Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 7: HCNA-Security-CBSN (Huawei Certified Network Associate - Constructing Basic Security Network)

Full screen (f)
exit full mode
Question
In the environment of GRE configuration, which of the following statements are true? (Choose three.)

A) In order to make the ends of the tunnel forward data packets normally, the devices of both ends are configured routing which through the Tunnel interface
B) If both ends enable the configuration of keyword verification, the keyword must be the same
C) When the local device send data packets, by identifying the protocol field value of IP header for GRE to determine whether send the data packet to GRE module for processing
D) When the opposite end receives data packets, by identifying the protocol field value of IP header for GRE to determine whether send the data packet to GRE module for processing
Use Space or
up arrow
down arrow
to flip the card.
Question
Which of the Policy Center functional areas is wrong?

A) Pre-authentication domain refers to the client through the identity authentication before access to the area
B) Post-authentication domain refers to the client can access through the security certification area
C) Isolation domain refers to the client after authenticated must have access to the area
D) Isolation domain refers to the client security authentication failed the required access area
Question
Which scenarios does IPSec WEB configuration wizard not support?

A) Gateway to Gateway
B) Center Gateway
C) Branch Gateway
D) Host and Host
Question
Which of the following belongs to multi-channel protocol?

A) FTP
B) Telnet
C) HTTP
D) SMTP
Question
How to view the matching number of security policy?

A) display current-configuration
B) display policy all
C) display startup saved-configuration
D) display device
Question
Which statement about NAT is wrong? (Choose two.)

A) NAT Outbound refers to conversion to the source IP address, NAT Inbound refers to conversion to the destination IP address
B) NAT Inbound command and NAT Server command have the same functions, can choose to configure according to personal preference
C) Outbound direction NAT can support the following application modes: one-on-one, many-to-many and many-to-one
D) NAT technology can support multi-channel protocols such as FTP and other standard multi-channel protocol
Question
What problem does IPsec IKE aggressive mode mainly solve?

A) solve the problem of slow negotiation on both ends of the tunnel
B) solve the security problem in the process of negotiation
C) solve NAT traversal problem
D) solve because of uncertain originator source address cannot select pre-shared key problem
Question
In the first stage of IKE negotiation, which of the following IKE exchange mode does not provide identity protection features?

A) Main Mode
B) Aggressive Mode
C) quick mode
D) passive mode
Question
What does ACL 2999 belong to?

A) Basic Access Control Lists
B) Advanced Access Control Lists
C) Access control list based on MAC address
D) Time-based access control list
Question
When you configure a firewall between the domain security policy, if the 192.168.0.0/24 network segment is set to match object, the following configuration, which is correct? (Choose two.)

A) policy 1 policy source 192.168.0.0 mask 255.255.255.0
B) policy source 192.168.0.0 255.255.255.0
C) policy source 192.168.0.0 mask 0.0.0.255
D) policy source 192.168.0.0 0.0.0.255
Question
In most scenarios, NAT Inbound is used to the enterprise private network users to access the Internet scenario.
Question
Which of the following encryption algorithm, encryption and decryption keys are the same?

A) DES
B) RSA(1024)
C) MD5
D) SHA-1
Question
Some applications, such as Oracle database application, there is no data transfer for a long time, so that firewall session connection is interrupted, thus resulting in service interruption, which of the following technology can solve this problem?

A) Configure a long business connection
B) Configure default session aging time
C) Optimization of packet filtering rules
D) Turn fragment cache
Question
What do VLAN port types include? (Choose three.)

A) Access Port
B) Trunk port
C) Hybrid port
D) Ethernet port
Question
In the GRE configuration environment, which of the following interface or IP address is the local GRE device configuration of the end private network route required to point to? (Choose two.)

A) Tunnel Interface
B) External networks (Internet) Interface
C) Tunnel interface IP address
D) External network (Internet) interface IP address
Question
In the firewall, detect ftp command to set in which mode? (Choose two.)

A) System Model
B) Interface Mode
C) Domain Model
D) Inter-Domain mode
Question
Policy Center system can implement two dimensions' management functions: organizational management and regional management
Question
Which of the following can be supported by Policy Center access control? (Choose three.)

A) Hardware SACG (hardware security access control gateway)
B) 802.1X
C) ARP control
D) Software SACG (host firewall)
Question
In a Firewall hot standby configuration, HRP key configuration includes which of the following? (Choose three.)

A) Enable HRP backup hrp enable
B) Enabling fast backup session summary hrp mirror session enable
C) Specifies the heartbeat port hrp interface interface-type interface-number
D) Preemption delay hrp preempt [delay interval]
Question
In IPSEC VPN, which of the following scenarios can be applied by tunnel mode?

A) between the host and the host
B) between hosts and security gateways
C) between security gateways
D) between tunnel mode and transport mode
Question
In SSL handshake protocol, what is the role of Server Key Exchange message?

