H12-721-Hcnp-Security-Cisn-Huawei-Certified-Network-Professional-Constructing-Infrastructure-Of-Security-Network-With-Answers.pdf

Huawei

H12-721
HCNP-Security-CISN (Huawei Certified Network Professional
- Constructing Infrastructure of Security Network)



http://killexams.com/exam-detail/H12-721

,QUESTION: 89
Shown below is an IPSec standby scenario, with main link A and backup link B.
Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we
want to ensure that the primary and redundant backup link via IP-Link is
configured.




Which of the following is the correct cstatic routeonfiguration from the
headquarters to the branch office?


A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2
C. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
D. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2


Answer: C


QUESTION: 90
An enterprise branch firewall is configured for NAT. As shown in the figure,
USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you
need to configure what on USG_B? (Choose two answers)




39

,A. Configure a NAT Policy, citing the rule to allow the network segment’s source
and destination IP addresses for the ACL.
B. Configuration the IKE peer, use name authentication, and remote-address of the
interface address on USG_A
C. Configure a NAT Policy, where there is first a deny IPsec rule within the
enterprise network to protect the data flow from within the headquarters of the
network, and then permit the enterprise network to the Internet network data
stream.
D. Configure a IPSec policy template, citing the IKE peer.


Answer: B, C


QUESTION: 91
In the Enterprise netowrk shown below, Server A and Server B can not access Web
services. Troubleshooting has found that there is firewall routing module and that
there is a problem with the routing table in USG_A An enterprise network follows,
then Server A Server B can not access Web services, administrators troubleshoot
and found no firewall routing module A problem has been to establish the
appropriate routing table, but Firewall A firewall module is provided with wrong.




40

, What troubleshooting method should be used?


A. stratification
B. Break Law
C. substitution method
D. Block Method


Answer: D


QUESTION: 92
An SSL VPN user authenticates, has enabled network expansion on the PC, and
has been assigned an IP addresses. However, the user can not access resources
within theintermal network server. Which of the following are possible reasons for
this? (Choose three)


A. Configuration error in the "Routing Client mode" configuration.
B. User access is limited
C. The network server is unreachable.
D. The PC's physical interface and assigned VPN addresses overlap.


Answer: A, B, C


QUESTION: 93
SSL VPN authentication is successful, and with the use of the file-sharing feature,
you can view the directories and files, but you can not upload, delete, or rename
files. What are possible reasons? (Choose two answers)


A. If the file server for NFS, the user's UID and GID attribute does not allow users
to upload, delete or rename the file operation.
B. If the type of file server for SMB, the user currently logged on to the file share
resource has only read permission and no write access.
C. The SSL firewall configuration file sharing feature allows only viewing.
D. Some TCP connections between the gateway and the virtual file server are
blocked by the firewall.


Answer: A, B




41