• Home
  • Blogs
  • Updated PDF (New 2022) Actual Huawei H12-711_V3.0 Exam Questions [Q16-Q41]

Updated PDF (New 2022) Actual Huawei H12-711_V3.0 Exam Questions [Q16-Q41]

Share

Updated PDF (New 2022) Actual Huawei H12-711_V3.0 Exam Questions

Verified H12-711_V3.0 Exam Dumps PDF [2022] Access using itPass4sure

NEW QUESTION 16
Regarding the description of SSL VPN, which of the following is correct?

  • A. Can be used without a client
  • B. No authentication required
  • C. The IP layer can be encrypted
  • D. There is a NAT traversal problem

Answer: A

 

NEW QUESTION 17
On Huawei USG series firewalls, the default security policy does not support modification.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 18
Which of the following NAT technologies can realize a public network address to provide source address translation for multiple private network addresses? (Multiple choice)

  • A. NAT No-PAT
  • B. NAT Server
  • C. NAPT
  • D. Easy-ip

Answer: C,D

 

NEW QUESTION 19
In the process of using the digital envelope, which of the following information will be encrypted? (Multiple choice)

  • A. Receiver's private key
  • B. Symmetric key
  • C. User data
  • D. Receiver's public key

Answer: B,C

 

NEW QUESTION 20
When configuring user single sign-on, if the mode of querying the security log of the AD server is adopted, please sort the following authentication processes:

Answer:

Explanation:

 

NEW QUESTION 21
Social engineering is a kind of harmful means such as deception and harm through psychological traps such as psychological weakness, instinctual reaction, curiosity, trust, and greed of the victim.

  • A. TURE
  • B. FALSE

Answer: A

 

NEW QUESTION 22
Which of the following options are malicious programs? (Multiple choice)

  • A. Vulnerabilities
  • B. Viruses
  • C. Worms
  • D. Trojan Horse

Answer: B,C,D

 

NEW QUESTION 23
Regarding the description of IP Spoofing, which of the following is wrong?

  • A. The attacker needs to disguise the source IP address as a trusted host and send a data segment marked with SYN to request a connection
  • B. After an IP spoofing attack is successful, the attacker can use any forged IP address to imitate a legitimate host to access key information
  • C. Hosts in a trust relationship based on IP addresses can log in directly without entering password verification
  • D. IP spoofing attacks are launched by using the normal IP address-based trust relationship between hosts

Answer: A

 

NEW QUESTION 24
Which of the following options is the protocol number of GRE?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 25
Which of the following is the action to be taken in the eradication phase in cybersecurity emergency response? (Multiple choice)

  • A. Look for trojan horses, illegal authorizations, and system loopholes, and deal with them in time
  • B. Revise the security policy based on the security incidents that occur, and enable security auditing
  • C. Confirm the degree of damage caused by the security incident and report the security incident
  • D. Block the attacking behavior and reduce the scope of influence

Answer: A,B

 

NEW QUESTION 26
Which of the following options belong to the core elements of the IATF (Information Assurance Technology Framework) model? (Multiple choices)

  • A. People
  • B. Technology
  • C. Operation
  • D. Environment

Answer: A,B,C

 

NEW QUESTION 27
Regarding the business continuity plan, which of the following statements is correct? (Multiple choice)

  • A. Not all safety incidents must be reported to the company's senior management
  • B. All possible accidents are thought not to be predicted, so BCP needs to be flexible
  • C. The business continuity plan does not require the participation of the company's senior management before it is formally documented
  • D. The business continuity plan does not require the participation of the company's senior management during the project scope stage

Answer: A,B,C

 

NEW QUESTION 28
When deploying the IPSec VPN tunnel mode, the AH protocol is used for packet encapsulation. In the header field of the new IP packet, which of the following parameters does not require data integrity verification?

  • A. Destination IP address
  • B. Source IP address
  • C. Idetification
  • D. TTL

Answer: D

 

NEW QUESTION 29
Which of the following is not a major form of computer crime?

  • A. Hacking the target host
  • B. Plant a Trojan horse into the target host
  • C. Use a computer to conduct personal surveys
  • D. Use scanning tools to collect network information without permission

Answer: C

 

NEW QUESTION 30
Which of the following is not included in the steps of the safety assessment method?