A) server key exchange message indicates that the server has finished sending all the information
B) in the server key exchange message, it contains set of parameters required for completing key exchange
C) it contains an X.509 certificate in server key exchange message, the public key is contained in the certificate, which is issued to the client to verify signatures or to encrypt messages when key exchange
D) in the server key exchange message, it contains the negotiated CipherSuite which is copied to the state of the current connection
Question
Which of the following statement about Internet user group management is wrong?

A) Each user group can include multiple users and user group
B) Each user group can belong to more than one parent user group
C) There is a default user group in the system; the user group is also the default authentication domain
D) Each user belongs to at least one user group, who can also belong to multiple user groups
Question
As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? <strong>As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? </strong> A) 1 2 B) 1 2 3 5 C) 1 2 4 6 D) 3 4 5 6 <div style=padding-top: 35px> <strong>As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? </strong> A) 1 2 B) 1 2 3 5 C) 1 2 4 6 D) 3 4 5 6 <div style=padding-top: 35px>

A) 1 2
B) 1 2 3 5
C) 1 2 4 6
D) 3 4 5 6
Question
<strong> Execute the command on the Firewall and display the above information. Which of the following description is correct? (Choose two.)</strong> A) This Firewall VGMP group status is Active B) The virtual IP address of the firewall G1/0/1 interface is 202.30.10.2 C) The priority of the VRRP backup group of the firewall VRID 1 is 100 D) If the master device fails, it will not switch <div style=padding-top: 35px> Execute the command on the Firewall and display the above information. Which of the following description is correct? (Choose two.)

A) This Firewall VGMP group status is Active
B) The virtual IP address of the firewall G1/0/1 interface is 202.30.10.2
C) The priority of the VRRP backup group of the firewall VRID 1 is 100
D) If the master device fails, it will not switch
Question
What are the classification of USG firewall user authentication? (Choose three.)

A) no authentication
B) password authentication
C) single sign-on (sso)
D) the fingerprint authentication
Question
Which of the following addresses can be used for web management address of USG product? (Choose three.)

A) Interface Address
B) Sub-interface address
C) Slave IP address of the interface
D) AUX interface address
Question
What are the following values can be set as in USG series firewall security level definition from the security zone? (Choose two.)

A) 150
B) 100
C) 80
D) 40
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/27
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 7: HCNA-Security-CBSN (Huawei Certified Network Associate - Constructing Basic Security Network)
1
In the environment of GRE configuration, which of the following statements are true? (Choose three.)

A) In order to make the ends of the tunnel forward data packets normally, the devices of both ends are configured routing which through the Tunnel interface
B) If both ends enable the configuration of keyword verification, the keyword must be the same
C) When the local device send data packets, by identifying the protocol field value of IP header for GRE to determine whether send the data packet to GRE module for processing
D) When the opposite end receives data packets, by identifying the protocol field value of IP header for GRE to determine whether send the data packet to GRE module for processing
In order to make the ends of the tunnel forward data packets normally, the devices of both ends are configured routing which through the Tunnel interface
If both ends enable the configuration of keyword verification, the keyword must be the same
When the opposite end receives data packets, by identifying the protocol field value of IP header for GRE to determine whether send the data packet to GRE module for processing
2
Which of the Policy Center functional areas is wrong?

A) Pre-authentication domain refers to the client through the identity authentication before access to the area
B) Post-authentication domain refers to the client can access through the security certification area
C) Isolation domain refers to the client after authenticated must have access to the area
D) Isolation domain refers to the client security authentication failed the required access area
Isolation domain refers to the client after authenticated must have access to the area
3
Which scenarios does IPSec WEB configuration wizard not support?

A) Gateway to Gateway
B) Center Gateway
C) Branch Gateway
D) Host and Host
Host and Host
4
Which of the following belongs to multi-channel protocol?

A) FTP
B) Telnet
C) HTTP
D) SMTP
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
5
How to view the matching number of security policy?

A) display current-configuration
B) display policy all
C) display startup saved-configuration
D) display device
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
6
Which statement about NAT is wrong? (Choose two.)

A) NAT Outbound refers to conversion to the source IP address, NAT Inbound refers to conversion to the destination IP address
B) NAT Inbound command and NAT Server command have the same functions, can choose to configure according to personal preference
C) Outbound direction NAT can support the following application modes: one-on-one, many-to-many and many-to-one
D) NAT technology can support multi-channel protocols such as FTP and other standard multi-channel protocol
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
7
What problem does IPsec IKE aggressive mode mainly solve?

A) solve the problem of slow negotiation on both ends of the tunnel
B) solve the security problem in the process of negotiation
C) solve NAT traversal problem
D) solve because of uncertain originator source address cannot select pre-shared key problem
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
8
In the first stage of IKE negotiation, which of the following IKE exchange mode does not provide identity protection features?

A) Main Mode
B) Aggressive Mode
C) quick mode
D) passive mode
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
9
What does ACL 2999 belong to?

