H12-711 Online Practice Questions and Answers

How to see the number of matches the ACL()

A. display current-configuration

B. display ACL all

C. display startup saved-configuration

D. display device

Security Alliance (SA) is the basis of IPSec is agreement between the communicating peers on certain safety elements.

A. True

B. False

Which of the following applications are dynamic port TCP applications?

A. SSH

B. FTP

C. Http

D. Telnet

When the port is configured to allow certain vlan trunk through,trunk belongs to these vlan.

A. True

B. False

Seen through the display ike sa result follows statements is correct?(Choose two) current ike sa number: 1 connection-id peer vpn flag phase doi 0x1f1 2.2.2.1 0 RD | ST v1: 1 IPSEC 0x60436dc4 flag meaning RD - READY ST - STAYALIVE RL - REPLACED FD - FADING TO - TIMEOUT

A. The first phase has been successfully established ike sa

B. The second phase has been successfully established ipsec sa

C. ike using version V1

D. ike using version V2

Difference IPSEC security protocol that AH AH and ESP can achieve data encryption,data validation to support a wider range of ESP?

A. True

B. False

AH which can provide the following security features?(Choose three)

A. Data origin authentication

B. Data Confidentiality

C. Data integrity check

D. Anti-replay

VPN for mobile users have access?(Choose two)

A. GRE

B. L2TP

C. MPLS

D. L2TP + IPSec

In the inter- domain packet filtering firewall,the following is not a direction (Outbound)?

A. Data from the DMZ zone to the Untrust zone flow

B. Data from the Trust zone to the DMZ zone flow

C. Data from the Trust zone to the Untrust zone flow

D. Data from the Trust zone to the Local area streams

For stateful inspection firewall,if not the first TCP packet package will not be interzone packet filtering checks.

A. True

B. False