CertBus.com
HC-711-ENU Q&As HCNA Huawei Certified Network Associate - Constructing Basic Security Network (HCNA-CBSN) - ENU Pass Huawei HC-711-ENU Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: http://www.CertBus.com/HC-711-ENU.html 100% Passing Guarantee 100% Money Back Assurance
Following Questions and Answers are all new published by Huawei Official Exam Center
Instant Download After Purchase 100% Money Back Guarantee 365 Days Free Update 80000+ Satisfied Customers
Vendor: Huawei
Exam Code: HC-711-ENU
Exam Name: HCNA Huawei Certified Network Associate - Constructing Basic Security Network (HCNA-CBSN) ENU
Version: Demo
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 1 After using the vpn client user Wang l2tp vpn dial from outside the network normally get the address and found able to access all the resources within the network, but it cannot open the page on the internet, possible reasons for the? A. vpn device software version is incorrect B. vpn client software version is incorrect C. Misconfigured firewall l2tp D. After the dial-in l2tp vpn, default route points to the local computer dial-up access to the address Answer: D Explanation:
QUESTION NO: 2 In tunnel mode, AH security protocol, which of the following new IP packet header fields without data integrity check? A. TTL B. Source IP address C. Destination IP address D. The source IP address and destination IP address Answer: A Explanation:
QUESTION NO: 3 SSL VPN file sharing applications in use need to enter a user name, password, and domain information, in order not to enter a user name and password, you can set the permissions on the file sharing server. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
2
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 4 Which of the following is an IETF industry standard VPN protocols? A. PPTP B. L2F C. L2TP D. PP2F Answer: C Explanation:
QUESTION NO: 5 Difference IPSEC security protocol that AH AH and ESP can achieve data encryption, data validation to support a wider range of ESP? A. True B. False Answer: B Explanation:
QUESTION NO: 6 ASPF makes firewall to support multiple data channels of a control on the channel protocol, but also to facilitate the formulation of policies in various security applications are very complex situation. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
3
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 7 SVN3000 network expansion in the application, the client obtains an IP address in two ways: the virtual gateway address pool and DHCP server within the network. A. True B. False Answer: A Explanation:
QUESTION NO: 8 Network Address Port Translation (NAPT) and Network Address Translation (NAT) what is the difference? (Choose two) A. After NAPT conversion for users outside the network,all packets from the same IP address or IP address of a few B. NAT only supports application layer protocol address translation C. NAPT only supports network layer protocol address translation D. NAT support network layer protocol address translation Answer: A,D Explanation:
QUESTION NO: 9 In the GRE configuration environment, under the Tunnel interface mode, destination address generally refers to? A. The end of the Tunnel interface IP address B. The end of the IP address outside the network outlet C. Peer IP address outside the network entry D. Remote Tunnel Interface IP address Answer: C Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
4
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 10 Which of the following are IPSec security protocol? (Choose two) A. AH B. ESP C. 3DES D. AES Answer: A,B Explanation:
QUESTION NO: 11 SVN3000 file sharing interactive process, the correct order is: 1, file server accepts the request packet, the format of the response SMB packet to SVN; 2, the client user initiates a request inwards network file server HTTPS format, sent to SVN; 3, SVN SMB response packet will be converted to HTTPS format and forwarded to the client; 4, SVN HTTPS requests will be converted to the format of packets SMB packet format and forwarded to the file server. A. 1-2-3-4 B. 2-4-1-3 C. 3-1-4-2 D. 3-1-2-4 Answer: B Explanation:
QUESTION NO: 12 Access control lists which mainly consists of the following scenarios? (Choose three)
A. Network Address Translation (NAT) B. QOS C. Policy Routing D. GRE Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
5
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A,B,C Explanation:
QUESTION NO: 13 Which of the following protocols are GRE VPN technology in the world's most used Internet transport protocol? A. GRE B. IPX C. IP D. TCP Answer: C Explanation:
QUESTION NO: 14 Use one or many- way NAT translation (non- PAT), when all are using the external IP address (using NAT technology to access the Internet application scenarios), the subsequent network users Internet For what will happen? A. Squeezing out the previous user,forcing the NAT Internet B. Subsequent users will not access the network C. NAT PAT automatically switch to the Internet D. The packets are synchronized to other devices for NAT NAT translation Answer: B Explanation:
QUESTION NO: 15 Which of the following is a multi -channel protocol? A. FTP B. Telnet C. HTTP D. SMTP Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
6
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A Explanation:
QUESTION NO: 16 About stateful inspection firewall and packet filtering firewall description is correct. A. Packet filtering firewall is not required for each packet entering the firewall rule matching; B. Because the UDP protocol is connectionless -oriented protocol,so stateful inspection firewall UDP packetscannotmatch state table; C. When stateful inspection firewall to inspect packets,packets of the same before and after the connection is not relevant. D. Stateful inspection firewall only needs to connect to the first packet to match the access rule,which is connected directly to the subsequent packets matching(to TCP applications,for example) in the state table Answer: D Explanation:
QUESTION NO: 17 Firewalls can protect the internal network security in the Internet, but cannot protect the host security in an internal network. A. True B. False Answer: B Explanation:
QUESTION NO: 18 Applied on the interface of the firewall packet filtering, cited acl2000, the source IP address of the IP address 192.168.0.55 to reach the interface, the following statements is correct? (Choose two) acl 2000 match-order auto rule permit source 192.168.0.1 0.0.0.255 Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
7
100% Real Q&As | 100 Real Pass | CertBus.com rule deny source 192.168.0.32 0.0.0.31 A. The IP packet matching allows policy to be forwarded by the firewall B. The IP packet matching refused strategy will be discarded by the firewall C. configured to match the order of priority of use acl2000 D. acl2000 using a depth-first match order Answer: B,D Explanation:
QUESTION NO: 19 SVN file sharing technology is to convert the file sharing protocol to SSL-based Hypertext Transfer Protocol (Https), for end-users feel is a Web-based file server application. A. True B. False Answer: A Explanation:
QUESTION NO: 20 LNS through what information (protocol field) to determine the packet as L2TP packet and sent L2TP protocol processing module for processing? A. LAC client source IP address B. The LNS destination IP address C. Source UDP port 1701 D. UDP port 1701 Answer: D Explanation:
QUESTION NO: 21 When TSM system supports strong linkage anti-virus software, anti-virus software will be able to drive anti-virus and other operations. Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
8
100% Real Q&As | 100 Real Pass | CertBus.com A. True B. False Answer: A Explanation:
QUESTION NO: 22 In these types of scenarios, mobile users need to install additional features (L2TP) for VPDN software? A. Based on user-initiated L2TP VPN B. Based NAS -initiated L2TP VPN C. Initiated based on LNS L2TP VPN D. All other options are Answer: B Explanation:
QUESTION NO: 23 The following are the main features stateful inspection firewall is which? A. Processing speed B. Excellent follow-up packet processing performance C. Only detect the network layer D. Packet filtering detection for each package Answer: B Explanation:
QUESTION NO: 24 When configuring l2tp, for commands allow l2tp virtual-template, statements is correct? A. LNS is used to specify the trigger condition to initiate a call B. LAC is used to specify the trigger condition to initiate a call C. LAC is used to specify the call to accept Virtual-Template used Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
9
100% Real Q&As | 100 Real Pass | CertBus.com D. LNS to accept the call to specify the use of Virtual-Template Answer: D Explanation:
QUESTION NO: 25 AH which can provide the following security features? (Choose three) A. Data origin authentication B. Data Confidentiality C. Data integrity check D. Anti-replay Answer: A,C,D Explanation:
QUESTION NO: 26 Which of the following agreement is a multi- channel protocol? A. WWW B. FTP C. PING D. TELNET Answer: B Explanation:
QUESTION NO: 27 PPPoE is mainly used for which scene? A. Provide remote access users access to Ethernet B. Provide access to remote Ethernet services for dial-up users C. Enables users to access the Internet data packets are encrypted D. To the user can access the Internet faster
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
10
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A Explanation:
QUESTION NO: 28 Following on E1 and CE1, saying right there? (Choose three) A. Can operate in clear channel mode B. E1 work in the non -channel mode are unframed mode C. E1 work in framing mode,only once timeslot bundling D. CE1 work in unframed mode, you can bundle multiple slots Answer: A,C,D Explanation:
QUESTION NO: 29 Packet filtering firewall at the application layer for each packet inspection, forwarding or discarding packets according to the configured security policy: A. True B. False Answer: B Explanation:
QUESTION NO: 30 Interzone packet filtering matching principle is: first find inter-domain Policy, if there is no matching policy, the domain will not find among other strategies, but directly to discard the packet, refused to pass. A. True B. False Answer: B Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
11
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 31 Meaning Trunk Access Port PVID value and significance of the port PVID bit different, in Access represents the value of the default VLAN, but said the port belongs to the VLAN Trunk actually. A. True B. False Answer: B Explanation:
QUESTION NO: 32 Compare similar symmetric encryption algorithms and asymmetric encryption algorithm key distribution method, encryption and decryption are performed by the information sent to the receiver key, the method can be used to send E-mail and other means. A. True B. False Answer: B Explanation:
QUESTION NO: 33 Packet filtering firewall does not check the session state data content analysis, safety cannot be adequately protected. A. True B. False Answer: A Explanation:
QUESTION NO: 34 Asymmetric encryption algorithm strength stronger than symmetric algorithms, asymmetric Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
12
100% Real Q&As | 100 Real Pass | CertBus.com algorithms because the longer the key length. A. True B. False Answer: B Explanation:
QUESTION NO: 35 SVN3000 virtual gateway, which can be accessed using the IP address, and can be accessed using the domain name which of the following types? A. Exclusive type B. Share -based C. Fixed D. Manual type Answer: A Explanation:
QUESTION NO: 36 Stateful inspection firewall intercepts packets at the network layer and application layer extracted from each state information security policies need, and save the session table, through the analysis of these sessions tables and data packets associated with the connection request to make a follow-up appropriate decision. A. True B. False Answer: A Explanation:
QUESTION NO: 37 Which of the following ways L2TP VPN, the tunnel is established between the client and the LNS Client -side? Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
13
100% Real Q&As | 100 Real Pass | CertBus.com A. Client-Initialized L2TP way B. NAS-Initialized L2TP way C. Unsolicited L2TP D. VPDN Answer: A Explanation:
QUESTION NO: 38 VPN for mobile users have access? (Choose two) A. GRE B. L2TP C. MPLS D. L2TP + IPSec Answer: B,D Explanation:
QUESTION NO: 39 USG (Eudemon) firewall nat configuration is as follows: # nat address-group 1 10.1.1.5 10.1.1.10 nat server 1 protocol tcp global 1.1.1.1 ftp inside 10.1.1.2 ftp # nat-policy interzone dmz untrust inbound policy 0 action source-nat policy destination 1.1.1.1 0 address-group 1 #
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
14
