What Accurate H12-711_V3.0 Exam Is

NEW QUESTION 1

Which of the following options is correct regarding the matching conditions of a security policy? (multiple choice)

• A. matching condition"source security zone"is an optional parameter
• B. matching condition"period"is an optional parameter
• C. matching condition"application"is an optional parameter
• D. matching condition"Serve"is an optional parameter

Answer: ABCD

NEW QUESTION 2

Which of the following options arePKIComponents of the architecture? (multiple choice)

• A. end entity
• B. Certificate Authority
• C. Certificate Registration Authority
• D. certificate store

Answer: ABCD

NEW QUESTION 3

againstIPspoofing attack (IP Spoofing), which of the following is an error?

• A. IPSpoofing attacks are based onIPaddress trust relationship to initiate
• B. IPAfter a successful spoofing attack, the attacker can use forged arbitraryIPThe address impersonates a legitimate host to access key information
• C. The attacker needs to put the sourceIPlandaddress masquerading as a trusted host and sendSYNmarkNote the data segment request connection
• D. based onIPThe hosts in the trust relationship of the addresses can log in directly without entering password authentication.

Answer: C

NEW QUESTION 4

In which of the following scenarios does the firewall generate the Server map table? ( )

• A. NAT Server is deployed on the firewall
• B. ASPF is deployed on the firewall and forwards the traffic of the multi-channel protocol
• C. When the firewall generates a session table, it will generate a Server-map table
• D. Security policies are deployed on the firewall and traffic is released

Answer: AB

NEW QUESTION 5

EuropeTCSECThe guidelines are divided into two modules, functional and evaluation, and are mainly used in the military, government and commercial fields

• A. True
• B. False

Answer: A

NEW QUESTION 6

Which of the following statements about the patch is incorrect?

• A. A patch is a small program made by the original author of the software for a discovered vulnerability
• B. Not patching does not affect the operation of the system, so whether patching is irrelevant or not.
• C. Patches are generally updated continuously.
• D. Computer users should download and install the latest patches in a timely manner to protect their systems

Answer: B

NEW QUESTION 7

In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options are correct for the description of tracking technology? (multiple choice)

• A. Packet logging technology through the tracedIPInsert trace data into packets to mark packets on each router mentioned
• B. Link detection technology determines the information of the attack source by testing the network connection between routers
• C. Packet marking technology extracts attack source information by logging packets on routers and then using data drilling techniques
• D. Shallow mail behavior analysis can achieveIPlandAnalysis of information such as address, sending time, sending frequency, number of recipients, shallow email headers, etc.

Answer: ABD

NEW QUESTION 8

aboutVRRP/VGMP/HRPWhich of the following statements is correct? (multiple choice)

• A. VRRPResponsible for sending free messages during active/standby switchoverARPDirect traffic to the new master
• B. VGMPResponsible for monitoring equipment failures and controlling rapid switching of equipment
• C. HRPResponsible for data backup during dual-system hot standby operation
• D. inActivestateVGMPGroups may containStandbystateVRRPGroup

Answer: ABC

NEW QUESTION 9

Which of the following options is correct regarding the actions of the security policy and the description of the security profile? (multiple choice)

• A. Prohibited if the action of the security policy is"prohibit", the device will discard this traffic, and will not perform content security checks in the future.
• B. The security profile can take effect even if the action is allowed under the security policy
• C. The security profile must be applied under the security policy whose action is Allowed to take effect.
• D. If the security policy action is"allow", the traffic will not match the security profile

Answer: AC

NEW QUESTION 10

Which of the following options is not a private network IP address?

• A. 192.168.254.254/16
• B. 172.32.1.1/24
• C. 10.32.254.254/24
• D. 10.10.10.10/8

Answer: B

NEW QUESTION 11

Which of the following options are application risks (multiple choice)

• A. Internet virus
• B. Email Security
• C. Database system configuration security
• D. WEBservice security

Answer: ABCD

NEW QUESTION 12

existUSGIn the series firewalls, which of the following commands can be used to queryNATconversion result?

• A. display nat translation
• B. display firewall session table
• C. display current nat
• D. display firewall nat translation

Answer: B

NEW QUESTION 13

The default authentication domain of the USG6000 series firewall is the ______ domain.[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

Please sort the following digital envelope encryption and decryption process correctly.

• A. uses B's public key to encrypt the symmetric key to generate a digital envelope
• B. After receiving the encrypted information from A, B uses its own private key to open the digital envelope to obtain the symmetric key.
• C. uses a symmetric key to encrypt the plaintext to generate ciphertext information.
• D. B uses the symmetric key to decrypt the ciphertext information to obtain the original plaintext.
• E. A sends the digital envelope and cipher text information to B

Answer: ABCDE

NEW QUESTION 15

About the rootCACertificate, which of the following descriptions is incorrect?

• A. Issuer isCA
• B. The certificate subject name isCA
• C. public key information isCA's public key
• D. signature isCAgenerated by public key encryption

Answer: D

NEW QUESTION 16

Which of the following VPNs cannot be used in site-to-Site scenarios?

• A. SSL VPN
• B. L2TP VPN
• C. IPSec VPN
• D. GRE VPN

Answer: D

NEW QUESTION 17
......