Thursday, 29 November 2018

H12-721 HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)

H12-721 HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)

1. Huawei H12-721-ENU HCNP-Security-CISN Certification Exam
This document mainly introduces H12-721 HCNP-Security-CISN exam outline. For other exam syllabus, you can refer to the corresponding training materials or through http://support.huawei.com/learning on the Huawei Online Training and Learning Platform.

Certification Exam Code Exam Name Duration Pass Score/
Total Score
HCNP-Security H12-721 HCNP-Security-CISN
(Huawei Certified Network Professional - Constructing Infrastructure of Security Network) 90 min 600/1000

2. HCNP-Security-CISN Exam Outline

2.1 Exam Content
HCNP-Security-CISN exam covers network security device management, firewall intelligent routing, firewall high availability, VPN technology and application, firewall bandwidth management and virtual firewall technology.

2.2 Key Points
Network Security Device Management
1.Network Security Device Management
2.Network Security Device Log Analysis
3.Network Security Device Unified Operation and Maintenance
Firewall Intelligent Routing
1.Principles of Intelligent Routing
2.Intelligent Routing Application Analysis
3.Intelligent Routing Troubleshooting
Server Load Balancing
1.Principles of SLB Technology
2.SLB Deployment
Firewall High Availability
1.IP-Link Technology
2.BFD Technology
3.Hot Standby
4.Link-group Technology
5.Eth-Trunk Technology
VPN Technology and Application
1.IPSec VPN Technology and Application
2.SSL VPN Technology and Application
Firewall Bandwidth Management
1.Principle of Firewall Bandwidth Management
2.Firewall Bandwidth Management Deployment
3.Firewall bandwidth management Troubleshooting
Firewall Virtual System
1.Principle of Firewall virtual system
2.Firewall Virtual System Deployment
3.Firewall Virtual System Troubleshooting

Note:
The exam content provided here serves only as a general guide to candidates. Other contents not mentioned here may also be included in the actual exam.

2.3 Reference
Huawei Certified HCNP-Security-CISN Training Materials(V3.0)
Huawei Certified HCNP-Security-CISN Lab Guide(V3.0)

2.4 Recommended Training Program
HCNP-Security-CISN Training

QUESTION 1
The main method of caching servers DNS Request Flood defense is the use of DNS source authentication.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 2
Refer to the following diagram in regards to Bypass mode.
Which of the following statements is correct a few? (Choose two answers)

A. When the interface is operating in a non-Bypass state, the flow from the inflow of USG
Router_A interfaces from GE0, GE1 after USG treatment from the interface flow Router_B.
B. When the Interface works in Bypass state, traffic flow from the interface by the Router_A GE0
USG, USG without any treatment, flows directly Router_B flows from the GE1 interfaces.
C. When there are firewall requirements to achieve security policies, while working at the interface
Bypass state to operate without interruption. Therefore, the device can be maintained in the Bypass state job.
D. Power Bypass interface can work in bridge mode, and can work with the bypass circuit.

Answer: A,B
Explanation:

QUESTION 3
With the Huawei abnormal flow cleaning solution, deployed at the scene of a bypass, drainage
schemes can be used to have? (Choose three answers)

A. Dynamic routing drainage
B. Static routing strategy drainage
C. Static routing drainage
D. MPLS VPN cited

Answer: A,B,C
Explanation:

QUESTION 4
Regarding IKE main mode and aggressive modes, which of the following statements is correct?

A. In savage mode with the the first phase of negotiation, all packets are encrypted
B. All main mode packts under the first phase of negotiation are encrypted
C. The DH algorithm is used in aggressive mode
D. Whether the negotiation is successful or not, IKE will enter into fast mode

Answer: C
Explanation:

QUESTION 5
A network is shown below.
A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn.
What are valid reasons for this failure? (Choose three answers)

A. LNS tunnel tunnel name change is inconsistent with the client name.
B. L2TP tunnel authentication failed.
C. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.
D. Client PC can not obtain an IP address assigned to it from the LNS.

Answer: B,C,D
Explanation:
Posted by at No comments:
Labels: , ,

Wednesday, 28 November 2018

H12-711 HCNA-Security (Huawei Certified Network Associate -Security)

H12-711 HCNA-Security (Huawei Certified Network Associate -Security)

1 Huawei H12-711-ENU HCNA-Security V3.0 Certification Exam
This article introduces the H12-711 HCNA-Security V3.0 exam outline, the other exam outline can be obtained in related training materials or Huawei Online Learning Website: http://support.huawei.com/learning.
Certification Exam Code Exam Name Duration Pass Score/Total Score
HCNA-Security H12-711 HCNA-Security (Huawei Certified Network Associate - Security) 90 min 600/1000

2 HCNA-Security V3.0 Exam Outline

2.1 Exam Content

The HCNA-Security V3.0 exam covers information security and security overview, operation system and Host security, network security basis, Application of Encryption and Decryption, Safety operation and analysis basis, etc.

2.2 Knowledge Points

Security information and security overview
1. Information Security Standards and Specifications
2. Basic Network Concepts and Common Network Devices
3. Common Information Security Threats
4. Threat Defense and Information Security Development Trends

Operation system and Host security
1. Operating System Overview
2. Common Server Types and Threats
3. Host Firewalls and Antivirus Software

Network security basis
1. Introduction to Firewalls
2. Network Address Translation
3. Dual-System Hot Standby
4. Overview of Intrusion Prevention

Application of Encryption and Decryption
1. Encryption and Decryption Mechanism
2. PKI Certificate System
3. Application of Cryptographic Technologies

Safety operation and analysis
1. Introduction to Security Operations
2. Data Monitoring and Analysis
3. Digital Forensics
4. Cybersecurity Emergency Response

Note:
The content mentioned in this article is just a general exam guide; the exam may also contain more related content that is not mentioned here.

2.3 Reference
Huawei Certified HCNA-Security V3.0 Course
Huawei Certified HCNA-Security V3.0 Lab Guide

2.4 Recommended Training
HCNA-Security V3.0Training
Posted by at No comments:
Labels: , , , ,

Tuesday, 27 November 2018

H12-261 HCIE-Routing&Switching (Written) (Huawei Certified Internetwork Expert-Routing & Switching)

H12-261 HCIE-Routing&Switching (Written) (Huawei Certified Internetwork Expert-Routing & Switching)

1. Huawei H12-261 HCIE-Routing&Switching Exam Certification Exam
This article introduces the H12-261 HCIE-R&S Exam exam outline, the other exam outline can be obtained in related training materials or Huawei Online Learning Website: http://support.huawei.com/learning.

2. H12-261 HCIE-R&S Exam Exam Outline
2.1 Layer 2 Technologies
2.1.1 STP
1.STP
2.RSTP
3.MSTP
4.Loop guard
5.Root guard
6.BPDU guard
7.TC-BPDU attack guard

2.1.2 VLAN and GVRP
1.Access port
2.Trunk port
3.Hybrid port
4.QinQ
5.Vlan Aggregation
6.Mux Vlan
7.Voice vlan
8.GARP
9.GVRP

2.1.3 Transparent bridge
1.Local Bridging
2.Remote Bridging
3.Integrated Bridging and Routing
4.VLAN ID Transparent Transmission

2.1.4 Link Aggregation, Eth-Trunk and IP-Trunk, Load-balance, LACP
1.Link Aggregation

2.LACP

2.1.5 Ethernet technologies
1.Speed and duplex
2.Ethernet, Fast Ethernet, and Gigabit Ethernet
3.Auto MDI/MDIX
4.Auto negotiation
5.Storm control
6.Unicast flooding control

2.1.6 HVRP
2.1.7 Smart link
2.1.8 DLDP
2.1.9 Switched Port Analyzer (port-mirroring)
2.1.10 Frame Relay
1.LMI
2.Traffic shaping
3.Full mesh
4.Hub and spoke

5.DE
2.1.11 HDLC and PPP
2.1.12 PPPoE and PPPoA
2.2 IPv4
2.2.1 IPv4 addressing, subnetting, and VLSM
2.2.2 IPv4 tunneling and GRE
2.2.3 IPv4 RIP version 1/2

2.2.4 IPv4 OSPF
1.Standard OSPF areas
2.Stub area
3.Totally stubby area
4.NSSA
5.Totally NSSA
6.LSA types
7.Adjacency on a point-to-point and on a multi-access network
8.Virtual-Link
9.LSA Filter
10.OSPF graceful restart
11.Stub Router
12.OSPF Authentication
2.2.5 IPv4 IS-IS
1.NSAP
2.IS-IS Link-state packets
3.IS-IS area type
4.IS-IS circuit type
5.IS-IS TLV
6.IS-IS DIS and Pseudo node
7.IS-IS SPF
8.IS-IS LSP
9.IS-IS Metric
10.IS-IS Route Leaking
11.IS-IS RPC
12.IS-IS Graceful Restart
13.IS-IS LDP Synchronization
14.IS-IS Authentication
2.2.6 IPv4 BGP
1.IBGP and EBGP
2.BGP attributes
3.BGP synchronization
4.BGP routes Summarization
5.Route Dampening
6.BGP route reflector
7.BGP confederation
8.BGP Community
9.BGP Peer Groups
10.BGP Graceful Restart
11.BGP Security
12.Principles of Route Selection
2.2.7 Route Control
1.Filtering
2.IP Prefix list
3.Route Import(redistribution)
4.Route policy
5.Summarization
6.Preference
7.Other advanced features
2.3 IPv6
2.3.1 IP version 6 addressing and different addressing types
2.3.2 IPv6 neighbor discovery
2.3.3 IPv6 functionality protocols
2.3.4 Tunneling techniques
2.3.5 RIPng
2.3.6 OSPF version 3
2.3.7 MP BGP
2.3.8 Route Control
2.4 MPLS VPN
2.4.1 MPLS
1.MPLS network component (P, PE, CE)
2.MPLS label format
3.MPLS label encapsulation
4.MPLS label stack
5.MPLS label operation
6.Forwarding Equivalence Class
7.LDP
8.Label advisement model
9.MPLS LDP—Local Label Allocation Filtering
10.MPLS LDP Inbound/outbound Label Binding Filtering
2.4.2 MPLS Layer 3 VPN
1.MP-IBGP VPNv4 peering
2.VPN-instance
3.Route Distinguisher
4.Route Target
5.Route Target import/export
6.PE-CE–Dynamic Routes
7.PE-CE–Static Routes
8.Redistributing PE-CE routes into VPNv4
9.Redistributing VPN4 routes into PE-CE routing table
10.MPLS VPN Multicast
11.MCE
2.5 IP Multicast
2.5.1 Multicast distribution tree
2.5.2 Multicast forwarding
2.5.3 Multicast RPF
2.5.4 Multicast Administrative Boundaries
2.5.5 PIM dense mode
2.5.6 PIM sparse mode
2.5.7 IGMP
2.5.8 IGMP Snooping
2.5.9 MSDP
2.5.10 Inter domain multicast routing
2.5.11 PIM RP, and BSR
2.5.12 Multicast tools, features, and source-specific multicast
2.6 Network Security
2.6.1 Access lists
2.6.2 uRPF
2.6.3 IP Source Guard
2.6.4 AAA
2.6.5 802.1x / NAC
2.6.6 NAT
1.Static NAT/NAPT
2.Dynamic NAT/PAT
3.Easy IP
4.NAT Server
5.Twice NAT
6.ALG
7.NAT Mapping
8.NAT Filtering
2.6.7 Device access control
2.6.8 Security features
2.6.9 Traffic Suppression
2.6.10 Local Attack Defense
2.6.11 IP Address Anti-spoofing
2.6.12 ARP Security
2.6.13 DHCP Security
2.7 QoS
2.7.1 QoS
1.PQ、DRR、PQ+DRR、WRR、PQ+WRR、WFQ and PQ+WFQ
2.Classification
3.Traffic Policing
4.Traffic Shaping
5.Marking
6.WRED and RED
7.Compression
8.HQoS
9.Class-based QoS
2.7.2 Fragmentation for Frame Relay
2.7.3 CBS、CIR、TC、BC for Frame Relay
2.7.4 Generic traffic shaping
2.7.5 RSVP
2.8 Troubleshoot a Network
1.Troubleshoot complex Layer 2 network issues
2.Troubleshoot complex Layer 3 network issues
3.Troubleshoot a network in response to application problems
4.Troubleshoot network services
5.Troubleshoot network security
2.9 Network Management
1.Syslog
2.IP Service Level Agreement SLA
3.NetStream
4.NQA
5.SNMP
6.FTP
7.Telnet
8.SSH
2.10 Feature
1.VRRP
2.VGMP
3.Interface Backup
4.NTP
5.DHCP
6.BFD

Note:
The content mentioned in this article is just a general exam guide; the exam may also contain more related content that is not mentioned here.


3. HCIE Equipment List
Router
Version:Version 5.120 (AR2200 V200R003C01SPC900)
Device Name:AR2220
Switch
Version:Version 5.130 (S5700 V200R003C00SPC300)
Device Name:S5700
Switch
Version:Version 5.70 (S3700 V100R006C03)
Device Name:S3700


QUESTION 1
What are the advantages of WRED? (Multiple Choice)

A. Completely eliminates congestion
B. Avoids TCP synchronization
C. Provides minimal bandwidth guarantees
D. Provides bounded low latency
E. WRED can prevent UDP from occupying too much bandwidth during congestion

Answer: B E

QUESTION 2
Which of following statements are true when a PE connects multiple sites using IS-IS? (Multiple Choice)

A. Multiple sites can share the same IS-IS process.
B. Each site can use a VPN-instance independently from others to guarantee security.
C. IS-IS can enable the authentication function to prevent attacks.
D. IS-IS can enable the GR feature to improve network stability.

Answer: B C D

QUESTION 3
Which of following statements is true about VLANs on Huawei Switches?

A. VLANs cannot be created on devices in batches.
B. The range of VLAN IDs is from 1 to 4096.
C. On Huawei switches, VLAN IDs from 4000 to 4010 are reserved by default.
D. The scope of VLAN usage can be extended using QinQ technology.

Answer: D

QUESTION 4
Which features can improve the reliability of routers? (Multiple Choice)

A. Double engines
B. Double power supplies
C. Hot-swappable modules
D. ISSUE

Answer: A B

QUESTION 5
Which layers do the OSI model and the TCP/IP models have in common? (Multiple Choice)

A. Session
B. Data link
C. Transport
D. Presentation
E. Physical
F. Application

Answer: C F

Posted by at No comments:
Labels: , , ,

Monday, 26 November 2018

H12-223 HCNP-Routing&Switching-IEEP (Huawei Certified Network Professional-R&S-IEEP)

1. Huawei H12-223 HCNP-Routing&Switching-IEEP V2.0 Certification Exam
This article introduces the H12-223 HCNP-R&S-IEEP exam outline, the other exam outline can be obtained in related training materials or Huawei Online Learning Website: http://support.huawei.com/learning.
Certification Exam Code Exam Name Duration Pass Score/
Total Score
HCNP-Routing&Switching H12-223 HCNP-Routing&Switching-IEEP
(Huawei Certified Network Professional-R&S-IEEP) 90 min 600/1000

2. H12-223 HCNP-Routing&Switching-IEEP Exam Outline

2.1 Exam Content
The HCNP-Routing&Switching-IEEP exam covers PDIOI(Network Planning, Network Design, Network Implementation, Network Maintenance, Network Troubleshooting, Network Optimization) and Network Migration.

2.2 Knowledge Points
Network Planning
1. Project background
2. Project objectives
3. Project technological roadmap

Network Design
1) Physical network design (typical topology, device selection, media selection, network ID)
2) Logical network design (LAN design, WAN design, route architecture design, network egress design, high availability design)
3) Other network technologies (network security, VPN, WLAN, DC, network management)

Network Implementation
1) Project delivery process
2) Risky operation implementation process
3) Engineer service standards

Network Maintenance
1) Use method of network management software
2) Device software upgrade
3) Routine maintenance report

Network Troubleshooting
1) Structured network troubleshooting process
2) Core theories and common methods of network troubleshooting
3) Troubleshooting common network faults

Network Optimization
1) The way to improve network security
2) Network optimization solution

Network Migration
1) Migration operation procedure
2) Common migration scenarios

Note:
The content mentioned in this article is just a general exam guide; the exam may also contain more related content that is not mentioned here.

2.3 Reference
Huawei Certified Network Professional Training Courses — HCNP-R&S: Implementing Enterprise Network Engineering Project (IE-EP)
Huawei Certified Network Professional Training Courses — HCNP-R&S: Guide to Experiments on Implementing Enterprise Network Engineering Project (IE-EP)
VRP Configuration Guide
VRP Troubleshooting
VRP Feature Description

2.4 Recommended Training
HCNP-Routing&Switching-IEEP Training


Posted by at No comments:
Labels: , , ,

Sunday, 25 November 2018

H12-222 HCNP-Routing&Switching-IENP (Huawei Certified Network Professional-Improving Enterprise Network Performance)

H12-222 HCNP-Routing&Switching-IENP (Huawei Certified Network Professional-Improving Enterprise Network Performance)

1. H12-222 HCNP-Routing&Switching-IENP V2.0 Certification Exam
This article introduces the H12-222 HCNP-R&S-IENP exam outline, the other exam outline can be obtained in related training materials or Huawei Online Learning Website: http://support.huawei.com/learning.

2. H12-222 HCNP-Routing&Switching-IENP Exam Outline

2.1 Exam Content
The HCNP-R&S-IENP exam covers MPLS, MPLS VPN, DHCP, VRRP, BFD, Mirroring technologies and Agile Controller, eSight Product Features, IP QoS, Huawei Firewall Technology Basis and SDN, VXLAN, NFV new technologies.

2.2 Knowledge Points

MPLS and MPLS VPN
1) MPLS architecture, LSP setup process
2) MPLS VPN working principles and configuration

DHCP
1) DHCP and DHCP relay principles and configurations
2) Security threats to DHCP and corresponding protection mechanisms

Mirroring
1) Mirroring concepts and configurations

Agile Controller and eSight
1) Agile Controller and eSight product features

IP QoS
1) QoS service models
2) Traffic classification and re-marking
3) Congestion management and congestion avoidance
4) Traffic policing and traffic shaping

Huawei Firewall Technology Basis
1) Huawei firewall products
2) Security zone and security policy
3) NAT: Private network users accessing the Internet, Internet users accessing Intranet servers
4) Attack defense

VRRP
1) VRRP principles and configurations

BFD
1) BFD principles and configurations

SDN, NFV, VXLAN
1) SDN concept and architecture, benefits of SDN
2) Challenges facing data center networks, VXLAN principles and configurations
3) NFV architecture, relationship between NFV and SDN

Note:
The content mentioned in this article is just a general exam guide; the exam may also contain more related content that is not mentioned here.

2.3 Reference
Huawei Certified Network Professional Training Courses—HCNP-R&S: Improving Enterprise Network Performance (IE-NP)
Huawei Certified Network Professional Training Courses—HCNP-R&S: Guide to Experiments on Improving Enterprise Network Performance (IE-NP)
VRP Configuration Guide
VRP Troubleshooting
VRP Feature Description

2.4 Recommended Training
HCNP-Routing&Switching-IENP Training




Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)