Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Huawei
  5. H12-261_V3.0

Huawei H12-261_V3.0 Exam Questions
HCIE-Routing & Switching (Written) V3.0 Exam (Page 4 )

Updated On: 17-Feb-2026
Page 4 of 97
PDF with 479 Questions

LANDThe attack method is that the attacker sends a source address to the target host and the destination address is the target host, and the source port and the destination port are the same.
When the receiving end is waiting for the final ACK packet to be sent, the connection is always in a semi-connected state, resulting in a waste of receiving full and limited TCP resources.

  1. True
  2. False

Answer(s): A

Explanation:

LAND attack (LAN denial of service attack): It is a type of denial of service attack (DoS attack) by sending carefully constructedThe spoofed packets with the same source address and destination address will paralyze the target device that lacks the corresponding protection mechanism. This attack method uses a specially constructed TCP SYN packet (usually used to open a new connection), so that the target machine opens an empty connection whose source address and target address are both its own IP address, and continuously responds to itself, consuming the system resources until it crashes. This attack method is not the same as a SYN flood attack.



Which of the following statements about SA in IPSec is wrong is

  1. SA is uniquely identified by a triple, This triplet includes the security parameter prime SPI ( Security Parate Inder), the source IP address and the security protocol number used (AsESP)
  2. use display The ipsec command can check the encryption algorithm used with another IPSec peer, the traffic of interest and other information.
  3. IPSec only supports symmetric encryption algorithms to encrypt data.
  4. Bidirectional SAs must exist between IPSec peers to establish IPSecc VPN connection

Answer(s): A

Explanation:

Security AllianceSA, records the policy and policy parameters of each IP security path. Security Association is IPSec The basics,It is an agreement established by both communication parties, which determines the protocol, transcoding method, key and key validity period used to protect the data packet. ABoth H and ESP use SA, IKE'sA major function is to establish and maintain security alliances.



The router HW1 and the router HW2 are connected to the network A and the network B, respectively. As shown in the figure below, if you want to establish IPsec VPN between router HW1 and router HW2.

  1. rule permit ip source 192.168.1.10 destination 192.168.1.2 0
  2. rule permit ip source 10.1.1.0 0.0.0.255 destination 192.168.1.2 0
  3. rule permit ip source 10.1.1.0 0.0.0 .255 destination 10.1.2.0 0.0.0.255
  4. rule permit ip source 192 .168.1.10 destination 10.1.2.0 0.0.0.255
  5. rule permit ip source 10.1.2.0 0.0.0 255 destination 10.1.1.0 0.0.0.255

Answer(s): C



Which of the following options describes the assertion mechanism correctly?

  1. The size of the IP address will not be used as a condition for the election of the winner.
  2. In assertion mechanismThe winner is responsible for forwarding multicast data to the broadcast network segment.
  3. The assertion mechanism is used for DR election.
  4. In the assertion mechanism, the loser will shut down is the interface connected to the broadcast network.

Answer(s): B

Explanation:



The router receives the same multicast traffic from the downstream interface again, then it starts the assertion mechanism and sends the assert message, including: routing protocol priority, cost, and packet source IP (preferably larger). The routing protocol priority and cost are the source's IGP route. After comparison, the winner is selected, and the loser is the loser. Loser will prune the downstream interface and will continue to send pruning messages to the upstream. However, a pruning message is also sent to the downstream to detect whether there is a downstream receiver. The downstream receiver router will send a join message to the upstream router to suppress pruning. Eventually the link does not turnsend traffic.



If there are multiple receivers in a multicast group, the administrator enables IGM on the switch connecting the receiversP Snooping function, when the receiver changes from When the switch receives the general group query message from the querier, how should multiple receivers respond?

  1. The first receiver whose response time times out is sentReport messages are not sent by other receivers.
  2. Only run ICMPv2, all receivers will respond to the Report message.
  3. Only when IGMPvI is running will all receivers respondReport message.
  4. All recipients will respondReport message

Answer(s): D

Explanation:

IGMP Snooping is to monitor IGMP protocol packets.
IGMPSnooping is the same as IGMP. Both are used for multicast group management and control, and they both use IGMP packets. IGMPagreement line at the network layer, while the IGMP Snooping runs at the link layer, when the Layer 2 Ethernet switch receives the IGM transmitted between the host and the routerP message, IGMP Snooping analyzes the information carried by IGMP packets, and establishes and maintains MAs at Layer 2C table, the multicast packets sent from the router in the future will be forwarded according to the MAC table. IGMP Snooping will actively send IGMP specific group query packets to the port only when it receives an IGMP leave packet from a port or the aging time timer of a port expires.
IGMPmessage.






Post your Comments and Discuss Huawei H12-261_V3.0 exam dumps with other Community members:

Join the H12-261_V3.0 Discussion