Free Huawei H12-731-ENU Exam Dumps Questions & Answers

If the hardware security access control gateway adopts the next generation firewall, in "Policy > Admission Control > SAC Configuration > Hardware SACG", select the "Controlled Domain" tab, and add the controlled domain ERP (172.10.11.1/32 ) and DB_Oracle ( 172.10.12.32/32 ), then query the firewall configuration through the CLI to obtain the following information:
display acl all
............
Advanced ACL 3100, 1 rule, not binding with vpn-instance
Acl's step is 1
rule 1 deny ip (0 times matched)
Advanced ACL 3101, 1 rule, not binding with vpn-instance
Acl's step is 1
rule 1 permit ip (0 times matched)
Advanced ACL 3102, 1 rule, not binding with vpn-instance
Acl's step is 1
rule 1 deny ip destination 172.13.11.10 (0 times matched)
Advanced ACL 3103, 1 rule, not binding with vpn-instance
Ad's step is 1
rule 1 permit ip destination 172.13.11.10 (0 times matched)
Advanced ACL 3354,
Which of the following statements is correct about the above ACL configuration?

• A.  You can only log in to the hardware security access control gateway, execute the controlled domain refresh command sync role-info in diagnostic mode, and actively request to refresh the controlled domain from the Agile Controller manager.
• B.  The Agile Controller manager will regularly check and deliver the control domain configuration, and the problem will be automatically fixed.
• C.  The current controlled domain is not completely delivered to the hardware security access control gateway.
• D.  The controlled domain can be delivered to the hardware security access control gateway by manually synchronizing the controlled domain on the Agile Controller manager.

Mainframe hardening mainly includes which of the following aspects?

• A.  Vulnerability Scan
• B.  Account password security
• C.  Network management system reinforcement
• D.  OS Hardening
• E.  Database hardening

Which of the following options fall under the scope of visitor management?

• A.  Guest Account Creation
• B.  Visitors register on the registration page
• C.  Guest Account Approval
• D.  The guest uses the account to authenticate
• E.  Visitor page customization
• F.  Visitor online behavior audit

In the networking shown in the figure, the traffic from the PC to access the Web Server must go through the firewall, and the traffic from the Web Server to the PC must go through the firewall.
With intra-domain bidirectional NAT properly configured on the firewall, the following descriptions of packet IP addresses may be correct:

• A.  The source IP address of the data packet received by the web server for accessing its web service from the PC is the IP address of the interface (1).
• B.  The source IP address of the data packet received by the PC from the web server is 10.1.1.2.
• C.  The source IP address of the data packet received by the web server for PC access to its web service is 10.1.1.5.
• D.  The source IP address of the data packet received by the factory PC from the web server is the IP address of the interface (2).

When the dual-system hot backup network is used, according to this configuration, PC2 sends an ARP request to the Mac of IP10.100.30.8. Which of the following options is correct?
sysname NGFW_A
#
hrp enable
hrp interface GigabitEthernet 0/0/3
#
interface GigabitEthernet0/0/1
ip address 192.168.10.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.1 active
#
interface GigabitEthernet0/0/2
ip address 10.100.30.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.100.30.1 active
#
Nat address-group 1
section 0 10.100.30.8 10.100.30.9
#
nat-policy
rule name trust to untrust
source-zone trust
destination-zone untrust
source-address 192.2163.10.0 24
action nat address-group 1

• A.  The MAC of the NGFW_A interface responds to this ARP
• B.  The MAC of the NGFW_B interface responds to this ARP
• C.  NGFW_A responds to this ARP with VMAC
• D.  NGFW_B responds to this ARP with VMAC