- Home
- Huawei
- HCIP-Security-CISN(Huawei Certified ICT Professional - Constructing Infrastructure of Security Network)
- Huawei.H12-721.v2020-08-21.q77
- Question 43
Valid H12-721 Dumps shared by ExamDiscuss.com for Helping Passing H12-721 Exam! ExamDiscuss.com now offer the newest H12-721 exam dumps, the ExamDiscuss.com H12-721 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com H12-721 dumps with Test Engine here:
Access H12-721 Dumps Premium Version
(180 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 43/77
Avoid DHCP server spoofing attacks. DHCP snooping is usually enabled. What is the correct statement?
Correct Answer: C
Explanation
Note: DHCP snooping is a DHCP security feature that filters DHCP messages that do not contain information through MAC address restriction, DHCP snooping security binding, IP+MAC binding, and Option 82 features.
DHCP DoS attack, DHCP server spoofing attack, ARP man-in-the-middle attack, and IP/MAC Snooping attack. DHCP snooping is enabled on all interfaces of the DHCP client. If the user-side interface is not configured with the Trusted mode, the interface is enabled with the Snooping feature. The default interface mode is Untrusted. This prevents the DHCP server from being attacked by the bogus. To prevent the attack from being attacked by the DHCP server, you can configure the DHCP snooping function on the device to configure the interface on the user side as Untrusted and the interface on the DHCP server as Trusted. All received from the Untrusted interface. DHCP relay packets are discarded. DHCP snooping is configured on the firewall. The DHCP snooping binding function is used to forward packets only if the received packets are the same as those in the binding table. Otherwise, the packets are discarded.
Note: DHCP snooping is a DHCP security feature that filters DHCP messages that do not contain information through MAC address restriction, DHCP snooping security binding, IP+MAC binding, and Option 82 features.
DHCP DoS attack, DHCP server spoofing attack, ARP man-in-the-middle attack, and IP/MAC Snooping attack. DHCP snooping is enabled on all interfaces of the DHCP client. If the user-side interface is not configured with the Trusted mode, the interface is enabled with the Snooping feature. The default interface mode is Untrusted. This prevents the DHCP server from being attacked by the bogus. To prevent the attack from being attacked by the DHCP server, you can configure the DHCP snooping function on the device to configure the interface on the user side as Untrusted and the interface on the DHCP server as Trusted. All received from the Untrusted interface. DHCP relay packets are discarded. DHCP snooping is configured on the firewall. The DHCP snooping binding function is used to forward packets only if the received packets are the same as those in the binding table. Otherwise, the packets are discarded.
- Question List (77q)
- Question 1: The topology diagram of the BFD-bound static route is as fol...
- Question 2: Virtual firewall technology can achieve overlapping IP addre...
- Question 3: A user wants to limit the maximum bandwidth of the 192.168.1...
- Question 4: Connecting the internal network interface address from the f...
- Question 5: As shown in the figure, the firewall is dual-system hot stan...
- Question 6: In the first phase of IKE V1, the pre-shared key master mode...
- Question 7: What are the three elements of an abnormal flow cleaning sol...
- Question 8: As shown below, the domain abc address pool is the address p...
- Question 9: The following scan snoop attacks are:...
- Question 10: In the application scenario of IPSec traversal by NAT, the a...
- Question 11: Which of the following statements about the blacklist is cor...
- Question 12: The default interval for sending VGMP hello packets is 1 sec...
- Question 13: About load balancing, the following configuration is availab...
- Question 14: 112. The ESP only verifies the IP payload and can perform NA...
- Question 15: What are the drainage schemes that can be used in the scenar...
- Question 16: In the active/standby mode of the USG dual-system hot backup...
- Question 17: Which of the following statements is true about L2TP over IP...
- Question 18: In a dual-system hot standby network, the NAT configurations...
- Question 19: What is the correct statement about the Eth-trunk function?...
- Question 20: Virtual firewall virtualizes multiple logical firewalls on a...
- Question 21: The management control information and service information o...
- Question 22: The ip-link sends a probe packet to the specified IP address...
- Question 23: What are the following VPN protocols that do not provide enc...
- Question 24: The hot standby and IPSec functions are combined. Which of t...
- Question 25: The branch firewall of an enterprise is configured with NAT....
- Question 26: The firewall device defends against the SYN Flood attack by ...
- Question 27: What are the following attacks that are special message atta...
- Question 28: To ensure the normal forwarding of large traffic, a network ...
- Question 29: Both AH and ESP protocols of IPSec support NAT traversal...
- Question 30: 87. The SSL VPN scenario under dual-system hot standby is sh...
- Question 31: The figure shows the data flow direction of the Bypass inter...
- Question 32: What is the correct description of IKE?...
- Question 33: Which of the following is the correct description of the SMU...
- Question 34: Accessing the headquarters server through the IPSec VPN from...
- Question 35: What are the following attacks that are malformed?...
- Question 36: USG A and USG B are configured with a static BFD session. Th...
- Question 37: The SSL VPN authentication login is unsuccessful and the mes...
- Question 38: The interaction process of the firewall linkage NIP intrusio...
- Question 39: The dual-system hot standby networking environment is as sho...
- Question 40: Two USG firewalls establish an IPSec VPN through the Site to...
- Question 41: In IPSec VPN, which one is incorrect about the difference be...
- Question 42: After the link-group is configured on the device, use the di...
- Question 43: Avoid DHCP server spoofing attacks. DHCP snooping is usually...
- Question 44: Based on the following information analysis on the firewall,...
- Question 45: The constraints of the policy in the traffic limiting policy...
- Question 46: In the application scenario of the virtual firewall technolo...
- Question 47: SSL VPN authentication is successful. Using the file sharing...
- Question 48: When the ip-link link health check is performed, if it is un...
- Question 49: The first packet discarding technology of Huawei Anti-DDoS d...
- Question 50: The server health check mechanism is enabled on the USG fire...
- Question 51: What are the correct statements about the IP address scannin...
- Question 52: Which of the following encryption methods does IPSec VPN use...
- Question 53: Which of the following attacks is a SYN Flood attack?...
- Question 54: The following figure shows the L2TP over IPSec application s...
- Question 55: When an IPSec VPN is set up on both ends of the firewall, th...
- Question 56: The SSL VPN authentication is successful, but the Web-link r...
- Question 57: The enterprise network is as shown in the figure. On the USG...
- Question 58: In the dual-system hot backup, when the slave does not recei...
- Question 59: 134. Which of the following is the connection status data to...
- Question 60: In the IPSec VPN, the digital certificate is used for identi...
- Question 61: In the case of IPSec VPN NAT traversal, you must use IKE's a...
- Question 62: In dual-system hot backup, the backup channel must be the pr...
- Question 63: Two USG firewalls failed to establish an IPSec VPN tunnel th...
- Question 64: Regarding the virtual gateway type exclusive and shared type...
- Question 65: The principle of HTTPS Flood source authentication defense i...
- Question 66: Load balancing implements the function of distributing user ...
- Question 67: Which of the following statements is true for virtual servic...
- Question 68: The following figure shows the data packet of the pre-shared...
- Question 69: SSL works at the application layer and encrypts specific app...
- Question 70: An administrator can view the IPSec status information and d...
- Question 71: On the USG, you need to delete sslconfig.cfg in the hda1:/ d...
- Question 72: The malformed packet attack technology uses some legitimate ...
- Question 73: In the IDC room, a USG firewall can be used to divide into s...
- Question 74: After the NAT server is configured (no-reverse parameter is ...
- Question 75: A data flow has established a session in the firewall. If th...
- Question 76: When an attack occurs, the result of packet capture on the a...
- Question 77: What are the correct descriptions of IPSec and IKE below?...