  • A. Penetration testing
  • B. Questionnaire
  • C. Data analysis
  • D. Manual audit

Answer: C

 

NEW QUESTION 31
The configuration command regarding the NAT address pool is as follows:
nat address-group 1
section 0 202.202.168.10 202.202.168.20
mode no-pat
Among them, the meaning of the NO-PAT parameter is:

  • A. Do not convert address
  • B. Do not convert destination ports
  • C. Do not convert the source port
  • D. Perform port multiplexing

Answer: C

 

NEW QUESTION 32
Regarding the description of VGMP group management, which of the following is wrong?

  • A. The VGMP of the active and standby firewalls periodically send hello messages
  • B. The interface types and numbers of the heartbeat ports of the two firewalls can be different, as long as the Layer 2 interoperability can be ensured.
  • C. All changes in the active/standby status of a VRRP backup group need to be notified to the VGMP management group it belongs to
  • D. The active and standby equipment learns the status of each other through the heartbeat line exchange messages, and backs up related commands and status information.

Answer: B

 

NEW QUESTION 33
Which of the following options does not belong to the five-tuple range?

  • A. Source IP
  • B. Destination port
  • C. Source MAC
  • D. Destination IP

Answer: C

 

NEW QUESTION 34
Write a rule with iptables that does not allow 172.16.0.0.0/16 to access this device, which rule is correct?

  • A. iptables -t filter -A INPUT -s 172.16.0.0/16 -p all -j DROP
  • B. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j DROP
  • C. iptables -t filter -P INPUT -d 172.16.0.0/16 -p all -j ACCEPT
  • D. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j ACCEPT

Answer: A

 

NEW QUESTION 35
Regarding Huawei routers and switches, which of the following statements are correct? (Multiple choice)

  • A. Routers can implement some security functions, and some routers can implement more security functions by adding security boards
  • B. The switch has some security functions, and some switches can realize more security functions by adding a security board
  • C. The switch does not have security functions
  • D. The main function of the router is to forward data. When the company has security requirements, sometimes a firewall may be a more suitable choice.

Answer: A,B,D

 

NEW QUESTION 36
Which of the following options belong to the function of SSL VPN? (Multiple choice)

  • A. WEB rewrite
  • B. File sharing
  • C. Port scan
  • D. User authentication

Answer: A,B,D

 

NEW QUESTION 37
Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?

  • A. After remote users access the Internet, they can directly initiate an L2TP tunnel connection request to the remote LNS through the client software
  • B. Remote users do not need to install VPN client software
  • C. LNS assigns private IP addresses to remote users
  • D. The LNS device receives the user's L2TP connection request, and can verify the user based on the user name and password

Answer: B

 

NEW QUESTION 38
As shown in the figure, the nat server global 202.106.1.1 inside 10.10.1.1 is configured on the firewall. Which of the following configuration is correct for inter-domain rules?

  • A. rule name b, source-zone untrust, destination-zone trust, source-address 202.106.1.1 32, action permit
  • B. rule name b, source-zone untrust, destination-zone trust, source-address 10.10.1.1 32, action permit
  • C. rule named, source-zone untrust, destination-zone trust, destination-address 10.10.1.1 32, action permit
  • D. rule name c, source-zone untrust, destination-zone trust, destination-address 202.106.1.1 32, action permit

Answer: C

 

NEW QUESTION 39
When the administrator upgrades the USG firewall software version, which of the following operations are necessary? (Multiple choice)

  • A. Specify the software version to be loaded next time
  • B. Restart the device
  • C. Upload firewall version software
  • D. Restore factory settings

Answer: A,B,C

 

NEW QUESTION 40
In the _______ view of the firewall, you can use the reboot command to restart the firewall.

Answer:

Explanation:
User

 

NEW QUESTION 41
......

Try Best H12-711_V3.0 Exam Questions from Training Expert itPass4sure: https://www.itpass4sure.com/H12-711_V3.0-practice-exam.html

Related Blogs

more
Huawei H12-711_V3.0 Certification Practice Exam

Download the free demo questions to have a try. Get the latest and most valid practice questions for your exam preparation. The high quality and high pass rate will help you 100% pass.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ITPASS4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy