Huawei HCIE-Security (Huawei Certified Internetwork Expert-Security) - H12-731-ENU무료 덤프문제 풀어보기
For some large IP data packets, in order to meet the requirements of the MTU (Maximum Transmission Unit) of the link layer, it needs to be fragmented and divided into several IP packets during the transmission process. In each IP header there is an offset field and a split flag (MF), where the offset field indicates the location of the fragment in the entire IP packet. If the attacker sets the offset field to an incorrect value after intercepting the IP data packet, the receiver cannot correctly combine the values of the offset field in the data packet after receiving the split data packets. In this way, the receiver will keep trying, and the operating system will crash due to resource exhaustion.
What is this attack method?
What is this attack method?
정답: D
In the networking of MPLS Spoke-Hub, what routing protocol is used between Hub-PE and Spoke-PE to exchange routing?
정답: C
After the USG enables the HRP backup function, key configuration commands and session table status information will be synchronously backed up to the standby device in real time. What configuration commands and status information can be backed up?
정답: A,C,E
What is the matching priority order of the URL filtering of the USG firewall?
정답: A
VGMP unified management of VRRP backup group status, the priority of VGMP management group Active is 65001, and the priority of Standby is 65000. When the VGMP management group monitors the interface Down through the VRRP backup group or directly, the priority of the VGMP management group will be recalculated. When each interface is Down, the priority of the VGMP management group decreases by 2.
정답: B
The terminal uses Agent for 802.1x authentication, the IP address of SC and Radius server is 172.18.10.68, and it always prompts network communication failure during authentication;
Viewing the Radius authentication log shows that the Radius authentication is successful and the authorization is ACL3001. The switch configuration is as follows:
dot1x enable
dot1x authentication-method eap
radius-server template lzy
radius-server shared-key simple 123456
radius-server authentication 172.18.10.68 1812
radius-server accounting1 72.1 3.10.63 1813
radius-server authorization 172.18.10.68 shared-key simple 123456
aaa
authentication-scheme default
authentication-scheme auth
authentication-mode radius
accounting-scheme acco
accounting-mode radius
accounting realtime 3
domain default
authentication-scheme auth
accounting-scheme acco
radius-server lzy
interface GigabitEthernet0/0/14
description connect 222
port hybrid pvid vlan 105
port hybrid untagged vlan 105
dot1x enable
acl number 3001
rule 1 permit ip destination 172.18.100.235 0
rule 2 permit ip destination 172.18.100.237 0
rule 10 deny ip
What could be the reason for the failure of network communication?
Viewing the Radius authentication log shows that the Radius authentication is successful and the authorization is ACL3001. The switch configuration is as follows:
dot1x enable
dot1x authentication-method eap
radius-server template lzy
radius-server shared-key simple 123456
radius-server authentication 172.18.10.68 1812
radius-server accounting1 72.1 3.10.63 1813
radius-server authorization 172.18.10.68 shared-key simple 123456
aaa
authentication-scheme default
authentication-scheme auth
authentication-mode radius
accounting-scheme acco
accounting-mode radius
accounting realtime 3
domain default
authentication-scheme auth
accounting-scheme acco
radius-server lzy
interface GigabitEthernet0/0/14
description connect 222
port hybrid pvid vlan 105
port hybrid untagged vlan 105
dot1x enable
acl number 3001
rule 1 permit ip destination 172.18.100.235 0
rule 2 permit ip destination 172.18.100.237 0
rule 10 deny ip
What could be the reason for the failure of network communication?
정답: A
The following configuration, when the physical state of interface G0/0/1 goes down, what will happen to the switch switch?
PC ----------------- (G0/0/1) FW (G0/0/2) ---------------- Switch
#
interface GigabitEthernet0/0/1
link-group 1
interface GigabitEthernet0/0/2
link-group 1
#
PC ----------------- (G0/0/1) FW (G0/0/2) ---------------- Switch
#
interface GigabitEthernet0/0/1
link-group 1
interface GigabitEthernet0/0/2
link-group 1
#
정답: A
If you use a mobile terminal (Android or Apple system) to access intranet resources through a web proxy, which of the following methods should be recommended?
정답: B
Which of the following descriptions about IP-Link is incorrect?
정답: A,B
The difference between IKEv1 and IKEv2, which of the following descriptions are correct?
정답: B,D
Which of the following options can be used as conditions for Portal push ?
정답: B,C,E,F
On the USG stateful inspection firewall, if the administrator sets the security policy for data packets from Trust to Untrust to permit, and the security policy for data packets in the opposite direction to deny, the final result is:
정답: B,C
As shown in the figure below, a company uses the USG6600 firewall as the egress. The company has two egresses. Carrier A and carrier B share the egress load. When an engineer deploys the firewall, two egresses are added to the untrust zone at the same time. The user has joined the trust zone and made source NAT mapping. After the deployment, it is found that some users have normal access to the Internet, while some users have very slow access to the Internet, and even sometimes cannot access the Internet.
[USG] display firewall session table verbose
http VPN: public --> public
Zone: trust --> untrust TTL: 00:00:10 Left: 00:00:08
Interface: GigabitEthernet0/0/0 Nexthop: 41.134.5.49 MAC: F0-DE-F1-69-26-91
<--packets: 9 bytes: 364 -->packets: 9 bytes: 364
10.16.1.20:5246 [41.134.5.52:5246] --> 16.8.3.8:80
http VPN: public --> public
Zone: trust --> untrust TTL: 00:10:00 Left: 00:09:59
Interface: GigabitEthernet0/0/1 Nexthop: 41.160.30.65 MAC: 00-21-97-cf-22-38
<--packets: 4 bytes: 238 -->packets: 14 bytes: 1640
10.16.1.122:3745 [41.134.5.52:3745] --> 2.2.2.2:80
[USG] display ip routing-table
20:56:07 2012/09/30
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 5 Routes: 5
Destination/Mask Proto Pre Cost Flags NextHop
0.0.0.0/0
Static 60
0
RD 41.134.5.49
0.0.0.0/0
Static
60
0
RD 41.160.30.65
10.16.1.1/24
Direct
0
0
D 127.0.0.1
127.0.0.0/8
Direct
0
0D 127.0.0.1
127.0.0.1/32
Direct
0
0
D 127.0.0.1
Based on the above information, please determine which of the following descriptions is correct?
[USG] display firewall session table verbose
http VPN: public --> public
Zone: trust --> untrust TTL: 00:00:10 Left: 00:00:08
Interface: GigabitEthernet0/0/0 Nexthop: 41.134.5.49 MAC: F0-DE-F1-69-26-91
<--packets: 9 bytes: 364 -->packets: 9 bytes: 364
10.16.1.20:5246 [41.134.5.52:5246] --> 16.8.3.8:80
http VPN: public --> public
Zone: trust --> untrust TTL: 00:10:00 Left: 00:09:59
Interface: GigabitEthernet0/0/1 Nexthop: 41.160.30.65 MAC: 00-21-97-cf-22-38
<--packets: 4 bytes: 238 -->packets: 14 bytes: 1640
10.16.1.122:3745 [41.134.5.52:3745] --> 2.2.2.2:80
[USG] display ip routing-table
20:56:07 2012/09/30
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 5 Routes: 5
Destination/Mask Proto Pre Cost Flags NextHop
0.0.0.0/0
Static 60
0
RD 41.134.5.49
0.0.0.0/0
Static
60
0
RD 41.160.30.65
10.16.1.1/24
Direct
0
0
D 127.0.0.1
127.0.0.0/8
Direct
0
0D 127.0.0.1
127.0.0.1/32
Direct
0
0
D 127.0.0.1
Based on the above information, please determine which of the following descriptions is correct?
정답: A,D