Latest Huawei H12-731-ENU Actual Free Exam Questions & Community Discussion, Page 1

Question #1

As shown in the figure below, a company uses the USG6600 firewall as the egress. The company has two egresses. Carrier A and carrier B share the egress load. When an engineer deploys the firewall, two egresses are added to the untrust zone at the same time. The user has joined the trust zone and made source NAT mapping. After the deployment, it is found that some users have normal access to the Internet, while some users have very slow access to the Internet, and even sometimes cannot access the Internet.
[USG] display firewall session table verbose
http VPN: public --> public
Zone: trust --> untrust TTL: 00:00:10 Left: 00:00:08
Interface: GigabitEthernet0/0/0 Nexthop: 41.134.5.49 MAC: F0-DE-F1-69-26-91
<--packets: 9 bytes: 364 -->packets: 9 bytes: 364
10.16.1.20:5246 [41.134.5.52:5246] --> 16.8.3.8:80
http VPN: public --> public
Zone: trust --> untrust TTL: 00:10:00 Left: 00:09:59
Interface: GigabitEthernet0/0/1 Nexthop: 41.160.30.65 MAC: 00-21-97-cf-22-38
<--packets: 4 bytes: 238 -->packets: 14 bytes: 1640
10.16.1.122:3745 [41.134.5.52:3745] --> 2.2.2.2:80
[USG] display ip routing-table
20:56:07 2012/09/30
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 5 Routes: 5
Destination/Mask Proto Pre Cost Flags NextHop
0.0.0.0/0
Static 60
0
RD 41.134.5.49
0.0.0.0/0
Static
60
0
RD 41.160.30.65
10.16.1.1/24
Direct
0
0
D 127.0.0.1
127.0.0.0/8
Direct
0
0D 127.0.0.1
127.0.0.1/32
Direct
0
0
D 127.0.0.1
Based on the above information, please determine which of the following descriptions is correct?

A. The problem is caused by an equal-cost route.

B. It can be inferred that the source NAT configuration is correct.

C. The problem is caused by the user's PC.

D. The issue is related to carrier network stability.

Discussion 0

Correct Answer: A,B Vote an answer

Question #2

A company has the following requirements:
The intranet users in the Trust area are on the 192.168.1.0/24 network segment and can access the Internet. There are a total of 50 hosts (192.168.1.1-192.168.1.50) with a total curtain of 500M.
The following plans are reasonable:

A. The overall bandwidth is limited to 500M, and the maximum bandwidth of each IP is 12M.

B. The overall bandwidth is limited to 500M, and the maximum bandwidth of 192.168.1.1-192.168.1.50 per IP is 12M.

C. The overall bandwidth is limited to 400M, and the maximum bandwidth per IP is 12M.

D. The overall belt curtain is limited to 500M, the guaranteed belt curtain is 500M, and the maximum belt curtain per IP is 10M.

Discussion 0

Correct Answer: B Vote an answer

Question #3

Which of the following descriptions are correct about the way SAC devices are connected to the network?

A. SACG is usually side-mounted on the core switch device and uses policy routing to divert traffic.

B. SACG equipment is required to communicate with the terminal at Layer 2.

C. SACG supports side-hook on non-Huawei devices.

D. SACG devices are required to communicate with the Agile Controller at Layer 2.

Discussion 0

Correct Answer: A,C Vote an answer

Question #4

When configuring an IKE proposal, which of the following three parameters must be configured?

A. PFS

B. DH-group

C. security acl

D. encryption algorithm

E. Hash algorithm

Discussion 0

Correct Answer: B,D,E Vote an answer

Question #5

Which of the following conditions does not trigger re-authentication for the 802.1x process?

A. In the post-authentication domain state, the user performs business system authentication.

B. In the post-authentication domain state, the Agile Controller AGENT periodically checks the security state of the terminal and needs to be isolated.

C. In isolation, the end user clicks the repair operation (complete the repair of serious violations).

D. In the isolated state, the end user manually repairs it, then clicks logout, and then clicks the authentication operation.

Discussion 0

Correct Answer: A Vote an answer

Question #6

In NGFW, to use the RBL blacklist, which of the following key options need to be configured by the network administrator?

A. Reply Code

B. SMTP server IP address

C. DNS server

D. RBL server IP address

Discussion 0

Correct Answer: A,C Vote an answer

Question #7

Which of the following options is not part of the visitor management process?

A. page customization

B. The account is automatically offline

C. Account Application

D. Account Approval

E. Internet Behavior Audit

F. Account authorization

Discussion 0

Correct Answer: B Vote an answer

Question #8

The following figure shows the IKEv1 negotiation process. What information is negotiated in the ① and ② messages?

A. IKE Security Proposal

B. ID payload

C. AUTH payload

D. Swap temporary random numbers

Discussion 0

Correct Answer: A,D Vote an answer

Question #9

Which of the following statements about Unified Threat Management is true?

A. Solve the problem of current serial device deployment, such as firewall devices, IPS devices, AV devices, etc. are connected in series on a link.

B. The unified threat management device integrates firewall, IPS, AV, AS, Internet behavior management and other functions.

C. In the use of users, the management and investment of network equipment is reduced, and network management personnel only need to master the use and management skills of a single device.

D. With the development of UTM technology, UTM devices gradually begin to completely replace traditional firewalls.

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #10

The Trust zone of the USG firewall of a certain network is connected to the terminal host, and the Untrust zone is connected to the security controller. If the security controller can issue rules to the USG, which of the following security policies must be configured?

A. security-policy rule name to_local source-zone untrust trust destination-zone local action permit

B. security-policy rule name untrust_to_local source-zone untrust destination-zone local action permit rule name local_to_trust source-zone local destination-zone trust action permit

C. security-policy rule name local_to_trust source-zone local destination-zone trust action permit

D. security-policy rule name untrust_to_local source-zone untrust destination-zone local action permit

Discussion 0

Correct Answer: D Vote an answer

Question #11

Which fields in the packet need to be analyzed in the firewall's IP packet fragmentation and reassembly?

A. Total Length

B. Fragment Offset

C. Flags

D. Lifetime TTL

E. Identifier

Discussion 0

Correct Answer: B,C,E Vote an answer

Question #12

According to the following networking, a customer uses the BGP traffic diversion policy route back injection method. Which of the following configurations must be configured on the cleaning device?

A. ip route-static 0.0.0.0 0 10.1.3.1

B. firewall ddos bgp-next-hop fib-filter

C. interface GigabitEthernet2/0/2 anti-ddos flow-statistic enable

D. firewall ddos bgp-next-hop 10.1.3.1

Discussion 0

Correct Answer: D Vote an answer

Question #13

Configuration database mirroring fails in Agile Controller, which of the following descriptions are correct?

A. Make sure that the primary data server, mirror database server, and witness database server can access each other's shared folders using IP addresses (as long as they can be accessed by IP addresses).

B. This kind of problem is mainly caused by the dbmirror sharing error.

C. If the server is not joined to the domain, you need to run the TsmMaintainTool.bat tool to modify the configuration parameters of the mirroring tool.

D. It is required that each database mirror server has closed the windows firewall.

Discussion 0

Correct Answer: B,D Vote an answer

Question #14

In the networking application of the dual-system hot-standby mode using the USG6600, which aspects should be paid attention to?

A. The IP addresses of the active and standby interfaces should be the same

B. Fast session backup

C. NAT address pool and VRRP should be bound

D. The back and forth paths should be the same

Discussion 0

Correct Answer: B,D Vote an answer

Huawei H12-731-ENU Actual Free Exam Questions & Community Discussion

Download Free Huawei H12-731-ENU Demo