H12-721 Online Practice Questions and Answers

The mechanism of source authentication defense against HTTPS flood attacks is that the anti-DDoS device, instead of the SSL server, initiates the TCP three-way handshake with the client. If the TCP three-way handshake is complete, the source authentication succeeds.

A. TRUE

B. FALSE

Which ofthe following statements is correct about the blacklist? (Choose three answers)

A. When you log into a device and incorrectly enter the username/password three times, the IP address of the administrator will be added to the blacklist via Web or Telnet.

B. Blacklist is divided into static and dynamic.

C. When the device is perceived to have behavioral characteristics of packets to a user's attempt to attack a specific IP address, it will use a dynamic IP address blacklist technology.

D. When the packet reaches the firewall, the first thing to check for is packet filtering, and then it will match the blacklist.

An administrator views the status information and IPsec Debug information as follows: What is the most likely reason for failure?

A. The end ike ike peer strategies and policies do not match

B. The end ike remote name and peer ike name does not match

C. The end ipsec proposal and peer ipsec proposal does not match

D. The end of the Security acl or does not match the peer Security acl

USG device can be factory reset by holding down the Reset button for 1-3 seconds to recover the console password.

A. TRUE

B. FALSE

Regarding IKEv1 and IKEv2, which of the following is not correct?

A. IKEv2 builds a pair of IPsec SA, normally used twice to exchange four messages that can be used to establish a pair of IPsec Security Associations.

B. IKE version 2 does not support master mode, it uses the concept of savage mode.

C. To create the next pair of IPsec SA IKEv1 Main Mode requires only six messages.

D. IKEv2 IPsec SA established more than a pair, each additional SA on just one exchange, that is, two messages can be completed.

In defense FIN / RST Flood attack method, conversation is checked. The workflow is when the FIN / RST packet rate exceeds the threshold, discarded packets, and then start the conversation check.

A. TRUE

B. FALSE

In Client-initial mode, it can be seen from the following debug information that L2TP dial husband is lost. What is most likely cause of failure of dial-up?

A. username and password aaa configuration inconsistencies.

B. LNS name configuration error.

C. tunnel password is not configured.

D. It is not enabled for l2tp.

On the USG in hda1 ;/ we need to delete directories on sslconfig.cfg. Which of the following commands is needed to complete this operation?

A. cd: hda 1: /remove sslconfig.cfg

B. cd: hda 1: /delete sslconfig.cfg

C. cd: hda 1: /rmdir sslconfig.cfg

D. cd: hda 1: /mkdir sslconfig.cfg

A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to PC2, and the USG processes fragmented packets, which modes can be used to do this? (Choose three answers)

A. fragment cache

B. slice discarded

C. fragmentation direct forwarding

D. slicing defense

Which of the following does an IPSec VPN use to encrypt the communication data stream?

A. Public Key Encryption

B. Private key encryption

C. Symmetric key encryption

D. Pre-shared key encryption