H12-721 Online Practice Questions and Answers

Which of the following VPN protocols do not provide encryption? (Choose three answers)

A. ESP

B. AH

C. L2TP

D. GRE

About BFD detection mechanism, the following statement is correct? (Choose two answers)

A. BFD control packets are encapsulated in TCP packets

B. BFD provides two detection modes: asynchronous and synchronous mode

C. After the establishment of a BFD session, both systems periodically send BFD control packets

D. At the beginning of the session, the two sides negotiate through the control system carried in the packet parameters

IPsec VPN using digital certificates for authentication has the following steps:

1.

Certificate signature verification

2.

Find the certificate serial number in the CRL

3.

Both devices share their entity certificate

4.

Verify the certificate is valid

5.

Establish a VPN tunnel

Which of the following is the correct pattern?

A. 3-2-1-4-5

B. 1-3-2-4-5

C. 3-1-4-2-5

D. 2-4-3-1-5

When an attack occurs, the attacked host (1.1.1.1) captured the results below. What type of attack is this?

A. Smurf attack

B. Land Attack

C. WinNuke

D. Ping of Death attack

In Defense gate FIN / RST Flood attack method, conversation is checked. The workflow is that when the door FIN / RST packet rate exceeds the threshold; it discards packets, and then starts the conversation check.

A. TRUE

B. FALSE

SSL works at the application layer and is encrypted for specific applications, while IPsec operates at which layer and provides transparent encryption protection for this level and above?

A. The data link layer

B. Network Layer

C. Transport Layer

D. Presentation Layer

In USG2200 series of products, GigabitEthernet 0/0/0 is the band management interface by default.

A. TRUE

B. FALSE

According to the victim host capture shown in Figure, What type of attack is this?

A. ARP Flood attack

B. HTTP Flood Attack

C. ARP spoofing attack

D. SYN Flood attack

A network is shown below.

A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn. What are valid reasons for this failure? (Choose three answers)

A. LNS tunnel tunnel name change is inconsistent with the client name.

B. L2TP tunnel authentication failed.

C. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.

D. Client PC can not obtain an IP address assigned to it from the LNS.

As shown below, the address pool for domain abc is the L2TP VPN user's address pool.

Based on the information, which of the following statements is wrong?

A. L2TP users can authenticate the domain account.

B. If the value of Used-addr-number field is less than the value of the Pool-length field, the on-line domain does not exceed the maximum number of user access number.

C. From a corporate LAN a PC can obtain an IP address, but not dial L2TP VPN users.

D. The address pool address range is from 100.0.0.2 to 100.0.0.99.