
2022年最新の100%試験高合格率H12-723-ENU問題集PDF
合格させる試験完全版H12-723-ENU問題集200解答
質問 120
After opening IP strategy, found part of the business fails, what are the possible reasons? (Choose 2 answers)
- A. message through the firewall only one direction
- B. the same message repeatedly through the firewall
- C. IP omission
- D. heavy traffic cause Bypass features enabled
正解: A,B
質問 121
Which of the following are the correct of security domains in Agile Controller-Campus? (Multiple choices)
- A. The network domain is the security protection area most concerned by all kinds of enterprises, and it carries the important and core information assets of the enterprise.
- B. The user domain is generally composed of various types of terminal users. The terminal in this area has features such as large quantity, wide distribution and strong flow.
- C. The service domain is a platform for service traffic bearing. It use security technology to logically divide the business according to the enterprise's needs, so as to achieve the security of the network.
- D. A service domain is an area that provides security services for intranets of enterprises. This area is generally composed of systems that provide security services such as anti-virus servers, patch management servers and terminal security servers.
正解: B,D
質問 122
Regarding the application scenarios of Agile Controller-Campus centralized deployment and distributed deployment, which of the following options are correct? (Multiple select)
- A. If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.
- B. If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.
- C. If end users are scattered in different regions, a centralized deployment solution is recommended.
- D. If end users are scattered in different geographical locations, a distributed deployment solution is recommended.
正解: A,D
質問 123
Guest management is important feature of Agile Controller-Campus. Which of the following statements is correct regarding visitor management?
- A. Administrators can assign different permissions to each visitor
- B. The reception staff can't create guest account
- C. Violation of guest accounts, administrators can't trace
- D. Visitors can use the mobile number to quickly register an account
正解: A,D
質問 124
MAC Bypass authentication means that after the terminal is connected to the network, the access control device automatically obtains the terminal MAC Address, which is sent to RADIUS The server performs euverification.
- A. wrong
- B. right
正解: A
質問 125
Agile controller-Campus system can manage the software installed on the terminal, define the black and white list, and assist the terminal to install the necessary software and uninstall the software that is not allowed to be installed by linking with the access control device. The definition of the black and white list, which is correct?
- A. Check for prohibited install software and software that must be installed
- B. Check for prohibited install software
- C. Check for prohibited install software and allowed install software
- D. Check the software that must be installed
正解: A
質問 126
Wired 802.1X During authentication, if the access control equipment is deployed at the Jiangju layer, this deployment method has the characteristics of high security performance, multiple management equipment, and complex management.
- A. wrong
- B. right
正解: A
質問 127
Which statement is wrong about SA principle configuration?
- A. feature detection to identify the different applications by matching message feature and Knowledge Base feature set
- B. Configure SA associated protocol identification is mainly used for the same data stream signaling channel and data channel associated with the identification , and thus identify protocol
- C. reduces the maximum number of packets detection threshold, can reduce the sas module identification number of packets, thus improve the recognition rate agreement
- D. There are some protocol packets are carried in other agreements, enable sa whole packet inspection can better detect such messages
正解: C
質問 128
Which of the following network security technologies are part of the user access security in WLAN wireless access scenario? (Multiple choices)
- A. AP certification
- B. Link authentication
- C. User access authentication
- D. Data encryption
正解: B,C,D
質問 129
Portal The second-level authentication method of authentication refers to the direct connection between the client and the access device(Or only layer devices exist in between),The device can learn the user's MAC Address and can be used IP with MAC Address to identify the user.
- A. right
- B. wrong
正解: A
質問 130
Which of the following descriptions is wrong for the basic principle of user access security?
- A. The security policy server checks the terminal status information. For terminal devices that do not meet enterprise security standards, the security policy server re-issues authorization information to the access device.
- B. The terminal device selects the resource to be accessed according to the result of the status check
- C. The terminal device directly interacts with the security policy server. The terminal reports its own status information, including the virus database version, operating system version and patch version installed on the terminal.
- D. When terminal device accesses the network, it first authenticates the user through the access device, and the access device cooperates with the authentication server to complete the user identity authentication.
正解: B
質問 131
Which of the following are correct about 802.1X access process? (Multiple choices)
- A. 802.1X authentication does not require security policy checks.
- B. The terminal exchanges EAP packets with the 802.1X switch. The 802.1X switch and the server use Radius packets exchange information.
- C. Throughout the authentication process, the terminal exchanges information through the server and EAP packets.
- D. Use MD5 algorithm to verify the information.
正解: B,D
質問 132
For hardware SACC Access control, if the terminal does not pass the authentication, it can access the resources of the post-authentication domain. This phenomenon may be caused by the following reasons?
(Multiple choice)
- A. SACG Enable the default inter-domain packet filtering.
- B. Privileges are misconfigured IP
- C. TSM No hardware is added to the system SACG equipment.
- D. Authentication data flow has passed SACG filter.
