• Home
  • Articles
  • [2023] H12-731-ENU Exam Dumps, Test Engine Practice Test Questions [Q23-Q42]

[2023] H12-731-ENU Exam Dumps, Test Engine Practice Test Questions [Q23-Q42]

Share

[2023] H12-731-ENU Exam Dumps, Test Engine Practice Test Questions

Pass H12-731-ENU exam [Feb 11, 2023] Updated 205 Questions

NEW QUESTION 23
Regarding the Internet access area in the data, the correct planning and deployment suggestions are:

  • A. FW2 mainly prevents internal illegal traffic from accessing the DMZ service area and illegally accessing the Internet.
  • B. DDos cleaning and detection equipment must be placed in the external network interface area to ensure that attack traffic is detected first.
  • C. FW1 is mainly used to prevent external illegal traffic from accessing the DMZ service area and to prevent attack traffic from inside the SSL tunnel.
  • D. Deploy IPS devices in the DMZ area bypass. If the defense function is realized, it is necessary to pass policy routing or static routing in the DMZ area switch to allow data to pass through the IPS devices.

Answer: A,B,D

 

NEW QUESTION 24
If the content of the visited web page contains filtered content, what will be the result?

  • A. The filter content is deleted and will not be displayed.
  • B. Displays "The page has been filtered".
  • C. Displays "Cannot open webpage"
  • D. The filter content is replaced by "*".

Answer: C

 

NEW QUESTION 25
Mobile employees access the headquarters through an L2TP over IPsec tunnel. The correct statement about planning and deployment is:

  • A. Since IKE V1 cannot assign addresses to remote users, address assignment must be achieved through L2TP.
  • B. The security ACL of the USG gateway at the headquarters should be [USG] acl 3000 [USG-acl-adv-3000] rule permit udp source-port eq 1701
  • C. The NAT traversal function cannot be used.
  • D. L2TP generally uses NAS-Initialized mode.

Answer: A,B

 

NEW QUESTION 26
Which of the following options fall under the scope of visitor management?

  • A. The guest uses the account to authenticate
  • B. Visitor page customization
  • C. Visitor online behavior audit
  • D. Visitors register on the registration page
  • E. Guest Account Approval
  • F. Guest Account Creation

Answer: B,C,E,F

 

NEW QUESTION 27
Which fields in the packet need to be analyzed in the firewall's IP packet fragmentation and reassembly?

  • A. Total Length
  • B. Identifier
  • C. Flags
  • D. Lifetime TTL
  • E. Fragment Offset

Answer: B,C,E

 

NEW QUESTION 28
The USG serves as the gateway of the headquarters. Users on business trips need to use the Internet to establish a VPN tunnel to access the resources of the headquarters, and users on business trips do not need to install any dial-up software. Which of the following VPN technologies is most suitable:

  • A. GRE
  • B. L2TP
  • C. IPsec VPN
  • D. SSL VPN

Answer: D

 

NEW QUESTION 29
By viewing the configuration information of a USG firewall running normally on the live network, the following information is obtained:
#
ip service-set http 8080 type object
service 0 protocol tcp destination-port 8080
#
security-policy
rule name untrust_to_dmz1
source-zone untrust
destination-zone dmz
service ftp
destination-address 192.168.5.3
32
action permit
rule name un trust_to_dmz2
source-zone untrust
destination-zone dmz
service service-set http_8080
destination-address 192.168.5.2
32
action permit
#
Which of the following statements is incorrect:

  • A. External network users can use non-21 port to establish ftp connection with the server whose address is 192.168.5.3.
  • B. External network users can access the destination port 8080 of the server whose address is 192.168.5.2.
  • C. External network users can use port 21 to establish an ftp connection with the server whose address is 192.168.5.3.
  • D. External network users can use port 80 to access the www service of the server whose address is 192.168.5.2.

Answer: A,D

 

NEW QUESTION 30
Use NGFW for SSL VPN connection, use certificate authentication, certificate can be selected, but after clicking login, you cannot log in to the resource page. After using debug check on NGFW, it prompts that the certificate is wrong.
<NGFW>debugging ssl error
<NGFW>terminal debugging
<NGFW>terminal monitor
*0.10012266 USG2130 SSL/7/error:
SSL 3.0, Alert, write, fatal bad certificate
But check that the certificate is complete and the contents of the certificate are correct.
What are the possible reasons for this certificate validation error?

  • A. The certificate is within the validity period, but the system clock is wrong, and the system clock is not within the validity period.
  • B. When the certificate expires, the system clock is not the current time, but is configured within the certificate's validity period.
  • C. The system clock is correct, but the certificate has expired.
  • D. A browser that does not support SSL3.0 is used.

Answer: A,C

 

NEW QUESTION 31
Which of the following tasks need to be completed before configuring an IPsec security policy?

  • A. Configure IKE security proposals and IKE peers
  • B. Configure DPD
  • C. Define the protected data stream
  • D. Configure IPsec Security Proposal
  • E. Configure NAT Traversal

Answer: A,C,D

 

NEW QUESTION 32
A server on the network has been responding very slowly recently. By looking at its running status, it is found that its CPU and memory usage ratio is high, but there is little or no data transmission in these TCP session connections.
For the following judgments about this problem phenomenon, please choose the best one:

  • A. The server is under HTTP POST slow attack.
  • B. The server is under UDP flood attack.
  • C. The server is under a TCP spoofing attack.
  • D. The server is under SYN flood attack.

Answer: A

 

NEW QUESTION 33
As shown in the figure, the corresponding defense methods are:

  • A. Defense by TTL checking
  • B. Payload Check Defense
  • C. Fingerprint Learning Defense
  • D. Authenticate the user through the associated TCP protocol
  • E. Method defense through source authentication

Answer: B,C,D

 

NEW QUESTION 34
When a corporate intranet user accesses the Internet through the USG firewall, a URL has been added to the blacklist, but the user can still access it. What are the possible reasons for the failure of the URL filtering function?

  • A. No URL filtering policy applied in the corresponding inter-domain direction
  • B. URL remote query function is not enabled
  • C. No URL filtering profile submitted
  • D. Remote URL list not updated

Answer: A,C

 

NEW QUESTION 35
In the Agile Controller solution, the USG is used for hardware SACG access authentication.
According to the following information:
<USG6700> display right-manager role-id rule
Advanced ACL 3099, 5 rules, not binding with vpn-instance
Acl's step is 1
rule 1000 permit ip (1200 times matched)
rule 1001 permit ip destination 172.13.11.2210 (501 times matched)
rule 1002 permit ip destination 172.10.11.223 0 (77 times matched)
rule 1003 permit ip destination 172.19.0.0 0.0.255.255 (0 times matched)
rule 1004 deny ip (507759 times matched)

  • A. User enters post-authentication domain
  • B. The escape route has been opened
  • C. User enters pre-authentication domain
  • D. User enters quarantine domain

Answer: B

 

NEW QUESTION 36
Which of the following descriptions about dual-system hot standby is incorrect?

  • A. After enabling fast backup, the configuration of the host can also be backed up to the standby.
  • B. The firewall configuration backup direction must be from the VGMP master state device to the backup state device.
  • C. VGMP is currently in the active state. After the VRRP interface belonging to the VGMP goes down, the VGMP state will definitely switch to the standby state.
  • D. After automatic backup is enabled, all sessions on the host will be automatically backed up to the standby.

Answer: A

 

NEW QUESTION 37
A PC receives a fragmented package as shown in the figure below. According to the following package information, which of the following options is correct?

  • A. The flag bit in the Layer 3 IP header is 1
  • B. There are subsequent IP fragments
  • C. The protocol number in the IP header is 2
  • D. offset bit is 0

Answer: B,D

 

NEW QUESTION 38
When using which of the following functions of UTM, it is necessary to ensure that the device is connected to the security service center?

  • A. Online upgrade of IPS signature library
  • B. Scan the transferred files for viruses
  • C. Remote URL Filtering
  • D. Load IPS engine
  • E. Online update virus database

Answer: A,C,E

 

NEW QUESTION 39
The whitelist + blacklist mode is adopted in terminal security management. Which of the following are normal behaviors?

  • A. The terminal host does not install the software in the white list, nor the software in the black list.
  • B. The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.
  • C. Some software in the whitelist is installed on the terminal host, but the software in the blacklist is not installed.
  • D. The terminal host installs all the software on the whitelist terminal, and also installs some software in the blacklist.

Answer: B

 

NEW QUESTION 40
Which of the following statements is true about the life cycle of an IPsec tunnel:

  • A. IPsec SA lifetime can be calculated in traffic.
  • B. The lifecycle configuration of both ends must be the same.
  • C. The soft timeout is the expiration time of the SA life cycle, and the hard timeout is the time to start negotiating a new SA before the expiration of the life cycle.
  • D. The IPsec tunnel will renegotiate a new tunnel when it reaches its lifetime.

Answer: A,D

 

NEW QUESTION 41
A network uses Agile Controller for 802.1X authentication, in which the S switch GigabitEthernet 0/0/9 is connected to the terminal host and the printer, the printer passes MAC authentication, and the terminal host needs to pass the Agent to pass the authentication. What is the correct configuration of the switch?

  • A. [Quidway] dotlx enable [Quidway] dot1X authentication-method eap [Quidway] interface GigabitEthernet 0/0/9 [Quidway-GigabitEthernet 0/0/9] port link-type a [Quidway-GigabitEthernet 0/0/ 9] port default vlan 105 [Quidway-GigabitEthernet 0/0/9] dot1x enable [Quidway-GigabitEthernet 0/0/9] dot1x port-method MAC
  • B. [Quidway] dot1X authentication-method eap [Quidway] interface GigabitEthernet 0/0/9 [Quidway-GigabitEthernet 0/0/9] port link-type a [Quidway-GigabitEthernet 0/0/9] dot1x port- method MAC
  • C. [Quidway] dot1x enable [Quidway] dot1X authentication-method eap [Quidway] interface GigabitEthernet 0/0/9 [Quidway-GigabitEthernet 0/0/9] port link-type trunk
  • D. [Quidway] dot1X authentication-method eap [Quidway] interface GigabitEthernet 0/0/9 [Quidway-GigabitEthernet 0/0/9] port link-type a [Quidway-GigabitEthernet 0/0/9] port default vlan 105 [Quidway-GigabitEthernet 0/0/9] dot1x port-method MAC

Answer: A

 

NEW QUESTION 42
......

Huawei H12-731-ENU Real 2023 Braindumps Mock Exam Dumps: https://www.dumpstorrent.com/H12-731-ENU-exam-dumps-torrent.html

Huawei H12-731-ENU Actual Questions and 100% Cover Real Exam Questions: https://drive.google.com/open?id=1qvVoCNf8U1kjO5J8QjZ8grjDl4Br7Phd 

Related Articles

more
Huawei H12-731-ENU Certification Practice Exam

Copyright © 2026 DumpsTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy