Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Huawei HCIA-Security H12-711_V4.0 Questions and answers with Dumpstech

Home
Huawei
HCIA-Security
H12-711_V4.0
H12-711_V4.0 Questions and Answers

Exam H12-711_V4.0 Premium Access

View all detail and faqs for the H12-711_V4.0 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 2 out of 5 pages

Viewing questions 11-20 out of questions

Questions # 11:

ARP man-in-the-middle attacks are a type of spoofing attack technique.

Options:

TRUE

FALSE

Answer

Questions # 12:

Which of the following attributes are contained in the distinguished name DN in LDAP?

Options:

DIT

Answer

A, C, D

Explanation

In LDAP, a Distinguished Name or DN is used to uniquely identify an entry in the directory tree. The DN is composed of a sequence of attribute-value pairs that describe the exact location of an object within the LDAP directory hierarchy. Common attributes used in a DN include CN , DC , and OU .

CN stands for Common Name and is often used to identify a specific user, host, or object. OU stands for Organizational Unit and is used to represent a department or subdivision within the directory structure. DC stands for Domain Component and is commonly used to describe parts of a domain name, such as dc=example,dc=com .

On the other hand, DIT stands for Directory Information Tree . It refers to the overall hierarchical structure of the LDAP directory, not an attribute contained inside a DN. In other words, DIT describes the tree itself, while CN, OU, and DC are actual naming attributes used to build the DN of an LDAP object.

Therefore, the correct attributes contained in the DN are CN, DC, and OU .

Questions # 13:

_____ Authentication is to configure user information (including local user's user name, password and various attributes) on the network access server. The advantage is that it is fast.[fill in the blank]*

Options:

Answer

Answer:

local authentication

Questions # 14:

For which of the following parameters can the packet filtering firewall filter?

Options:

Port packet payload

IP address of the port source destination

The MAC address of the source destination

Port number and protocol number of the port source

Answer

B, D

Questions # 15:

The shard cache technology will wait for the arrival of the first shard packet, and then reassemble and decrypt all the packets, and then do subsequent processing by the device to ensure that the session can proceed normally in some application scenarios.

Options:

TRUE

FALSE

Answer

Questions # 16:

Which of the following is not the default security zone of the firewall

Options:

untrust trust

trust zone

dmz zone

isp zone)

Answer

Questions # 17:

What is correct in the following description of Security Alliance in IPSec?

There are two ways to set up an IPSec SA

Options:

manual and IKE.

IPSec SA is uniquely identified by a triple.

IPSec SA is a one-way logical connection, usually established in pairs (Inbound and Outbound).

Security Alliance SA is a communication peer agreement for certain elements that describes how peers can communicate securely using secure services such as encryption.

Answer

A, B, C

Questions # 18:

Please classify the following security defenses into the correct classification.

Question # 18

Options:

Answer

Answer:

Questions # 19:

Which of the following is not an encryption algorithm in a VPN?

Options:

The RIP

AES

3DES

DES

Answer

Questions # 20:

Which of the following statements is incorrect about PKI?

Options:

PKI enables users to verify the validity of access devices, ensuring that users connect to secure and legitimate networks.

PKI prevents attacks initiated by malicious users resending obtained packets.

PKI ensures that data is accessible only to authorized devices and users, protecting data privacy.

PKI protects data against tampering and eavesdropping, ensuring the privacy of data transmitted on the network.

Answer

Explanation

Explanation From HCIA-Security documents:

PKI’s core value is establishing trust through certificates: binding an identity to a public key so devices and users can be authenticated, and secure channels can be built on top of that trust. That is why A is reasonable—certificates can help verify the identity of an access device or server so users connect to a legitimate network service. D is also consistent because protocols that use PKI (such as HTTPS/TLS or certificate-based VPN solutions) provide integrity and confidentiality , which protects against tampering and eavesdropping during transmission. C is broadly aligned in the sense that PKI supports authentication and key establishment, which enables encryption and helps ensure only authorized parties can access protected information, though authorization is typically enforced by policy and access control systems.

B is incorrect because “resending obtained packets” describes a replay attack , and PKI alone does not automatically prevent replay. Replay protection is usually achieved by the security protocol mechanisms (nonces, sequence numbers, timestamps, sliding windows), not by PKI itself.

Viewing page 2 out of 5 pages

Viewing questions 11-20 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).