正解: A,B
質問 133
In some scenarios, an anonymous account can be used for authentication. What are the correct descriptions of the following options for the anonymous account?? (Multiple choice)
- A. The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.
- B. By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.
- C. Administrators cannot delete anonymous accounts"~anonymous*.
- D. Agile Controller-Campus Need to be manually created"~anonymous"account number.
正解: A,C
質問 134
In the centralized networking, the database, SM server, SC server and AE server are all installed at the headquarters of the enterprise. This networking mode is applicable to enterprises with a wide geographical distribution of users and a large number of users.
- A. True
- B. False
正解: B
質問 135
Policy template is collection of several policy. To audit the security status of different terminal hosts and the behavior of end users, administrators need to customize different policy templates for protecting and managing terminal hosts.
Which of the following are correct regarding the policy template? (Multiple choices)
- A. You can assign policy template to a network segment.
- B. If different policy templates are applied to departments and accounts, the policy template assigned to the highest priority will take effect. The priority relationship of departments and accounts is: account > department.
- C. When configure policy template, you can inherit the parent template and modify the parent template policy.
- D. Only policy in the policy template can be used. Administrators can't customize the policy.
正解: A,B
質問 136
Aopt user isolation technology in WLAN networking environment, which of the following statements is wrong?
- A. Isolation in user groups means that users in the same group can't communicate with each other
- B. User isolation function means that Layer 2 packets associated with all wireless users on the same AP can't forward packets to each other.
- C. Group isolation and isolation between groups can't be used at the same time
- D. User isolation between groups means that users in different groups can't communicate with each other, and internal users in the same group can communicate
正解: C
質問 137
In Agile Controller-Campus admission control technology framework, which of the following is correct for RADIUS?
- A. PADIUS is used to pass user name, password and other information between 802.1X switch and AAA server.
- B. PADIUS is used to push web pages to users by Portal Server.
- C. PADIUS is used to deliver security policies to SACG devices by the server.
- D. PADIUS is used to pass user name, password and other information between the client and 802.1X switch.
正解: A
質問 138
If the self-determined meter function is enabled on the Agile Controller-Campus and the account PMAC address is bound, Within a period of time, the number of incorrect cipher input by the end user during authentication exceeds the limit. Which of the following descriptions is correct? (multiple choice)
- A. The account is locked on all terminal devices and cannot be recognized.
- B. If you want to lock out the account, the administrator can only delete the account from the list.
- C. When the account number is reserved, only the sword type number cannot be authenticated on the bound terminal device, and it can be authenticated normally on other terminal devices.
- D. After the lock time, the account will be automatically unlocked
正解: C,D
質問 139
WEB filtering technology is a kind of in-depth testing for WEB loophole, WEB classification and access control security management technology on the Internet.
- A. TRUE
- B. FALSE
正解: A
質問 140
Regarding the description of the ACL used in the linkage between SACG equipment and the TSM system, which of the following statements is correct!?
- A. default ACL The rule group number can only be 3999.
- B. due to SACG Need to use ACL3099-3999 To pick TSM The rules issued by the system, so in the configuration TSM Before linkage, you need to ensure these ACL Not referenced by other functions.
- C. The original group number is 3099-3999 of ACL Even if it is occupied, it can be successfully activated TSM Linkage.
- D. default ACL The rule group number can be arbitrarily specified.
正解: B
質問 141
Which of the following is correct about the authentication method and authentication type?
- A. Users can use the web agent method to support both digital certificate authentication and local authentication.
- B. Users can use the Agent mode to support three authentication types: local authentication, digital certificate authentication and system authentication.
- C. Users can use the web method to support both local authentication and digital certificate authentication.
- D. Users can use the web agent mode to support both digital certificate authentication and system authentication.
正解: B
質問 142
There are three roles in the XMPP protocol: server, gateway, and client. Corresponding to the free mobility solution: Agile Controller-Campus as For the server, Huawei USG6000 series firewall acts as the gateway; the agile switch acts as the client.
- A. wrong
- B. right
正解: A
質問 143
The MDM technology architecture of AnyOffice mobile office system is broadly divided into three parts: Security SDK, Android MDM and iOS MDM. Which of the following is wrong of these three parts?
- A. The security SDK can also integrate third-party applications and obtain corresponding security capabilities after integration.
- B. The security SDK provides basic local data encryption, network transmission data encryption and L4VPN capabilities to the entire Any Office mobile office system.
- C. The iOS system has its own MDM protocol, which involves remote message push, remote control commands, terminal configuration delivery and policy control. Any Office Mobile Office System adds some MDM features to its own base on iOS MDM protocol.
- D. The functions that Android MDM can implement include remote message push, remote control commands, terminal configuration delivery and policy control.
正解: A
質問 144
Terminal security access technology does not include which of the following options?
- A. Access control
- B. safety certificate
- C. Authentication
- D. System Management
正解: D
質問 145
......
検証済みH12-723-ENU問題集で問題と解答100%合格Fast2test:https://jp.fast2test.com/H12-723-ENU-premium-file.html