100% Real Q&As | 100 Real Pass | CertBus.com The following statement is correct that: A. NAT outbound configuration,network users to access the external network into an address in the address pool 10.1.1.5 10.1.1.10 B. untrust host access nat server 1.1.1.1, destination address into 10.1.1.2, the original address unchanged C. Built- domain nat,DMZ host access nat server 1.1.1.1, destination address into 10.1.1.2, the source address into the address pool 1 D. NAT inbound configuration,untrust host access nat server 1.1.1.1, destination address into 10.1.1.2, the source address into the address pool 1 Answer: D Explanation:
QUESTION NO: 40 Common symmetric encryption algorithms are there? (Choose three) A. DES B. 3DES C. AES D. MD5 Answer: A,B,C Explanation:
QUESTION NO: 41 Address range rule permit ip source 192.168.11.32 0.0.0.31 represents the? A. 192.168.11.0-192.168.11.255 B. 192.168.11.32-192.168.11.63 C. 192.168.11.31-192.168.11.64 D. 192.168.11.32-192.168.11.64 Answer: B Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
15
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 42 The following statement about the NAT address translation Which is correct: (Choose three) A. NAT technology can effectively hide the hosts on the LAN,is an effective network security technology. B. NAT can follow the user’s needs, providing FTP, WWW, Telnet and other services outside the LAN. C. Some application layer protocols carry IP address information in the data,but also to modify the data in the upper IP address information when they make NAT. D. For some non- TCP, UDP protocol(such as ICMP, PPTP), NATcannotdo the conversion. Answer: A,B,C Explanation:
QUESTION NO: 43 When you configure ipsec, ike local-name for the command statement is correct? (Choose two) A. When using aggressive mode,when the name of the authentication,you need to configure the local name B. Use main mode when you need to configure the local name C. The local name must be on the side of the remote-name consistent configuration D. Local name must configure remote-name local consistency Answer: A,C Explanation:
QUESTION NO: 44 SVN3000 following ways in which you can access the user control? (Choose three) A. IP B. MAC C. PORT D. URL Answer: A,C,D Explanation: Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
16
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 45 When the device at both ends of the tunnel is using IPSec non-template approach, ACL need to completely mirror configuration? A. True B. False Answer: A Explanation:
QUESTION NO: 46 The following description of the error on the standard ACL is: A. Standard access control list,also known as basic access control lists. B. Standard access control list including rule number,perform an action and the source IP address. C. Application of standard access control lists typically need only the source address of the packet defined scenes. D. Standard access control list can be controlled protocol type Answer: D Explanation:
QUESTION NO: 47 The following protocol, the data link layer to work with? (Choose three) A. IP B. PPP C. HDLC D. FR Answer: B,C,D Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
17
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 48 Which of the following hardware components SACG primarily for data exchange? A. SM management server B. SC control server C. Agent D. The database server Answer: B Explanation:
QUESTION NO: 49 Which of the following types of Ethernet switch ports, after the data flow out of the port may also carry VLAN identification? (Choose two) A. Access Port B. Trunk port C. Hybrid port D. Switch port Answer: B,C Explanation:
QUESTION NO: 50 SVN3000 network expansion capabilities, the need to implement a remote user can only access the corporate network, you cannot access the local LAN and Internet, the client needs to use routing as follows: A. Full- channel mode (Full Tunnel) B. Separation channel mode (Split Tunnel) C. Routing (route Tunnel) D. Manually (Manual Tunnel) Answer: A Explanation: Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
18
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 51 Source socket means: source IP address + port + source and destination IP address A. True B. False Answer: B Explanation:
QUESTION NO: 52 For inter-domain packet filtering, the following statements is correct? (Choose three) A. policy 1 disable command to disable policy 1 B. By default,Policy to create higher the priority,the more the first match C. By policy move command to adjust the position of the policy,policy id will change accordingly D. Once matched to a Policy, in accordance with the Policy on the definition of processing packets no longer continue to match directly down Answer: A,B,D Explanation:
QUESTION NO: 53 When a router receives a packet, if no match is found, the specific route entry, the default routing table can be forwarded. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
19
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 54 Source address, destination address, protocol type, IP bearer senior ACL2000 ~ 2999 can use the packet (such as TCP source port, destination port, ICMP protocol type, message code, etc.) defined rules. A. True B. False Answer: B Explanation:
QUESTION NO: 55 In the inter- domain packet filtering firewall, the following is not a direction (Outbound)? A. Data from the DMZ zone to the Untrust zone flow B. Data from the Trust zone to the DMZ zone flow C. Data from the Trust zone to the Untrust zone flow D. Data from the Trust zone to the Local area streams Answer: D Explanation:
QUESTION NO: 56 View l2tp command -line user information? A. display l2tp session B. display l2tp tunnel C. display access-user D. display right-manager online-users Answer: C Explanation:
QUESTION NO: 57
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
20
100% Real Q&As | 100 Real Pass | CertBus.com Here on Client-Initialized the L2TP VPN, right there saying? (Choose three) A. L2TP tunnel connection request initiated remote users via PSTN / ISDN access to NAS, to get permission to access the Internet directly to the remote LNS. B. L2TP LNS device receives user connection requests,based on the user name and password to authenticate the user C. LNS assigns a private IP address for the remote user. D. VPN remote dial-up users do not need to install software Answer: A,B,C Explanation:
QUESTION NO: 58 Which of the following products can be achieved on NAT audit log management? A. TSM B. DSM C. eLog D. VSM Answer: C Explanation:
QUESTION NO: 59 Note that when the Clear to clear ISAKMP SA SA Stage 1, and then remove IPSEC SA Phase 2. A. True B. False Answer: B Explanation:
QUESTION NO: 60 Which of the following components are optional TSM system?
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
21
100% Real Q&As | 100 Real Pass | CertBus.com A. TMC (TSM Management Center) B. SM Security Manager C. SC safety controller D. SA Security Agent Answer: A Explanation:
QUESTION NO: 61 Under the same conditions for an encryption algorithm, key lengths longer need to crack the higher the cost. A. True B. False Answer: A Explanation:
QUESTION NO: 62 IPSec if want to do a new IP packet header validation, you need to use what IPSec security protocol? A. AH B. ESP C. MD5 D. SHA1 Answer: A Explanation:
QUESTION NO: 63 Digital certificates do not include which of the following section? A. Name of the certificate holder B. The certificate is valid Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
22
100% Real Q&As | 100 Real Pass | CertBus.com C. Public key certificate D. Certificate private key Answer: D Explanation:
QUESTION NO: 64 Network extensions that do not support the following access modes: A. Separation mode (Split Tunnel) B. Full routing mode (Full Tunnel) C. Fixed Mode (Fixed Tunnel) D. Manual mode (Manual Tunnel) Answer: C Explanation:
QUESTION NO: 65 Which of the following three types of VPN more assurance in terms of security? A. GRE B. PPTP C. IPSec D. L2F Answer: C Explanation:
QUESTION NO: 66 IP-link which is mainly used in the following scenarios? (Choose two) A. Link Aggregation B. Static Routing C. Hot Standby D. Long connection Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
23
100% Real Q&As | 100 Real Pass | CertBus.com Answer: B,C Explanation:
QUESTION NO: 67 About ASPF the following statements is correct? (Choose two) A. ASPF checking application layer protocol application layer protocol information and monitor the connection status B. ASPF by dynamically generating ACL to determine whether the packet through the firewall C. Servermap table is a temporary table entry D. Servermap table with the five-tuple to represent a conversation Answer: A,C Explanation:
QUESTION NO: 68 No matter under what circumstances? 2 packets between interfaces must flow through the firewall interzone packet filtering? A. True B. False Answer: B Explanation:
QUESTION NO: 69 For E1/CE1 configuration (1, 2 configure virtual serial port IP address, configure virtual serial link layer protocol 3, 4 E1 configuration mode, configure timeslot bundling), correct configuration sequence is: A. 1-2-3-4 B. 2-1-3-4 C. 3-4-2-1 D. 4-3-2-1
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
24
100% Real Q&As | 100 Real Pass | CertBus.com Answer: C Explanation:
QUESTION NO: 70 In network security, interruption means an attacker to compromise a network system resources, making it become invalid or useless. This is () attack? A. Availability B. Confidentiality C. Integrity D. Truth Answer: A Explanation:
QUESTION NO: 71 Which of the following types of VPN adapt to mission personnel? A. Access VPN B. Intranet VPN C. Internet VPN D. Extranet VPN Answer: A Explanation:
QUESTION NO: 72 About NAT argument error are: (Choose two) A. NAT Outbound refers to the source IP address conversion,NAT Inbound refers to the destination IP address conversion B. NAT Inbound NAT Server commands and command consistent feature configuration can be selected according to personal preference C. Outbound direction NAT supports the following applications: one -many,many-toD. NAT technology to support multi-channel protocols, such as FTP and other standard multiContact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
25
100% Real Q&As | 100 Real Pass | CertBus.com channel protocol Answer: A,B Explanation:
QUESTION NO: 73 In the system view, execute the command reset saved-configuration, the configuration file will be erased. A. True B. False Answer: B Explanation:
QUESTION NO: 74 In IPSEC VPN, the tunnel mode is mainly used in which of the following scenarios? A. Between the host and the host B. Between the host and the security gateway C. Between security gateways D. Between tunnel mode and transport mode Answer: C Explanation:
QUESTION NO: 75 ACL 2009 belonging to () A. Standard access control list B. Extended access control lists C. MAC address -based access control lists D. Time -based access control lists Answer: A Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
26
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 76 TSM system which consists of the following regions? (Choose three) A. Pre-authentication domain B. After authentication domain C. Isolated domain D. TSM domain Answer: A,B,C Explanation:
QUESTION NO: 77 Between the Client and the LAC protocol by which to communicate? (Choose two) A. PPP B. PPPOE C. IP D. UDP Answer: A,B Explanation:
QUESTION NO: 78 In some scenarios, it is necessary to convert the source IP address, destination IP address but also for the conversion, is called bidirectional NAT. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
27
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 79 Which of the following devices will not be affected "Monitoring USB storage device " policy control? A. USB mouse B. U disk C. USB drive D. USB hard drives Answer: A Explanation:
QUESTION NO: 80 Execution acl 3000 match-order auto configured, the data flow will match what way the ACL? A. Matching automatically sorted according tothe "depth-first" principle to match. B. Match the order configured.That is according to the order the user to configure the ACL match. C. Press the automatic sorting match,then match the order configured. D. The firewall is not configured Answer: A Explanation:
QUESTION NO: 81 GRE Tunnel ends of the device if configured to identify keyword, keyword identification must be consistent in order to pass validation. A. True B. False Answer: A Explanation:
QUESTION NO: 82
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
28
100% Real Q&As | 100 Real Pass | CertBus.com In the firewall, detect ftp command configuration in which mode? A. System Mode B. Interface Mode C. Domain mode D. Inter-domain model Answer: D Explanation:
QUESTION NO: 83 Tunnel interface (Tunnel Interface) is a virtual interface to achieve multipoint type of packet encapsulation provided. A. True B. False Answer: B Explanation:
QUESTION NO: 84 SVN3000 product extensions supported by the network access methods, including what? (Choose three) A. Full- channel mode (Full Tunnel) B. Separation channel mode (Split Tunnel) C. Routing (route Tunnel) D. Manually (Manual Tunnel) Answer: A,B,D Explanation:
QUESTION NO: 85 About L2TP message, saying the error is:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
29
100% Real Q&As | 100 Real Pass | CertBus.com A. L2TP supports two types of messages : control messages and data messages B. Control messages for tunnel and session connection establishment, maintenance,and transmission control. C. Data messages are used to encapsulate PPP frames and transmitted over the tunnel. D. Control messages and data messages are transmitted reliably provide flow control and congestion control. Answer: D Explanation:
QUESTION NO: 86 When a data frame into the switch port VLAN Access will check whether the data frame with VLAN tag tag tag tag if carry, then discarded; If no tag tag, be marked PVID of the port. A. True B. False Answer: A Explanation:
QUESTION NO: 87 About GRE checksum verification techniques, when the end of the configuration checksum while the client does not check and when configured correctly described below have () (Choose two) A. The end of paper checks and verification of a received message B. Peer checks the received packet checksum C. The end of the checksum is calculated and sent packets D. For end-to- send packets to calculate the checksum Answer: B,C Explanation:
QUESTION NO: 88 Private business network address cannot be on the road in the internet, if the user needs to access the private network address internet, need to go through the NAT. Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
30
100% Real Q&As | 100 Real Pass | CertBus.com A. True B. False Answer: A Explanation:
QUESTION NO: 89 Security Alliance (SA) is composed of tuples which uniquely identify? (Choose three) A. SPI B. Source IP address C. Destination IP address D. Security Protocol No. Answer: A,C,D Explanation:
QUESTION NO: 90 Matching advanced ACL, you can dimension source IP address, destination IP address, source MAC address, destination MAC address, protocol traffic to match. A. True B. False Answer: B Explanation:
QUESTION NO: 91 Following on TSM deployments statement is correct? (Choose three) A. Centralized deployment of SM and SCcannotbe installed on the same server B. SC centralized deployment can be madeinto a cluster approach to achieve system redundancy C. The size of the terminal is quite large, consider using a distributed network,to avoid a large number of terminal access TSM server,take up a lot of network bandwidth D. When distributed deployment,TSM security agents to select the nearest control server,access Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
31
100% Real Q&As | 100 Real Pass | CertBus.com authentication and access control,and other business. Answer: B,C,D Explanation:
QUESTION NO: 92 LAC is a device with PPP and L2TP protocol processing capabilities. A. True B. False Answer: A Explanation:
QUESTION NO: 93 Which of the following IKE exchange mode IP address can be used to identify or by Name manner peer? A. Master Mode B. Aggressive Mode C. Fast mode D. Passive mode Answer: B Explanation:
QUESTION NO: 94 When configuring l2tp, the command start l2tp {ip ip-address, statement is correct? (Choose three) A. LNS is used to specify the trigger condition to initiate a call B. LAC is used to specify the trigger condition to initiate a call C. You can specify the domain name as a trigger condition D. You can specify the full name as a trigger condition Answer: B,C,D Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
32
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 95 Firewall access control lists default settings steps A. 1 B. 3 C. 5 D. 10 Answer: C Explanation:
QUESTION NO: 96 Which of the following techniques can be implemented to refuse illegal host or illegal data packets? (Choose three) A. MAC and IP address binding B. ACL C. Blacklist D. Static Routing Answer: A,B,C Explanation:
QUESTION NO: 97 For VPN Client users, you can use the following way to the LAC device which initiated the request? (Choose two) A. PPP B. PPPOE C. IP D. TCP Answer: A,B Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
33
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 98 GRE is a technology by which of the following protected data stream that is selected packets are encapsulated into GRE packets? A. ACL B. Static Routing C. Routing Policy D. User Account Answer: B Explanation:
QUESTION NO: 99 IKE main mode and aggressive mode are the main differences? (Choose two) A. Exchange messages using the three main mode packet mode uses six brutal message B. Finally, there are two main mode message encryption, identity protection C. Finally, there are two messages savage mode encryption, identity protection D. Master mode only way to identify the IP address of the peer,and barbarous mode can be used to identify the IP address or name of the peer manner. Answer: B,D Explanation:
QUESTION NO: 100 In tunnel mode IPSec applications in which data packets following areas protected by encryption? (Choose two) A. The entire data packet B. Original IP header C. The new IP header D. Transport layer and upper layer packets
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
34
100% Real Q&As | 100 Real Pass | CertBus.com Answer: B,D Explanation:
QUESTION NO: 101 The following types of interfaces can handle PPP protocol packets? A. interface Virtual-Template 1 B. interface Ethernet 0/0(within the network) C. interface Ethernet 0/0(external network) D. interface loopback 1 Answer: A Explanation:
QUESTION NO: 102 For stateful inspection firewall, if not the first TCP packet package will not be interzone packet filtering checks. A. True B. False Answer: A Explanation:
QUESTION NO: 103 Single TSM server system supports a maximum concurrent users. A. 5000 B. 10000 C. 20000 D. 40000 Answer: C Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
35
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 104 Which of the following IKE exchange mode can only use IP addresses to identify peer manner? A. Master Mode B. Aggressive Mode C. Fast mode D. Passive mode Answer: A Explanation:
QUESTION NO: 105 The following agreements, in the application layer have? (Choose two) A. ARP B. IGMP C. TELNET D. TFTP Answer: C,D Explanation:
QUESTION NO: 106 After the LAC configure the Ethernet interface to bind the virtual template interface, Ethernet interface may configure the IP address. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
36
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 107 For the firewall that comes trust and untrust security zone statement right there? (Choose two) A. Untrust zone access area from the trust direction outboud direction B. Untrust zone access area from the trust direction inboud direction C. Follow the direction of inter-domain access does not matter which area initiated only associated with priority D. When entering the inter-domain view,the trust must be placed in front of the area Answer: A,C Explanation:
QUESTION NO: 108 Following the agreement, the work at the network layer have? (Choose two) A. ICMP B. IGMP C. FTP D. TELNET Answer: A,B Explanation:
QUESTION NO: 109 Packet forwarding based routing table information, which of the following information will then be routed to match forwards? A. Mask length of the longest route entry B. Cost routing C. Route priority D. Routing Protocol Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
37
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 110 After a successful L2TP user authentication, IP address obtained is wrong to say : A. User address allocation has been assigned an IP address bound and dynamically assigned IP addresses from the address pool in two ways B. L2TP user-assigned IP address can be any address C. L2TP user-assigned IP address and the address of the network to be accessed in the same network segment D. Address assignment plan well in advance to avoid address conflicts exist Answer: B Explanation:
QUESTION NO: 111 Which of the following statements is correct? A. Ability to International Organization for Standardization definition of " security" is a way to identify and mitigate insecurity B. Security is to find a balance between confidentiality and integrity C. A high level of security technologies and policies can make the device or network without any risk D. Information security is a subset of network security is a comprehensive and continuous technology Answer: A Explanation:
QUESTION NO: 112 About L2TP VPN configuration statement is correct: (Choose three) A. The LNS L2TP client must configure the IP address of the virtual interface template,and the virtual interface template need to join the security domain B. Firewall policies in order to ensure the normal dial-up users log on,you must configure the firewall to receive L2TP tunnel packets security zone where the physical interface between the regions and the Local C. Dial-up users need access to internal network resources, you must configure the firewall policy template region corresponding virtual interface and internal security network located between areas where security Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
38
100% Real Q&As | 100 Real Pass | CertBus.com D. If a virtual template interface is added to a safe area,you can directly delete the security zone. Answer: A,B,C Explanation:
QUESTION NO: 113 Users log in via TELNET device, because many times forgotten password login authentication fails, resulting in the account is frozen for several minutes, what is the role of technology? A. ACL B. Attack prevention C. Blacklist D. Account frozen Answer: C Explanation:
QUESTION NO: 114 GRE’s features include: (Choose three) A. Simple mechanism B. CPU load on both ends of the small tunnel C. Encrypt data D. Does not provide traffic control and QoS. Answer: A,B,D Explanation:
QUESTION NO: 115 When configuring L2TP group, which of the following commands can be described l2tp-group 1 is the default L2TP group? A. allow l2tp virtual-template 1 remote Client01 B. allow l2tp virtual-template 1 remote default C. allow l2tp virtual-template 1 Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
39
100% Real Q&As | 100 Real Pass | CertBus.com D. allow l2tp virtual-template 1 default Answer: C Explanation:
QUESTION NO: 116 TSM system support and Duba Online version 5.0, KV2010 Jiangmin and Rising Online antivirus software, such as the strong linkage. A. True B. False Answer: B Explanation:
QUESTION NO: 117 The following area is not correct about TSM is? A. Pre-authentication domain is the area by the client before authentication can be accessed B. After authentication domain is the area the client can access through the security certification C. Isolated domain refers to the area by the client access authentication must D. Isolated domain is required for access to the area when the client security authentication failure Answer: C Explanation:
QUESTION NO: 118 TSM supports access control which of the following? (Choose three) A. Hardware SACG(Hardware Security Access Control Gateway) B. 802.1X C. Software SACG(host firewall) D. ARP control Answer: A,B,C Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
40
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 119 eLog log management system products using the B / S architecture supports centralized, distributed deployment, diverse log acquisition mode, provides the industry's most extensive device support. A. True B. False Answer: A Explanation:
QUESTION NO: 120 Proxy Firewall role in the transport layer of the network, its essence is the business directly between the internal network and external network users by the proxy firewall takes over. A. True B. False Answer: B Explanation:
QUESTION NO: 121 The following information about the different types of firewalls correct to say there? (Choose three) A. Packet filtering firewall for each packet through the firewall,should be carried out to check ACL match B. Stateful inspection firewall does not hit only the first session packets matching ACL checks C. Stateful inspection firewall needs to be configured packet " go " and "back" in both directions ACL D. Proxy Firewall is the essence of the business directly between the internal network and external network users to take over Answer: A,B,D Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
41
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 122 Priority DMZ area is how much? A. 5 B. 50 C. 85 D. 100 Answer: B Explanation:
QUESTION NO: 123 The following are symmetric encryption algorithm is: (Choose two) A. DES B. 3DES C. SHA-1 D. MD5 Answer: A,B Explanation:
QUESTION NO: 124 SVN can be achieved only allows users to access remote enterprise network cannot access the Internet and local area networks. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
42
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 125 Encryption technology which of the following elements? (Choose three) A. Tunneling algorithm B. Key C. Ciphertext D. Encryption Algorithm Answer: B,C,D Explanation:
QUESTION NO: 126 About the VLAN tag processing, the following description of the error is? A. When Trunk port receives a frame,if the frame does not contain 802.1Q tag header, will be marked with PVID port; If the frame contains the 802.1Q tag header, no change. B. When Trunk port to send the frame,when the port’s PVID VLAN ID of the frame is not the same,discarded; When PVID VLAN ID and port with the same time frame,the pass-through C. When Access port receives a frame,if the frame does not contain 802.1Q tag header, will be marked with PVID port; If the frame contains the 802.1Q tag header, the switch does not deal with them directly discarded. D. When Access port to send frames,stripping 802.1Q tag header, frame issued ordinary Ethernet frames Answer: B Explanation:
QUESTION NO: 127 About domain NAT statement is correct (Note: the internal network IP address is a private address, the IP address of the network boundary public address) (Choose two) A. First NAT within the user's source IP address of the request packet into the network server IP address B. Will request packets based on source and destination IP address conversion C. The request packet destination IP address into the IP address of the network server D. After the data within the network server will receive a packet processing, packet destination IP address back to convert that into a public IP address(the IP address of the network boundary) Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
43
100% Real Q&As | 100 Real Pass | CertBus.com Answer: B,C Explanation:
QUESTION NO: 128 Hardware packet filtering ACL number ranges? A. 2000-2999 B. 3000-3999 C. 4000-4999 D. 9000-9499 Answer: D Explanation:
QUESTION NO: 129 Proxy firewall to check request from the user, the user checks the security policy through the firewall on behalf of external users to establish a connection to the real server, forwarding an external user request, and returns a response back to the real server to the external user. A. True B. False Answer: A Explanation:
QUESTION NO: 130 GRE VPN itself does not have to provide data integrity verification and confidentiality of transmission capacity. A. True B. False Answer: A Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
44
100% Real Q&As | 100 Real Pass | CertBus.com
QUESTION NO: 131 If the main mode IKE negotiation mode, you can only configure the IP address in the form of ID type. If aggressive mode negotiation mode, you can only configure the ID type the name of the form. A. True B. False Answer: B Explanation:
QUESTION NO: 132 Outbound NAT configuration based on the direction, in the case of no-pat configuration commands, the following description of what is wrong? (Choose three) A. Conducted only source IP address translation B. Conducted only destination IP address translation C. The source IP address and source port translation D. Be the destination IP address and destination port translation Answer: B,C,D Explanation:
QUESTION NO: 133 VPN tunneling technology is to achieve data encryption algorithm (such as DES, 3DES) transmission in the network will not be intercepted. A. True B. False Answer: B Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
45
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 134 The following does not belong to the IP packet quintuple is () A. Source IP address B. Destination MAC address C. Agreement No. D. Source port Answer: B Explanation:
QUESTION NO: 135 Firewall supports three main VPDN VPN, namely, L2TP, PPTP, IPSec: A. True B. False Answer: B Explanation:
QUESTION NO: 136 SVN3000 port proxy function is mainly used for C / S and other techniques cannot be used to access web applications. A. True B. False Answer: A Explanation:
QUESTION NO: 137 In order to ensure the normal remote L2TP dial-up users to access the corporate network, the user is required to assign an IP address within the enterprise network services and resources to be Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
46
100% Real Q&As | 100 Real Pass | CertBus.com accessed not on the same network segment (without considering the ARP Proxy technology). A. True B. False Answer: A Explanation:
QUESTION NO: 138 When the port is configured to allow certain vlan trunk through, trunk belongs to these vlan. A. True B. False Answer: A Explanation:
QUESTION NO: 139 In some scenarios, it is necessary to convert the source IP address, destination IP address but also for the conversion, is called bidirectional NAT. A. True B. False Answer: A Explanation:
QUESTION NO: 140 Under IPSec in tunnel mode, ESP on which field do validation? A. Original IP packet header B. The new IP packet header C. TCP packet header D. Application layer data Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
47
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A Explanation:
QUESTION NO: 141 SVN3000 network expansion feature is the use of technology for which the following business resource access control? A. Static Routing B. Dynamic Routing C. ACL D. Policy Routing Answer: A Explanation:
QUESTION NO: 142 SVN3000 virtual gateway, domain names can only be accessed using a virtual gateway is which of the following types? A. Exclusive type B. Share -based C. Fixed D. Manual type Answer: B Explanation:
QUESTION NO: 143 LAC is to achieve the established L2TP VPN tunnel by what means? (Choose two) A. User Account B. Domain name C. ACL D. Routing Table
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
48
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A,B Explanation:
QUESTION NO: 144 In the configuration time for ACL, they can specify the name of the binding period, while in the same time period name, you can configure multiple time periods, these time periods are () relationship. A. "Or" B. "And" C. "XOR" D. " With or" Answer: A Explanation:
QUESTION NO: 145 Servermap used in the table which follows? A. Quintuple B. Quad C. Triples D. Tuple Answer: C Explanation:
QUESTION NO: 146 To make the trip within the enterprise mobile users can access the file server, which can use the following functions to achieve optimal SSL VPN? A. Web Proxy B. File Sharing C. Port Forwarding D. Network expansion Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
49
100% Real Q&As | 100 Real Pass | CertBus.com Answer: B Explanation:
QUESTION NO: 147 L2TP supports the following protocols that load data. A. IP B. IPX C. NetBEUI D. More support Answer: D Explanation:
QUESTION NO: 148 Firewall trust untrust domain client wants to access the ftp server services, has allowed clients to access the server tcp 21 port, but only log in to the server, but cannot download the file, the following solutions are possible: (Choose three) A. Untrust domain repair the trust between the two-way access policy to allow default B. FTP works when port mode,modify untrust trust between domains inbound direction to permit the default access policy C. Enable detect ftp between trust untrust domain configuration D. FTP works when passive mode,modify untrust trust between domains inbound direction to permit the default access policy Answer: A,B,C Explanation:
QUESTION NO: 149 To support dynamic routing protocols, IP addresses Tunnel interfaces at both ends must be configured in the same segment. A. True B. False Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
50
100% Real Q&As | 100 Real Pass | CertBus.com Answer: A Explanation:
QUESTION NO: 150 What are the main features Secospace DSM product? (Choose three) A. Encrypt the document management B. Document Actions behavior records of employees, providing audit logs C. Control employee access to documents D. The document archive management,in order to prevent loss of documents Answer: A,B,C Explanation:
QUESTION NO: 151 USG (Eudemon) supports NAT firewall features include: (Choose three) A. NAT outbound B. NAT server C. NAT Traversal D. NAT Inbound Answer: A,B,D Explanation:
QUESTION NO: 152 Stateful inspection firewall subsequent packets (non- first packet) forwarding mainly based on which of the following? A. route table B. MAC address C. session table D. FIB table Answer: C Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
51
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 153 FTP protocol port numbers may be used there? (Choose two) A. 23 B. 21 C. 20 D. 25 Answer: B,C Explanation:
QUESTION NO: 154 SVN3000 network expansion capabilities, the need to implement remote users can access the corporate network and local area network, you cannot access the Internet, the client needs to use routing as follows: A. Full- channel mode (Full Tunnel) B. Separation channel mode (Split Tunnel) C. Routing (route Tunnel) D. Manually (Manual Tunnel) Answer: B Explanation:
QUESTION NO: 155 Which of the following does not support GRE technology? (Choose two) A. Tunneling B. Encryption and decryption technology C. Key management technology D. End checksum Answer: B,C Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
52
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 156 For command tunnel name, statement is correct? (Choose two) A. Is used to specify the name of the end of the tunnel B. Is used to specify the name of the end of the tunnel C. Must be consistent on the side of the tunnel name configured D. If you do not configure the tunnel name, the tunnel name is the name of the local system Answer: A,D Explanation:
QUESTION NO: 157 Check the NAT session command? A. display nat translation B. display firewall session table C. display current nat D. display firewall nat translation Answer: B Explanation:
QUESTION NO: 158 When you configure the security level of firewall security zone, the principles to be followed arE. (Choose three) A. New security zone,the security level is not set before it,the system requirements of its security level to 100 B. Can set the security level for the custom security zones C. Once you set the security level is not allowed to change D. The same system,two security zones do not allow the same level of security configuration Answer: B,C,D Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
