← Back to exam page

H12-721 HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)

Loading demo links...

Showing 1–3 of 15 questions

Question 1

The IKE first stage main mode negotiation process includes the following information? (Choose three answers)

Select all that apply, then click Submit answer.

  • IKE proposal set

  • IPsec proposal set

  • DH key exchange public information

  • Both sides identity
Question 2

IPsec tunneling is used as a backup connection as shown below:

image009

Which of the following statements are true about the tunnel interface? (Choose two answers)

Select all that apply, then click Submit answer.

  • IPsec security policy should be applied to the tunnel interface

  • Protocol for the Tunnel Interface must be GRE.

  • Tunnel interface needs to be configured on the IP address and the IP address of the gateway. The external network IP address of the outgoing interface must be in the same network segment.

  • Tunnel interfaces can be added to any security zone, provided they have the appropriate inter-domain security policies.
Question 3

An IPsec VPN connection established by two USG firewalls in NAT traversal mode fail to see any information from the “display ike sa” command. Neither session information nor UDP port 500 information is displayed. What are possible reasons for this? (Choose two answers)

Select all that apply, then click Submit answer.

  • public network unreachable.

  • middle device blocking UDP 500 port.

  • middle device blocking UDP 4500 port.

  • middle device blocking ESP packets.