Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Huawei
  5. H12-721

Huawei H12-721 Exam
HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) (Page 3 )

Updated On: 9-Feb-2026
Page 3 of 50
PDF with 245 Questions

From the branch offices, servers are accessed from the Headquarters via IPsec VPN. An IPSEC tunnel can be established at this time, but communication to the servers fails. What are the possible reasons? (Choose three answers)

  1. Packet fragmentation, the fragmented packets are discarded on the link.
  2. Presence opf dual-link load balancing, where the path back and forth may be inconsistent.
  3. Route flapping.
  4. Both ends of the DPD detection parameters are inconsistent.

Answer(s): A,B,C



A user has been successfully authenticated using an SSL VPN. However, users can not access the Web-link resources through the Web server.



Using the information provided, which of the following is correct?

  1. Network server does not have the Web services enabled.
  2. Virtual Gateway policy configuration error
  3. Virtual connection between the gateway and the network server is not normal
  4. Virtual gateway and network server is unreachable

Answer(s): A



According to the network diagram regarding hot standby, which of the following are correct? (Choose three answers)

  1. VRRP backup group itself has preemption. As shown, when USG_A failurs and is restored, USG_A re-use preemption becomes it has master status.
  2. With VGMP management group preemption and VRRP backup groups, when the management group fails and recovers, the priority management group will also be restored.
  3. By default, the preemption delay is 0.
  4. If a VRRP group is added to the VGMP management group, preemption will fail. The VGMP unified management group decides this behavior.

Answer(s): A,B,D



Which of the following are correct regading TCP and TCP proxy on the reverse source detection? (Choose three answers)

  1. TCP and TCP proxy detection can prevent reverse source SYN Flood.
  2. TCP proxy acts as a proxy device. TP is connected between both ends, when one end initiates a connection with the device it must complete the TCP three-way handshake.
  3. With TCP proxy mode attack prevention, detection mechanism must be turned on.
  4. TP reverse source probes to detect the source IP packets by sending a Reset.

Answer(s): A,B,C



IPsec tunneling is used as a backup connection as shown below:


Which of the following statements are true about the tunnel interface? (Choose two answers)

  1. IPsec security policy should be applied to the tunnel interface
  2. Protocol for the Tunnel Interface must be GRE.
  3. Tunnel interface needs to be configured on the IP address and the IP address of the gateway. The external network IP address of the outgoing interface must be in the same network segment.
  4. Tunnel interfaces can be added to any security zone, provided they have the appropriate interdomain security policies.

Answer(s): A,D






Post your Comments and Discuss Huawei H12-721 exam prep with other Community members:

Join the H12-721 Discussion