H12-891_V1.0-ENU Dumps Questions Increase Your Chance of Success

Category:

Comments:

0 Comments

Post Date:

July 14, 2023

Passing the H12-891_V1.0-ENU certification exam can be challenging, which is why practicing with H12-891_V1.0-ENU questions can greatly increase your chances of success. Huawei H12-891_V1.0-ENU dumps questions help you become familiar with the exam format. The H12-891_V1.0-ENU questions are designed to mimic the actual exam, which means that you'll get a feel for the types of questions you'll encounter, the difficulty level, and the time limit. All the H12-891_V1.0-ENU exam dumps questions are the latest version for you to study. Test free H12-891_V1.0-ENU exam questions below.

Page 1 of 26

1. Which of the following reasons may cause OSPF neighbors to fail to reach the Full state? (Multiple choice)

The OSPF network types at both ends of the link are inconsistent.

The neighbor’s Router ID is the same

The link is working abnormally

The interface OSPF MTU configuration is different

2. A company's headquarters network and branch network are interconnected through the Internet. If you want to use VPN technology to ensure safe and reliable data transmission between headquarters users and branch users, which of the following VPN technologies is the most suitable?

IPsec VPN

SSL VPN

L2TP VPN

MPLS VPN

3. OSPFv3 Link LSA will be propagated throughout the area

True

False

4. For scenarios such as wireless supermarkets and stores, if you want to provide consumers with wireless access while also pushing information such as store activities to consumers, which of the following authentication methods can be used?

802.1X

MAC

Portal

PSK

5. As shown in the figure, R1 is configured. Which of the following descriptions of IS-IS process 1 is correct?

The device type of R1 is Level -1

The device type of R1 is Level1 -1-2

The device type of R1 cannot be determined

The device type of R1 is Level -2

6. Which of the following types of LSAs can carry tag information for external routes?

LSA3

LSA2

LSA4

LSA5

7. /ifm/interfaces/interface is the URL used to identify device management objects in Huawei network equipment OPS (Open Programmability System).

True

False

8. Which of the following description of the LSA age field is correct? (Multiple choice)

The unit of LSA age is seconds. The LS age of LSA in LSDB decreases with time.

If the LS age of an LSA reaches the LS Refresh Time (30min), the originator of the LSA needs to regenerate an instance of the LS

The unit of LSA age is seconds. The LS age of LSA in LSDB increases with time.

If the LS age of an LSA reaches the LS Refresh Time (30min), any router can regenerate an instance of the LSA for this LS:

9. As shown in the figure, the OSPF protocol is enabled on all interfaces of the router, and R4 and R5 can establish OSPF virtual connections.

True

False

10. In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, BGPEVPN carries the Router MAC of the VTEP through the extended community attribute EVPN Router's MAC Ex tended Community when transmitting routes.

True

False

Page 2 of 26

11. When deploying BGP/MPLS IP VPN, when two VPNs have a common site, the common site must not use overlapping address spaces with other sites of the two VPNs.

True

False

12. Traditional campuses mainly use NAC (Network Admission Control) technology combined with VLAN and ACL technology to control users' network access rights. This will cause problems such as heavy maintenance workload.

In which of the following aspects has the business mobility solution integrated with the iMaster NCE Canpus controller improved the policy management and control problems encountered by traditional campuses? (Multiple choice)

Administrators can define business policies based on security groups to decouple business policies from IP addresses.

The policy execution point device in the network can obtain the corresponding relationship between users and IP addresses in the entire network by subscribing to the IP-Group table entry from the controller.

Administrators can centrally manage business policies on network-wide policy execution point devices on the controller.

For each policy execution point device, the administrator needs to configure the business policy multiple times on the controller and automatically deliver it to each execution device.

13. The Network LSA information of a certain router is as shown in the figure. Which items in the following description are correct? (Multiple choice)

The Router ID of this router is 10.0.12.2

The network segment where the router is located is 10.0.12.0/24

This router is a DR

The DR priority of this router is 100

14. All routers in a network enable the SR-MPLS function based on OSPF. By default, when R3 forwards a packet with the destination address 10.0.4.4, its MPLS label is as shown in the figure.

Then the SRCB range of R3 may be which of the following?

36000-65535

100-65535

16100-36100

16000-65530

15. Man-in-the-middle attacks or IP/MAC Stooting attacks can lead to information leakage and other hazards, and are relatively common on intranets.

Which of the following is a configuration approach that can be taken to prevent man-in-the-middle attacks or IP/MAC spoofin attacks?

Configure DHCP Snooping on the switch to associate with DAI or IPSC

Limit the maximum number of MAC addresses that the switch is allowed to learn by port.

Configure Trusted/Untrusted interface

Enable DHCP Snoopine to check the CHADDR field in the DHCP REOUEST message

16. In a small and medium-sized cloud managed campus network scenario based on Huawei Cloud Campus Network Solution, which of the following components provides query services for automatic device online?

Registration inquiry center

WLAN Planner

CloudCampus APP

iMaster NCE-CampusInsight

17. In the small and medium-sized cloud management campus network scenario based on Huawei Cloud Campus Network Solution, which of the following wide-area interconnection methods are supported? (Multiple choice)

Static IPsec

L2TP over IPsec

SSL VPN

SD-WAN interconnection

18. iMaster NCE-Campus Insight uses SNMP technology to collect performance indicators and log data of network devices, and discovers network anomalies based on real business traffic.

True

False

19. Which of the following items are check items that IPSG can set? (Multiple choice)

VLAN ID

MAC address

Outbound interface

IP address

20. When MPLS is deployed in the network and the network layer protocol is IP, the route corresponding to the FEC must exist in the IP routing table of the LSR, otherwise the label forwarding entry of the FEC will not take effect.

True

False

Page 3 of 26

21. Which of the following descriptions of the functions of Ping and Tracert is correct?

Tracert must be able to trace every IP address from source to destination.

Tracert and Ping have the same function, but have different names.

Ping detects bidirectional reachability with the peer through one-way icmp echo request messages

Ping verifies the reachability from this segment to the opposite end, but it does not mean that the opposite end is definitely reachable to this segment.

22. In small and medium-sized campus scenarios, switch stacking and cross-device link aggregation can be deployed to achieve link reliability.

True

False

23. The public key is public and does not need to be kept secret. The private key is held by an individual and is not disclosed or disseminated to the outside world.

True

False

24. Compared with traditional networks, SD-WAN can better ensure application experience. Which of the following is the main reason?

SD-WAN can realize multi-department business isolation based on VRF

SD-WAN can use IPsec technology to implement encrypted packet transmission

SD-WAN can provide different routing strategies and different QoS strategies for different applications.

SD-WAN can build various networking types such as Full Mesh, Hub-Spoke, and Partial Mesh.

25. After configuring the command as shown in the figure on a router, which of the following is the value range of the static SID under the locator?

2001:DB8:ABCD:0000:0000:0001:0000:0000~2001:DB8:ABCD:0000:FFFF:FFFF:0000:0000

2001:DB8:ABCD:0000:0000:0000:0000:0000~2001:DB8:ABCD:0000:0000:0000:FFFF:FFFF

2001:DB8:ABCD:0000:0000:0000:0000:0001~2001:DB8:ABCD:0000:0000:0000:FFFF:FFFF

2001:DB8:ABCD:0000:0000:0001:0000:0000~2001:DB8:ABCD:0000:FFFF:FFFF:FFFF:FFFF

26. During the implementation of WI-FI-based location services in iMaster NCE-Campus, terminal data is reported to the location service platform through HTTP requests.

Which of the following data formats does this HTTP request use?

XML

HTML

YAML

JSON

27. VXLAN uses VNI to distinguish tenants. A tenant can have one or more VNIs. The VNI length is 24 bits, so VXLAN supports up to 12 M tenants.

True

False

28. Which of the following descriptions about SR MPLS BE and SR-MPLS TE is correct?

SR-MPLS TE supports creating tunnels by specifying both Node SID and Adjacency SI

Both SR-MPLS BE and SR-MPLS TE support creating tunnels by specifying the Adjacency SI

When creating SR-MPLS BE, you can specify the necessary routers

SR-MPLS BE supports tunnel creation by specifying both Node SID and Adjacency SI

29. SSH connections are usually established on TCP/IP connections, and in rare cases they can be established on UDP connections.

True

False

30. Which of the following descriptions about configuring roaming groups is wrong?

The Master Controller manages each AC through the CAPWAP tunnel.

Member ACs need to designate an AC as their Master Controller.

Master Controller is a logical role that can be assumed by any ordinary entity AC

After the Master Controller function is enabled, the AC joins the roaming group by default and can manage other ACs.

Page 4 of 26

31. An interface has the following configuration: isitimerhello5level-2. Which of the following descriptions is correct?

The CSNP packet sending interval for Level-2 on this interface is 5s.

The hello packet sending interval for Level- on this interface is 5s.

The hello packet sending interval for Level -2 of this interface is 5s.

The hello packet sending interval for Level-1 and Level-2 of this interface is both 5s.

32. When configuring IPsec tunnels on Huawei AR series routers, you must create an IPsec tunnel interface, otherwise user data cannot be encrypted.

True

False

33. In Huawei Cloud Campus Network Solution, which of the following deployment methods are supported by Huawei switches? (Multiple choice)

Command Line Interface (CLI)

WEB interface

Based on Huawei Registration Query Center

Based on DHCP Option148

34. In Huawei's SD-WAN solution, when the CPE is located on the private network behind the NAT device, especially when the CPEs of two sites are located on the private network behind the NAT device at the same time, NAT traversal technology needs to be used between the CPEs.

Which of the following technologies is used in Huawei's SD-WAN solution to help achieve NAT traversal between CPEs?

NAT ALG

NAT server

IPsec VPN

STUN

35. What are the following problems with QoS based on the DifServ model? (Multiple choice)

There are few queues, it is impossible to provide SLA guarantee for specific users, and it is impossible to provide deterministic delay guarantee.

Unable to provide users with independent physical resources

It is only a single-hop behavior and does not change the network topology.