A) Basic Access Control Lists
B) Advanced Access Control Lists
C) Access control list based on MAC address
D) Time-based access control list
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
10
When you configure a firewall between the domain security policy, if the 192.168.0.0/24 network segment is set to match object, the following configuration, which is correct? (Choose two.)

A) policy 1 policy source 192.168.0.0 mask 255.255.255.0
B) policy source 192.168.0.0 255.255.255.0
C) policy source 192.168.0.0 mask 0.0.0.255
D) policy source 192.168.0.0 0.0.0.255
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
11
In most scenarios, NAT Inbound is used to the enterprise private network users to access the Internet scenario.
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following encryption algorithm, encryption and decryption keys are the same?

A) DES
B) RSA(1024)
C) MD5
D) SHA-1
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
13
Some applications, such as Oracle database application, there is no data transfer for a long time, so that firewall session connection is interrupted, thus resulting in service interruption, which of the following technology can solve this problem?

A) Configure a long business connection
B) Configure default session aging time
C) Optimization of packet filtering rules
D) Turn fragment cache
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
14
What do VLAN port types include? (Choose three.)

A) Access Port
B) Trunk port
C) Hybrid port
D) Ethernet port
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
15
In the GRE configuration environment, which of the following interface or IP address is the local GRE device configuration of the end private network route required to point to? (Choose two.)

A) Tunnel Interface
B) External networks (Internet) Interface
C) Tunnel interface IP address
D) External network (Internet) interface IP address
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
16
In the firewall, detect ftp command to set in which mode? (Choose two.)

A) System Model
B) Interface Mode
C) Domain Model
D) Inter-Domain mode
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
17
Policy Center system can implement two dimensions' management functions: organizational management and regional management
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following can be supported by Policy Center access control? (Choose three.)

A) Hardware SACG (hardware security access control gateway)
B) 802.1X
C) ARP control
D) Software SACG (host firewall)
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
19
In a Firewall hot standby configuration, HRP key configuration includes which of the following? (Choose three.)

A) Enable HRP backup hrp enable
B) Enabling fast backup session summary hrp mirror session enable
C) Specifies the heartbeat port hrp interface interface-type interface-number
D) Preemption delay hrp preempt [delay interval]
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
20
In IPSEC VPN, which of the following scenarios can be applied by tunnel mode?

A) between the host and the host
B) between hosts and security gateways
C) between security gateways
D) between tunnel mode and transport mode
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
21
In SSL handshake protocol, what is the role of Server Key Exchange message?

A) server key exchange message indicates that the server has finished sending all the information
B) in the server key exchange message, it contains set of parameters required for completing key exchange
C) it contains an X.509 certificate in server key exchange message, the public key is contained in the certificate, which is issued to the client to verify signatures or to encrypt messages when key exchange
D) in the server key exchange message, it contains the negotiated CipherSuite which is copied to the state of the current connection
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following statement about Internet user group management is wrong?

A) Each user group can include multiple users and user group
B) Each user group can belong to more than one parent user group
C) There is a default user group in the system; the user group is also the default authentication domain
D) Each user belongs to at least one user group, who can also belong to multiple user groups
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
23
As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? <strong>As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? </strong> A) 1 2 B) 1 2 3 5 C) 1 2 4 6 D) 3 4 5 6 <strong>As shown, when configuring the point-to-multipoint scenarios, the headquarters network segment is 10.1.1.0/24, the segment of branch 1 is 10.1.2.0/24, of branch 2 is 10.1.3.0/24. About the protected data flow configuration which defined by headquarters and branch offices, which of the following combinations can be the full matched requirements? </strong> A) 1 2 B) 1 2 3 5 C) 1 2 4 6 D) 3 4 5 6

A) 1 2
B) 1 2 3 5
C) 1 2 4 6
D) 3 4 5 6
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
24
<strong> Execute the command on the Firewall and display the above information. Which of the following description is correct? (Choose two.)</strong> A) This Firewall VGMP group status is Active B) The virtual IP address of the firewall G1/0/1 interface is 202.30.10.2 C) The priority of the VRRP backup group of the firewall VRID 1 is 100 D) If the master device fails, it will not switch Execute the command on the Firewall and display the above information. Which of the following description is correct? (Choose two.)

A) This Firewall VGMP group status is Active
B) The virtual IP address of the firewall G1/0/1 interface is 202.30.10.2
C) The priority of the VRRP backup group of the firewall VRID 1 is 100
D) If the master device fails, it will not switch
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
25
What are the classification of USG firewall user authentication? (Choose three.)

A) no authentication
B) password authentication
C) single sign-on (sso)
D) the fingerprint authentication
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following addresses can be used for web management address of USG product? (Choose three.)

A) Interface Address
B) Sub-interface address
C) Slave IP address of the interface
D) AUX interface address
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
27
What are the following values can be set as in USG series firewall security level definition from the security zone? (Choose two.)

A) 150
B) 100
C) 80
D) 40
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 27 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree