exchange routing?

  • A. IBGP
  • B. EBGP
  • C. OSPF
  • D. RIP

Answer: B


NEW QUESTION # 94
According to the following networking, a customer uses the BGP traffic diversion policy route back injection method. Which of the following configurations must be configured on the cleaning device?

  • A. firewall ddos bgp-next-hop 10.1.3.1
  • B. interface GigabitEthernet2/0/2 anti-ddos flow-statistic enable
  • C. firewall ddos bgp-next-hop fib-filter
  • D. ip route-static 0.0.0.0 0 10.1.3.1

Answer: A


NEW QUESTION # 95
......

Huawei Certified H12-731-ENU  Dumps Questions Valid H12-731-ENU Materials: https://passleader.free4dump.com/H12-731-ENU-real-dump.html

Related Articles

more
Huawei H12-731-ENU Certification Practice Exam