HC-711-ENU Online Practice Questions and Answers

About stateful inspection firewall and packet filtering firewall description is correct.

A. Packet filtering firewall is not required for each packet entering the firewall rule matching;

B. Because the UDP protocol is connectionless -oriented protocol,so stateful inspection firewall UDP packetscannotmatch state table;

C. When stateful inspection firewall to inspect packets,packets of the same before and after the connection is not relevant.

D. Stateful inspection firewall only needs to connect to the first packet to match the access rule,which is connected directly to the subsequent packets matching(to TCP applications,for example) in the state table

When a router receives a packet, if no match is found, the specific route entry, the default routing table can be forwarded.

A. True

B. False

Which of the following components are optional TSM system?

A. TMC (TSM Management Center)

B. SM Security Manager

C. SC safety controller

D. SA Security Agent

Priority DMZ area is how much?

A. 5

B. 50

C. 85

D. 100

SVN can be achieved only allows users to access remote enterprise network cannot access the Internet and local area networks.

A. True

B. False

Stateful inspection firewall subsequent packets (non- first packet) forwarding mainly based on which of the following?

A. route table

B. MAC address

C. session table

D. FIB table

Description of the error based GRE encapsulation and de-encapsulation yes?

A. Packaging process: after the original packet routing to pass through to find the packet to start trigger GRE tunnel interface module encapsulation

B. Packaging process: After the GRE module package, this package will enter the IP module for further processing

C. Decapsulation process: After receipt of GRE packet destination,find the route to pass through the packet to the GRE tunnel interface module start trigger decapsulate

D. Decapsulation process: After the GRE module solution package, this package will enter the IP module for further processing

In the WLAN configuration, if the authentication type is set to open system authentication, all clients will request certification by certification.

A. True

B. False

Firewall own security zone cannot be deleted, but you can modify the security level

A. True

B. False

About trunk port is correct there? (Choose two)

A. Upon receipt of a trunk port carries the label of a data frame,if different from the label and PVID,then forwarded directly

B. Upon receipt of a trunk port carries the label of a data frame,if the label and PVID different, then discards

C. Upon receipt of a trunk port carries the label of a data frame,if the label and the same PVID, then forwarded directly

D. After the trunk port carries the label when you receive a data frame,if the label and the same PVID, then remove the label forwarding

IKE first and second switching stage comprises ()? (Choose three)

A. Fast mode

B. Aggressive Mode

C. Transfer mode

D. Master Mode

Configuration [LNS-l2tp10] allow l2tp virtual-template 1 remote client1 in, client1 mean?

A. The end of the tunnel name

B. On the end of the tunnel name

C. The end of the account name to initiate certification

D. Peer initiates an authentication account name

L2TP VPN configuration on the following statement in the correct precautions are: (Choose three)

A. The LNS L2TP client must be configured virtual interface template (Virtual-Template) the IP address of the virtual interface template needs to join the domain

B. The default firewall requires authentication of the tunnel. If you do not configure authentication,you need to undo tunnel authentication command

C. To enable L2TP dial-up users can normally access the network address, the address assigned to L2TP users can dial up the network and the user's address on the same network segment or need to enable proxy ARP

D. LNS side is not allowed to configure multiple L2TP-Group

IPSEC configuration steps include: (Choose three)

A. Restart Firewall

B. Define the data flow and inter-domain protection rules

C. Configure IPSec security proposal

D. Configure IKE Peer

VLAN tag information which is contained in the message section?

A. Ethernet packet header

B. IP packet header

C. TCP packet header

D. UDP packet header