CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Huawei
  5. H12-261_V3.0

Free H12-261_V3.0 Exam Braindumps (page: 4)

Page 3 of 120
PDF with 479 Questions

As shown in the figure, there are two IPv6 networks that can access the IPv4 network. At the same time, an IPSec tunnel needs to be established between the two IPv6 networks for communication.Which of the following packaging modes can meet the above requirements?

  1. ESP+tunnel mode
  2. AH+ transmission mode
  3. AH+tunnel mode
  4. None of the above options are correct

Answer(s): D

Explanation:

The correct one should be AH+ESP+ tunnel mode (inter-access between IPV6 sites), NAT-PT technology (inter-access between IPV4 and IPV6) IPSec sub-protocol header authentication protocol AH, which provides data integrity verification and data source identity for IP packets Authentication, using the HMAC algorithm,The HMAC algorithm is very similar to the Hash algorithm, which is generally evolved from the Hash algorithm, that is, the input message is combined with the symmetric key that has been shared by both parties in advance, and then the Hash algorithm is applied.
ESP. The principle of the protocol providing data integrity verification and data source identity authentication is the same as that of AH, but the verification scope of AH is smaller than that of ESP. The ESP protocol specifies the authentication algorithms that all IPSec systems must implement:
HMAC-MD5, HMAC-SHA1, NULL. Compared with other rail technologies such as L2TP, GRE, AH, etc., ESP has a unique security mechanism - encryption, and can be used in combination with other tunneling protocols to provide stronger security support for users' remote communication.
Two modes of IPSec:
transfer mode (Transport Mode) is the default mode of IPSec, also known as end-to-end (End-to-End) mode, which is suitable for IPSec communication between two hosts. Tunnel modeMode) is used for site-to-site communication between two gateways. The two gateways involved in the communication actually serve to provide secure communication services for the computers in the two networks bounded by them.



A digital certificate does not contain which of the following?

  1. digital envelope
  2. Issuer
  3. digital signature
  4. public key information

Answer(s): A

Explanation:

User basic information, public key information, digital signature The issuance of a digital certificate is a process in which the user verifies the transmission of his/her own key and public key and his/her physical information to the verification center. After verification, the verification center will send the corresponding digital certificate to the applicant. The improved digital certificate contains basic user information and public key information, and some related information signed by the certification center will also be attached. The encryption technology (encrypted transmission, digital signature, digital envelope and other security technologies) with digital certificate as the core can encrypt the information transmitted on the network and decryption, digital signature and signature verification to ensure the confidentiality and integrity of information transmitted online and the non-repudiation of transactions.



LANDThe attack method is that the attacker sends a source address to the target host and the destination address is the target host, and the source port and the destination port are the same.
When the receiving end is waiting for the final ACK packet to be sent, the connection is always in a semi-connected state, resulting in a waste of receiving full and limited TCP resources.

  1. True
  2. False

Answer(s): A

Explanation:

LAND attack (LAN denial of service attack): It is a type of denial of service attack (DoS attack) by sending carefully constructedThe spoofed packets with the same source address and destination address will paralyze the target device that lacks the corresponding protection mechanism. This attack method uses a specially constructed TCP SYN packet (usually used to open a new connection), so that the target machine opens an empty connection whose source address and target address are both its own IP address, and continuously responds to itself, consuming the system resources until it crashes. This attack method is not the same as a SYN flood attack.



Which of the following statements about SA in IPSec is wrong is

  1. SA is uniquely identified by a triple, This triplet includes the security parameter prime SPI ( Security Parate Inder), the source IP address and the security protocol number used (AsESP)
  2. use display The ipsec command can check the encryption algorithm used with another IPSec peer, the traffic of interest and other information.
  3. IPSec only supports symmetric encryption algorithms to encrypt data.
  4. Bidirectional SAs must exist between IPSec peers to establish IPSecc VPN connection

Answer(s): A

Explanation:

Security AllianceSA, records the policy and policy parameters of each IP security path. Security Association is IPSec The basics,It is an agreement established by both communication parties, which determines the protocol, transcoding method, key and key validity period used to protect the data packet. ABoth H and ESP use SA, IKE'sA major function is to establish and maintain security alliances.






Post your Comments and Discuss Huawei H12-261_V3.0 exam with other Community members:

H12-261_V3.0 Discussions & Posts