[H12-711 free questions] H12-711 HCNA-Security Test Online

1. To establish TCP connection between client A and server B, in the three-way handshake, B sent A SYN + ACK (seq=b，ack=a+1), which of the following statements are correct?

the packet is to confirm the SYN packet of series number b

the packet is to confirm the SYN packet of serial number a+1

B next wish to receive an ACK packet series number of B

B next wish to receive an ACK packet series number of a+1

2. What is the address range of rule permit ip source 192.168.11.35 0.0.0.31 ?

192.168.11.0-192.168.11.255

192.168.11.32-192.168.11.63

192.168.11.31-192.168.11.64

192.168.11.32-192.168.11.64

3. Which of the following statement about firewall shard cache function are correct? ( multiple choice)

after configuring fragmentation packet directly forwarding function , firewall does not cache fragmentation packets

after configuring fragmentation packet directly forwarding function, for fragmentation packet which is not the first piece of fragmented packets, the firewall will forwarding based on inter-domain filtering policy

fragmented packets will create the session table, also can find the session table when forwarding

not the first piece of fragment packets, since there is no port number, so fragmented packets directly forwarding function can not generally be used in a NAT environment

4. Which of the following does not belong to UTM (Unified Threat Management) function?

IPS intrusion defense

Internet behavior management

Terminal security management

AV gateway anti-virus

5. Which of the following components are terminal security system mainly composed of ? ( multiple choice)

Anti-virus server

SC control server

Access control equipment

SM management server

6. Symmetric encryption algorithm encryption key and decryption key are the same, asymmetric encryption algorithm encryption key and decryption key are not the same. IPsec in business data encryption and decryption use symmetric encryption algorithm.

TRUE

FALSE

7. Huawei USG firewall VRRP HELLO packets for multicast packets, it requires each router in the backup group must be able to achieve directly two layer interflow.

TRUE

FALSE

8. When ARP address resolution, ARP-REPLY packets sent by means of broadcast, hosts are able to receive on the same Layer 2 network , and thus learn the corresponding relations between the IP and MAC address.

TRUE

FALSE

9. USG state detecting firewall to view Session information as follows:

<USG > display firewall session table verbose

Current total sessions: 1

icmp VPN: public — > public

Zone: trust — > untrust Slot: 8 CPU: 0 TTL: 00:00:20 Left: 00:00:19

Interface: GigabitEthernet6/0/0 Nexthop: 107.255.255.10

<–packets: 134 bytes: 8040– > packets: 134 bytes: 8040 107.229.15.100: 1280– >

107.228.10.100:2048

Which of the following statement about above information are correct ? ( multiple choice)

In Trust area host 107.229.15.100 is visiting or have visited Untrust 107.228.10.100

the packet is VPN packet

the follow-up to the firewall packat,need to match the session table and firewall security policy

the outbound interface of forward direction flow is GigabitEthernet6/0/0

10. CA (Certificate Authority) certificate used for verifying the user’s identity of virtual gateway when SSL communication connection is established, saved in the device side, issued by the CA institution.

TRUE

FALSE

11. Which statement about L2TP message is wrong?

L2TP attached on PPP for account authentication

control message can only be used for the establishment of the tunnel and session connection, maintenance, and transmission control

Data messages can only be used to encapsulate PPP frame and transmission in tunnels

Control messages and data messages can provide flow control and congestion control functions

12. Which of the following attack does not belong to the network layer attack?

IP spoofing attack

Smurf attack

ARP spoofing attack

ICMP attack

13. Use NAT technology, can only switch the network layer information (IP address) in the data packet.

TRUE

FALSE

14. ASPF (Application Specific Packet Filter) is a kind of packet filtering based on the application layer, it checks the application layer protocol information and monitor the connection state of the application layer protocol. ASPF by Server Map table achieves a special security mechanism.

Which statement about ASPF and Server map table are correct? (Multiple choice)

ASPF monitors the packets in the process of communication

ASPF dynamically create and delete filtering rules

ASPF through server map table realize dynamic to allow multi-channel protocol data to pass

quintuple server-map entries achieve a similar functionality with session table

15. Forward in the process of online user management, online user authentication occurs only in the first package process, once the user through the authentication, equipment set up the session table, subsequent packets do not need to be repeated user authentication.

TRUE

FALSE

16. The attacker by sending ICMP response request, and will request packet destination address set to suffer Internet radio address.

Which kind of attack does this behavior belong to?

IP spoofing attack

Smurf attack

ICMP redirect attack

SYN flood attack

17. Which of the following does not belong to the AES secret key length?

128

192

256

18. Which of the following options is AH protocol number?

19. Which of the following does AAA contains?

Authentication

Authorization

Accounting

Audit

20. SA uniquely identified by a triplet, which of the following does not belong to the SA triplet?

security protocol

source IP address

destination IP address

Security parameters index

HCNA-Security H12-711 Free Questions To Test Online

Leave a Reply Cancel reply