53
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 159 As a general L2TP Layer 2 VPN technology to support packet encryption. A. True B. False Answer: B Explanation:
QUESTION NO: 160 Bidirectional NAT usage scenarios include: (Choose two) A. Common use of NAT outbound and NAT inbound B. NAT outbound and common use of NAT server C. NAT Inbound and NAT Server used together D. Domain used in conjunction with NAT and NAT Server Answer: C,D Explanation:
QUESTION NO: 161 SSL protocol by which elements to accomplish? (Choose three) A. Handshake protocol B. Record Protocol C. Warning agreement D. Heartbeat Protocol Answer: A,B,C Explanation:
Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
54
100% Real Q&As | 100 Real Pass | CertBus.com QUESTION NO: 162 GRE VPN technology itself can provide which of the following techniques? A. Tunneling B. Encryption and decryption technology C. Flow control and QoS D. Key Management Answer: A Explanation:
QUESTION NO: 163 L2TP technology, LAC client uses port number _____ _____ protocol encapsulated packets. A. TCP 51 B. UDP 51 C. UDP 1701 D. TCP 1701 Answer: C Explanation:
QUESTION NO: 164 You can connect to a specific length of TCP, UDP data streams to set long aging time, ensure that the session information for a long time not to be aging. A. True B. False Answer: B Explanation:
QUESTION NO: 165 When you configure ipsec vpn, for the sa duration command statement is correct? (Choose two) Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
55
100% Real Q&As | 100 Real Pass | CertBus.com A. Is used to configure sa lifetime B. Can be configured based on the flow and cycle time based on survival C. After configuring the life cycle,and for the use of ike sa created manually take effect D. For IKE sa way to build both ends,the configuration must be consistent sa lifetime Answer: A,B Explanation:
QUESTION NO: 166 You cannot add any interface to the firewall Local security zone, the firewall interface itself belongs to the Local security zone. A. True B. False Answer: A Explanation:
QUESTION NO: 167 When configuring ACL need to use anti- mask, elected the following statements are true about the anti-mask option. A. Take anti- mask bit 0,which means that the network needs to match the corresponding bit comparison B. Take anti- mask bit 1,which means that the network needs to match the corresponding bit comparison C. Not all anti- mask value of 0 D. Not all anti- mask value of 1 Answer: A Explanation:
QUESTION NO: 168 There is VPN Client -side, LAC, LNS and other three components of the application scenario, which of the following components used between the L2TP TUNNEL? (Choose two) Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
56
100% Real Q&As | 100 Real Pass | CertBus.com A. Between the VPN Client and LAC B. Between the VPN Client and LNS C. Between LAC and LNS D. All other options are correct Answer: B,C Explanation:
QUESTION NO: 169 MAC address -based ACL application, which of the following description is correct? A. Can only be a source MAC address filtering B. Can only be a source MAC address and destination MAC address filtering C. Only data link layer protocol type, source MAC address and destination MAC address filtering D. Only network layer protocol type, source MAC address and destination MAC address filtering Answer: C Explanation:
QUESTION NO: 170 VPDN tunneling protocols include: (Choose three) A. L2TP B. GRE C. PPTP D. L2F Answer: A,C,D Explanation:
QUESTION NO: 171 Which of the following configuration command parameter is not consistent with the actual scenario or technology implementations? A. ah authentication-algorithm md5 Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
57
100% Real Q&As | 100 Real Pass | CertBus.com B. ah encryption-algorithm des C. esp authentication-algorithm md5 D. esp encryption-algorithm des Answer: B Explanation:
QUESTION NO: 172 In the transmission mode IPSec applications, the following data packets which area may be subject to encryption security? A. The network layer and the upper layer packets B. Original IP packet header C. The new IP packet header D. Transport layer and upper layer packets Answer: D Explanation:
QUESTION NO: 173 In tunnel mode and ESP, which of the following regional information is expressly transfusion? A. The new IP packet header B. Original IP packet header C. Transport layer header D. Application layer packet header Answer: A Explanation:
QUESTION NO: 174 In the inter-domain packet filtering, and firewall into the direction of data flow (Inbound) refers to the direction of data from high to low security zones security zone transfer. A. True Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
58
100% Real Q&As | 100 Real Pass | CertBus.com B. False Answer: B Explanation:
QUESTION NO: 175 IPSEC WEB configuration wizard which does not support the following scenarios? A. Gateway to Gateway B. Gateway Center C. Branch Gateway D. Host and Host Answer: D Explanation:
QUESTION NO: 176 Which of the following addresses can be used to manage the SVN web address? (Choose three) A. Interface address B. Sub- interface address C. Sub- IP address of the interface D. loopback address Answer: A,B,C Explanation:
QUESTION NO: 177 After the firewall interface is added to a security zone, the interface will no longer belong to the Local area A. True B. False Answer: B Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
59
100% Real Q&As | 100 Real Pass | CertBus.com Explanation:
QUESTION NO: 178 For firewall security zone statement is correct? A. Different firewall security zones,priority can be the same B. Firewall with an interface can belong to different security zones C. Different interfaces of the firewall may belong to the same security zone D. Built-in firewall security zones can be deleted Answer: C Explanation:
QUESTION NO: 179 Which of the following IPSec security protocol provides encryption? A. AH B. ESP C. SA D. IKE Answer: B Explanation:
QUESTION NO: 180 Before SVN3000 configure Web proxy basic functions, you need those data for the following: (Choose two) A. Name of Web resources B. URL address of the Web resources C. Account Information Web Resources D. All other options are not right Answer: A,B Explanation: Contact Us: www.CertBus.com Get Success in Passing Your Certification Exam at first attempt
60
Why Select/Choose CertBus.com? Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material. • 7000+ Real Questions and Answers • 6000+ Free demo downloads available • 50+ Preparation Labs • 20+ Representatives Providing 24/7 Support
To Read the Whole Q&As, please purchase the Complete Version from Our website.
Trying our product ! ★ 100% Guaranteed Success ★ 100% Money Back Guarantee ★ 365 Days Free Update ★ Instant Download After Purchase ★ 24x7 Customer Support ★ Average 99.9% Success Rate ★ More than 69,000 Satisfied Customers Worldwide ★ Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle
Need Help Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket:
Guarantee & Policy | Privacy & Policy | Terms & Conditions Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners. Copyright © 2004-2015, All Rights Reserved.