Without changing the business behavior, if the burst traffic of a single flow is too large, there will still be congestion.

36. As shown in the figure, the stateful inspection firewall will forward the packet because the packet conforms to the firewall session state.

True

False

37. In the virtualized campus network scenario deployed through iMaster NCE-Campus, which of the following descriptions about configuring network service resources is correct?

Network service resources include DHCP server, RADIUS server, Portal server, and other servers, etc.

The Internet address in the network service resource must belong to the "Interconnect IP" in the "Underlay Automation Resource Pool"

Configuring network service resources means configuring Fabric’s global resource pool.

If the scenario is selected as "Directly connected switch", it means that the Border will add the interconnection port to the interconnection VLAN without a label.

38. Which of the following extended community attributes does BGPEVPN use to advertise the migration of connected VMs?

MAC Mobility

EVPN Router's MAC Extended Community

39. According to different implementation levels, wide area VPN can be divided into L2VPN and L3VPN. Which of the following descriptions of wide-area VPNs is wrong?

Traditional L3VPN uses VPN instances to isolate services and uses BGP VPNv4/v6 to transmit routes.

EVPN supports L2VPN and L3VPN control plane

On Huawei equipment, EVPN uses different address families for L2VPN and L3VPN services.

Traditional L2VPN mainly includes VPLS and VWS, and virtual links can be established using LDP or BG

40. In the small and medium-sized cloud management campus network scenario based on Huawei Cloud Campus Network Solution, which of the following components does the cloud management platform not include?

iMaster NCE-Campus

WLAN Planner

iMaster NCE-Campus Insight

Registration inquiry center

Page 5 of 26

41. Which of the following descriptions of the MPLS forwarding mechanism are correct? (Multiple choice)

If the Tunnel ID value is 0x0, enter the MPLS forwarding process.

If the Tunnel ID value is not 0x0, enter the normal IP forwarding process.

The system automatically assigns an ID to the upper-layer application that uses the tunnel, also called Tunnel I

When an IP packet enters the MPLS domain, the first thing to check is the FIB table.

42. In a scenario where a VXLAN tunnel is dynamically established through BGP EVPN, when a BGP EVPN route is transmitted between VTEPs, the BGP EVPN route will be discarded only when the RT value carried by the route is different from the EVPN IRT and IP VPN IRT.

True

False

43. When using Huawei IMaster NCE-IP to configure an SRMPLSTE tunnel, which of the following protocols does the controller use to deliver the tunnel configuration message to the network device?

BGP-LS

PCEP

NETCONF

IS-IS

44. In a firewall dual-machine hot backup scenario, which of the following types of packets require security policy configuration?

Configuration and table entry backup messages

Free ARP message

Heartbeat link detection message

DHCP message

45. In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, in order for the VTEP peer to generate BGP EVPN Type2 routes based on local terminal ARP information, which of the following commands needs to be enabled on the VBDIF interface?

arp collect host enable

arp-proxy enable

mac-address xxxx-xxxx-xxxx

arp distribute-gateway enable

46. IP Source Guard (IPSG) is a source IP address filtering technology based on Layer 3 interfaces. It can prevent malicious hosts from forging the IP addresses of legitimate hosts to impersonate legitimate hosts, and also ensures that unauthorized hosts cannot Access the network or attack the network by specifying your own IP address.

True

False

47. Which of the following descriptions of VXLAN packet format are correct? (Multiple choice)

The destination port number in the UDP header is 4789

The VNI field length is 24 bits

The source and destination IPs of the outer encapsulation are the IP addresses of the source and destination VTEPs respectively.

The source port number of the UDP header is 4789

48. iMaster NCE-Campus Insight southbound interface realizes the connection between Campus Insight and the device, and completes the management function of Campus Insight on the device.

Which of the following is not included in the southbound interface types supported by Campus Insight?

NETCONF

HTTP/2+ProtoBuf

Syslog

SNMP

49. Which of the following certification procedures is correct? (Multiple choice)

Before certification

Failure to pass certification or fail safety inspection

Passed certification

50. Which of the following descriptions of the label encapsulation format in MPLS are correct? (Multiple choice)

The total length of a single MPLS label is 4 bytes

The TIL field in the label has a similar meaning to the TTL (Time To Live) in the IP packet, and also has the function of preventing loops.

The length of the S field in the label is 1 bit, which is used to identify whether the label is the bottom label of the stack. When the value is 1, it indicates that it is the penultimate layer label.

For Ethernet and PP packets, the label stack is like a "cushion", located between the Layer 2 header and the data; when there is a VLAN tag, the MPLS header is placed between the Ethernet header and the VLAN tag.

Page 6 of 26

51. In VXLAN implementation, which of the following is the mapping relationship between VNI and BD?

N:M

1:N

N:1

1:1

52. In the design of small and medium-sized campus networks, when branches need to communicate with each other and the number of branches is large (more than a hundred), which of the following interconnection networking models is recommended?

Full-Mesh (full interconnection) networking

Hub-Spoke networking

Partial-Mesh (partial interconnection) networking

Direct networking

53. In the small and medium-sized campus scenario of Huawei Cloud Campus Network Solution, the AR device serves as the egress gateway and supports Web network management, registration center query, and DHCP Option 148 deployment. It does not support CLI deployment and online deployment.

True

False

54. HTTP/2 is a low-latency Internet transport layer protocol based on UDP.

True

False

55. As shown in the figure, R1, R2, and R3 enable SR-MPLS. The SRGB of R3 is 20000-21000, and the prefix-sid index configured under the Loopback1 interface of R3 is 30. At this time, the Loopback1 interface of R3 The corresponding MPLS label is ().

56. When troubleshooting MSTP, the network administrator executed the display current-configuration command to obtain the configuration file of the device. Which of the following description of troubleshooting ideas is wrong?

Whether the MSTP port connected to the user terminal device is disabled or configured as an edge port

Check whether the device port is added to the correct VLAN

Regardless of whether BPDU Tunnel is configured on the device, it will not affect ST

Check the port configuration and confirm whether the protocol packet sending command is enabled on the STP-enabled port, such as bpdu enable

57. Which of the following algorithms is a data encryption algorithm?

MD5

SHA1

DES

SHA-256

58. Which technology does not support SR-MPLS?

IS-IS

LDP

OSPF

BGP

59. Please match the following BGP attribute names with the attribute categories to which they belong.

60. In a virtualized campus network scenario based on Huawei Cloud Campus Network Solution, which of the following methods of interconnection with external networks does Fabric support? (Multiple choice)

Three-tier exclusive export method

Exclusive export method on the second floor

Layer 2 shared exit method

Three-layer shared exit method

Page 7 of 26

61. In Business Mobile, if the authentication point device and the policy enforcement point device belong to the same device, you need to subscribe to the IP-Group entry to view the user IP-Group information. () single choice

True

False

62. Compared with the OSPFv2 message header, which of the following is an added field in the OSPFv3 message header?

Instance ID

Link ID

IPv6 Auth Type

IPv6 Router ID

63. IGMPv3 not only supports the general group query of the IGMPv1 version and the specific group query of the IGMPv2 version, but also supports the specified source/group query of the IGMPv3 version.

True

False

64. Which of the following is the Layer 3 logical interface used to implement different VXLAN virtual network communications on the VXLAN L3 Gateway?

VBDIF interface

NVE interface

VLANIF interface

Layer 2 sub-interface

65. Which of the following is not a principle that needs to be followed when designing an SR-MPLS Policy tunnel?

Consider possible network expansion in the future

The traffic volume of a single tunnel should not be too large to facilitate the progress of bandwidth optimization.

Business traffic is associated with tunnels to achieve a certain degree of path visibility.

Increase the number of tunnels as much as possible. The greater the number of tunnels, the more refined the isolation of services and the guarantee of service quality.

66. Which of the following BGP attributes must not be included in the Update message of BGP routing? (Multiple choice)

Local-Preference

AS_PATH

MED

Origin

67. In MPLS VPN, in order to distinguish IPv4 prefixes using the same address space, the RD value is added to the IPv4 address. Which of the following descriptions of RD is correct? (Multiple choice)

RD can be used to control the release of VPN routing information

RD is encapsulated in the Update message as an extended community attribute of BGP during the delivery process.

After the PE receives the IPv4 route from the CE, it adds RD to the IPv4 route, converts it into a globally unique VPN-IPv4 route, and publishes it on the public network.

On the PE device, each VPN instance corresponds to an RD value. On the same PE device, the RD value must be unique.

68. DHCP Snooping is a DHCP security feature that can be used to defend against a variety of attacks.

Regarding the types of attacks that DHCP Snooping can defend against, which of the following items are correct? (Multiple choice)

Defense against starvation attacks that change the CHADDR value

Defense against DHCP counterfeit attacks

Defense against TCP flag attacks

Defense against man-in-the-middle attacks and IP/MAC spoofing attacks

69. Assume that there are 5 Segment IDs in the SRH of an SRv6 message. When the message reaches the third End Point node, which of the following values does the SL field in the SRH take?

70. What you use the "display current-configuration" command to view is the configuration running in the memory.

True

False

Page 8 of 26

71. Assume that there are 5 Segment IDs in the SRH of an SRv6 message. When the message reaches the third router on the forwarding path, the node will set the Segment ID numbered as which of the following to the IPv6 destination address?

Unable to determine

72. The SSH connection protocol multiplexes encrypted session connections into several logical channels. What types of logical channels can be created based on an SSH session connection? (Multiple choice)

SFTP channel

Session channel

X11 channel

TCP/IP forwarding channel

73. The LSA header of the OSPP protocol contains multiple fields, among which the link state type (Link State Type), link state ID (Link State ID), and advertising router (Adv Router) triples uniquely identify a LSA.

True

False

74. In the firewall dual-machine hot standby scenario, the business interface needs to be added to the security zone, and the heartbeat interface does not need to be added to the security zone.

True

False

75. As shown in the figure, when PE1 receives an ARP request, PE1 will forward the RARP request to PE4, carrying two layers of label information. The tag value 201 is filled in by EVPN Type ().

76. Filterpolicy2000export is configured in the IS-IS process. Which statement is wrong about the function of this command?

It will restrict the routing entries generated by the device itself from being published externally.

This command will filter the link status information released to the outside world.

It needs to be used in combination with route import, which is used to publish only part of the imported external routes to neighbors.

If this command is not configured, the device will advertise all routes imported by external routing protocols to IS-IS to the outside world by default.

77. Huawei Cloud Campus Network Solution has a variety of application scenarios. iMaster NCE-Campus provides corresponding API interfaces for these application scenarios. Please match the following application scenarios with the open API interfaces of iMaster NCE-Campus.

78. Channelized sub-interface or FlexE technology can be used to implement network slicing, but the application scenarios of these two technologies are slightly different.

Which of the following descriptions of these two technologies are correct? (Multiple choice)

When the network spans OTN devices, only network slicing based on FlexE technology can be deployed.

It is recommended to use channelized interface technology for resource reservation for interfaces below 50GE

It is recommended to use F1exE technology for resource reservation for 50GE and above interfaces in the network.

When spanning MSTP devices in a network, only network slicing based on channelized sub-interfaces can be deployed

79. The output information of a certain router is as shown in the figure. Which item is wrong in the following description?

This tunnel is a GRE tunnel

This tunnel enables key sub-checking function

The tunnel has the Keeplieve check function enabled.

The destination address of the tunnel is 10.0.3.3

80. A certain campus deployed both IPv4 and IPv6 networks for business testing, and ran IS-IS to realize network interconnection. The IS-IS routing protocol has good scalability and is widely used in existing networks.

Which of the following descriptions of IS-IS scalability are correct? (Multiple choice)

NLPID is a new TLV added by IS-IS to support IPv6

IS-IS uses TLV structure to construct messages, making IS-IS more flexible and scalable

In order to support IPv6, IS-IS needs to add a new TLV to carry IPv6 address information.

For IS-IS, adding new features only requires adding a new TL

Page 9 of 26

81. In a virtualized campus network scenario, all devices in the VXLAN domain must support VXLAN features.

True

False

82. In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, compared to the host ARP advertisement, when the BGP EVPN Type2 route functions as a host IP route advertisement, which of the following information will be carried more?

MAC Address

L3 VNI

IP Address

L2 VNI

83. Which of the following description of ABR in OSPF is wrong?

ABR converts Type 1, Type 2 LSA, and Type 3 LSA in the backbone area into Type 3 LSA, and publishes them to the connected non-backbone area.

ABR converts Type 1 and Type 2 LSAs in the connected non-backbone area into Type 3 LSAs and publishes them to the backbone area.

There are multiple LSDBs on ABR, and ABR maintains one LSDB for each area.

ABR cannot generate Type 3, Type 4, and Type 5 LSAs

84. In the virtualized campus network scenario deployed through iMaster NCE-Campus, which of the following descriptions of "site" is wrong?

Tenants configure and manage lower-layer devices based on the site

iMaster NCE-Campus supports a single creation site

iMaster NCE-Campus does not support batch creation of sites

A site is a tenant network created by the tenant administrator

85. Which of the following descriptions about traffic shaping are correct? (Multiple choice)

Traffic shaping can only be used in the outbound direction.

Traffic shaping can only be used in the inbound direction.

Traffic shaping will cache excess traffic.

Traffic shaping will discard excess traffic.

86. The figure shows an enterprise 's wide-area bearer network. Please plan appropriate Metric values for the four links in the figure.

87. SRv6 Policy can be statically configured on the device, or dynamically generated by the controller and then passed to the device.

True

False

88. During the implementation of Wi-Fi-based location services in iMaster NCE-Campus, terminal data is reported to the location service platform through HTTP requests. Which of the following HTTP methods does this HTTP request use?

PUT

POST

GET

DELETE

89. The output information of a certain router is as shown in the figure. Which items in the following description are correct? (Multiple choice)

The tunnel’s interface IP address is 20.1.1.2/24

The destination IP address of the tunnel is 10.0.1.1

The MTU of the tunnel interface is 1500 Byte

The source IP address of the tunnel is 10.0.1.1

90. Which of the following descriptions of the HTTP protocol is wrong?

The format of the version field in the starting line of the HTTP request message is: HTTP/.

HTTP status code is a three-digit decimal code

The method field in the starting line of the HTTP request message can be "GET", "POST" or "CREATE"

The body part of some HTTP request messages can be empty

Page 10 of 26

91. NVE is a network entity that implements network virtualization functions and can only be hardware switches.

True

False

92. During the SSH user authentication phase, if the client sends an authentication request carrying a digital signature, the server will try to decrypt the digital signature for authentication. Among them, SSH digital signature is encrypted with ().

93. Which of the following descriptions of MPLS header TTL are correct? (Multiple choice)

Can prevent infinite loop forwarding of messages

When copying TTL is disabled, Tracert can see the LSR of the passing MPLS domain.

MPLS has two ways to process TT

One is to copy the IP TTL value in the MPLS header when the IP packet enters the MPLS network; the other is to uniformly set the TTL in the MPLS header to 255 at the ingress LE

The processing method of copying the IP TTL value hides the LSR of the MPLS domain, which plays a certain security role.

94. NQA is a real-time network performance detection and statistics technology. NQA does not support statistics on which of the following network information?

Link MTU

Network jitter

Packet loss rate

Response time

95. As shown in the figure, there are the following configurations under BGP. Which of the following descriptions are wrong? (Multiple choice)

Timer takes the minimum value, so the final result is that the timer value of peer 1.1.1.2 takes keepalive 10 hold 30

Peer configuration takes priority, so the final result is that the timer value of peer 1.1.1.2 is keepalive 10 hold 30

Global configuration takes precedence, so the final result is that the timer value of peer 1.1.1.2 is keepalive 30 hold 90

The default configuration is timer keepalive 60 hold 180, so peer 1.1.1.2 can detect peer connection failures faster than the default value.

96. Which of the following is an LSA that floods the entire autonomous system in OSPFv3?

Inter-Area-Prefix-LSA

AS-external-LSA

Link-LSA

Intra-Area-Prefix-LSA

97. In the virtualized campus network scenario deployed through iMaster NCE Campus, if the "automatic configuration of routing domain" function is enabled on the controller, the physical network device will automatically deliver static routes to enable network interoperability.

True

False

98. Which of the following is not a core role in business travel?

Policy control point device

iMaster NCE Campus Controller

Policy enforcement point device

Authentication point equipment

99. Network access authentication can be deployed at different levels of the network according to actual needs. Compared with deploying authentication at the aggregation layer or core layer of the network, deploying authentication at the access layer is more conducive to achieving fine-grained management of permissions and high network efficiency safety.

True

False

100. In the small and medium-sized cloud management campus network scenario based on Huawei Cloud Campus Network Solution, when using static IPsec VPN for wide-area interconnection, the egress device can choose AP, router, ().

Page 11 of 26

101. As shown in the figure, the OSPF protocol is enabled on all interfaces of the router. Which of the following descriptions is correct?

The Type5 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32

The Type1 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32

The Type2 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/24

The Type3 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32

102. Telemetry technology supports specific sampling sensor paths to collect specified data information. What sampling paths does Telemetry currently support? (Multiple choice)

CPU information

Memory information

Interface statistics

Optical module information on the interface

103. As shown in the figure, R1 and R4 establish a GRE tunnel to transmit data sent from PC1 to PC2. The TTL of the packets sent from the GE0/0/1 interface of R1 is 126, and the TTL of the packets sent from the GE0/0/3 interface of R3 is 126. Which of the following is the TTL carried when sending?

124

127

125

126

104. Network tuning calculation means selecting the appropriate tuning purpose, applying the corresponding algorithm, and calculating the optimization path globally or locally.

Which of the following constraints can the controller take when calculating paths? (Multiple choice)

Explicit path

Hop count

Priority

Bandwidth

105. There are various services in the wide area bearer network of an enterprise. If you want to ensure the forwarding and processing of protocol packets when network congestion occurs, the priority of protocol packets should be set to which of the following?

CS6/CS7

AF4

106. Which of the following descriptions about BGP/MPLS IP VPN data forwarding is wrong?

The data sent from PE to CE is IPv4 message.

The inner label during data forwarding is allocated by MP-BGP

When data is transmitted through the BGP/MPLS IP VPN backbone network, it always carries two layers of labels.

The outer label during data forwarding can be assigned by LDP

107. Which of the following are included in the deployment method of iMaster NCE-Campus Insight? (Multiple choice)

Local CloudCampus deployment

Local independent deployment

Huawei public cloud CloudCampus deployment

MSP self-built cloud CloudCampus deployment

108. Which of the following descriptions about Prefix Segment is wrong?

The Prefix Segment is spread to other network elements through the IGP protocol and is globally unique.

Prefix Segment is identified by Prefix Segment ID (SID)

On Huawei equipment, Prefix Segment ID supports manual configuration and automatic protocol configuration.

Prefix Segment is used to identify a certain destination address prefix in the network

109. The IS-IS Level-1 neighbor between R3 and R4 is not established.

Based on the information in this image, which of the following is a possible cause?

IIH certification of R3 and R1 failed

The interconnection interface circuit-type of R3 and R4 does not match

The IS-Levels of R3 and R4 do not match

The area codes of R3 and R4 are different

110. Regarding the description of MAC address spoofing attack, which of the following statements is correct?

A MAC address spoofing attack will cause the data that the switch intends to send to the correct destination to be sent to the attacker.

An attacker can implement a MAC address spoofing attack by sending forged source Mac address data frames to the switch.

MAC address spoofing attacks mainly utilize the switch’s Mac address learning mechanism.

MAC address spoofing attacks will cause the switch to learn the wrong mapping relationship between Mac addresses and IP addresses.

Page 12 of 26

111. XML is the encoding format of the NETCONF protocol. NETCONF uses text files to represent complex hierarchical data.

For the following XML file, which items are described correctly? (Multiple choice)

/: indicates the end of the current tag

?>: Indicates the end of an instruction

encoding: Indicates the character set encoding format, currently only supports UTF-8 encoding

112. Please judge based on the information given in the picture, which of the following descriptions are correct? (Multiple choice)

R1 only has level-2 link status information.

The system ID of R1 is ee8c.a0c2.baf1

R1 has both level-1 and 1eve1-2 link status information

There are a total of 8 routers in the Level1-2 network

113. When using Huawei iMaster NCE-IP to configure an SR-MPLSTE tunnel, which of the following protocols does the controller use to collect information such as device running status?

BGP-LS

Telnet

IS-IS

Telemetry

114. iMaster NCE-Campus has certain regulatory restrictions on the RESTful API. If the client uses a GET request to call the RESTful interface to obtain site information on iMaster NCE-Campus, which of the following fields should be included in the request header?

ACCESS-TOKEN

X-ACCEPT-TOKEN

ACCEPT-TOKEN

X-ACCESS-TOKEN

115. There are three different roles in strategic linkage. Which of the following is not a role defined in strategic linkage?

Authentication execution point

Authentication Control Point

Policy execution point

Terminal

116. Traditional BGP-4 can only manage IPv4 unicast routing information. MP-BGP has extended BGP-4 in order to provide support for multiple network layer protocols. Among them, MP-BGP supports IPV6 unicast network features. For BGP4+, BGP4+ carries routing next hop address information through the Next_Hop attribute.

True

False

117. The Router LSA information of a certain router is as shown in the figure. Which item is wrong in the following description?

This router has established an adjacency relationship

This router is a DR

The Router ID of this router is 10.0.12.1

This router supports the introduction of external routes

118. Segment Routing SR (Segment Routing) is a technical architecture designed to forward data packets on the network based on the source routing concept, while Segment Routing MPLS refers to SR based on MPLS forwarding, referred to as SR-MPLS.

True

False

119. QoS based on the DiffServ model has four major components: traffic classification and marking, traffic policing and shaping, congestion management and ().

120. To ensure security, authentication can be configured in the OSPFv3 process area view.

True

False

Page 13 of 26

121. Which of the following descriptions about the MPLS L3 VPN cross-domain solution are correct? (Multiple choice)

In the cross-domain Option C solution, two layers of MPLS labels are carried when forwarding user data between ASBRs.

In the cross-domain Option A solution, the interfaces interconnecting ASBRs must be MPLS capable.

In the cross-domain Option C solution, VPNV4 routes can be directly transmitted between PEs in different ASs.

In the cross-domain Option B solution, ASBR does not need to bind interfaces to each VPN instance.

122. As shown in the figure, VTEP1 has enabled the arp distribute-gateway enable command in VBDIF20. Which of the following ARP entries exist on the VTEP1 ARP table?

Entries regarding 10.0.2.1

Entries regarding 10.0.2.4

Items regarding 10.0.2.3

Regarding 10.0.2.2 and

123. SRv6 (SegmentRoutingIPv6) is a technical architecture designed to forward data packets on IPv6 networks based on the source routing concept. Which of the following descriptions is correct?

Some routers on the SRv6 packet forwarding path directly forward packets based on IPv6 basic packet headers without parsing SR

The destination address field of the SRv6 message will not change during the forwarding process.

Each router on the SRv6 message forwarding path will modify the destination address field of the message.

The value of the offset pointer in SRH is the same as the number of labels in the currently existing IPv6 label stack.

124. In Huawei's SD-WAN solution, which of the following are the application optimization functions? (Multiple choice)

QoS

Intelligent routing

Application identification

Wide area optimization

125. In the virtualized campus network scenario deployed through iMaster NCE-Campus, when deploying Fabric access management, which of the following switch access port connection types are defined? (Multiple choice)

Fabric extension router

Terminal

Fabric expansion access switch

Fabric extension AP

126. In the firewall dual-machine hot backup scenario, each firewall has a VGMP group. By default, the VGIMP group is in which of the following working states?

Active

Initialize

Load Balance

Standby

127. In Huawei's SD-WAN solution, if the RR is deployed behind a NAT device, which of the following features needs to be deployed on the NAT device?

1:1 static NAT

NAT Server

NAT ALG

NAT444

128. Which of the following descriptions of operators reselling SD-WAN scenarios are correct? (Multiple choice)

Enterprises can realize the connection between SD-WAN network and traditional operator backbone network through SD-WAN G

Operators provide unified SD-WAN controllers to provide SD-WAN services for multiple enterprises

Enterprises can act as tenants and rent SD-WAN services provided by operators. Enterprise tenants can control the SD-WAN services of all sites within the enterprise, but cannot see the SD-WAN services of other tenants.

Enterprises can manage and control their own SD-WAN business through the tenant rights assigned by the operator, or they can host it to the operator, who will manage and control the enterprise's SD-WAN business.

129. Which of the following aspects are mainly considered in cutover risk assessment? (Multiple choice)

Losses caused by risks

Location of key risk points

Scope of risk impact

Time of risk impact

130. The workflow of network access control is as shown in the figure. Please match the steps with the sequence numbers one by one.

Page 14 of 26

131. SRLB is a user-specified set of local labels reserved for SR MPLS. These labels are configured locally and are only valid locally, so they will not be published externally through IGP.

True

False

132. Session-based stateful inspection firewalls have different processing procedures for the first packet and subsequent packets. Which of the following description is correct? (Multiple choice)

When the packet reaches the firewall, it will search the session table. If it matches, the firewall will execute the subsequent packet processing process.

When the status inspection mechanism is turned on, subsequent packages also need to be checked for security policies.

When the state inspection mechanism is turned on, when the firewall processes TCP packets, only SYN packets can establish a session.

When the packet reaches the firewall, it will search the session table. If there is no match, the firewall will execute the first packet processing process.

133. HTTP protocol message consists of three parts: starting line, header field, and body.

True

False

134. EVPN supports access to user networks through multiple service modes. Please match the service mode with applicable scenarios.

135. VPDN refers to a virtual private network built on a public network. Which of the following belongs to VPDN?

VPLS

IPsec

L2TP

GRE VPN

136. The destination address of which PIM packets is a unicast address? (Multiple choice)

Graft

Assert

Bootstrap

137. Which of the following descriptions of the advantages of SR-MPLS are correct? (Multiple choice)

SR-MPLS simplifies the control plane of MPLS networks

SR-MPLS provides efficient TI-LFA FRR protection to achieve rapid recovery from path failures.

SR-MPLS supports both traditional networks and SDN networks, is compatible with existing equipment, and ensures smooth evolution of existing networks to SDN networks.

SR-MPLS intermediate nodes do not need to maintain path information, and there is less pressure on the device control layer.

138. Which of the description of LSA is correct?

The combination of LS type, LS sequence number and Advertising Router jointly identifies an LS

The combination of LS type, Link State ID and Advertising Router jointly identifies an LS

The combination of LS type, Link State ID and LS sequence number jointly identifies an LS

The combination of LS sequence number, Link State ID and Advertising Router jointly identifies an LS

139. Engineers often log in to the device remotely to check the device status. Now the engineer hopes to implement automatic remote login through Python scripts. You can use the Python Paramiko library and telnetlib library to achieve the above requirements. Using telnetlib to achieve remote login is more secure.

True

False

140. If public key authentication is used during the SSH user authentication phase, the public key needs to be passed to the server in advance.

True

False

Page 15 of 26

141. In the MPLS network, LSRs running the LDP protocol exchange LDP messages to implement functions such as neighbor discovery, session establishment and maintenance, and label management. In order to ensure the reliability of message delivery, all LDP messages must be sent and received based on TCP connections.

True

False

142. Based on the configuration information as shown in the figure, it can be inferred how many interfaces on R4 are advertised into ISIS?

143. Please judge based on the information given in the picture, which of the following descriptions are correct? (Multiple choice)

The device with system-ID ee8c.a0c2.baf2 has a type of Level-1

R4 only belongs to Level1-1

R4 only belongs to Level1-2

The device with system-ID ee8c.a0c2.baf2 and its type is Level-1-2

144. An engineer used two routers to conduct IPv6 testing. He wanted to realize the interconnection of IPv6 networks by running OSPFv3.

Regarding the following OSPFv3 related configurations that need to be performed on R1, which ones are correct? (Multiple choice)

[R1] router id 10. 1. 1.1

[R1-ospfv3-1-area-0.0.0.0] network 2001: DB8:2345:12::1::

[R1-ospfv3-1] router -id 10.1.1.1

[R1-GigabitEthernet0/0/1] ospfv3 1 area 0

145. The Segment in SR-MPLS is the instruction that the node should execute for the received data packet. Please match the Segment type and function.

146. The IPsec SA (Security Association) triplet does not include which of the following parameters?

Security protocol number (AH or ESP)

Destination IP address

Security Parameter Index SPI (Security Parameter Index)

Source IP address

147. As shown in the figure, R1, R2, R4, and R4 are in the same MPLS domain, and LDP is used to distribute MPLS labels between devices. R4 is the egress LSR of the FEC 4.4.4.0/24. If you want to realize that when R1 accesses 4.4.4.0/24, R4 does not need to query the label table but can understand the forwarding priority of the data, then R3’s outgoing label for the FEC is ()

148. RR plays a very important role in Huawei's SD-WAN solution. Therefore, the deployment methods of RR are different in different scenarios. Which of the following deployment methods do RR have? (Multiple choice)

RR is deployed together with the site

RR partially deployed independently

RR independent deployment

RR multi-region deployment

149. In the data header, which of the following fields cannot be used for simple flow classification?

Protocol

802.1P

EXP

DSCP

150. In the small and medium-sized cloud management campus network scenario based on Huawei Cloud Campus Network Solution, which of the following devices can be used as Portal authentication point devices? (Multiple choice)

Page 16 of 26

151. The engineer wanted to log in to Huawei equipment remotely. When writing the SSH Python script, he used the Paramiko library to write the following code: cli.ssh.invoke_shell() cli.send('screen-length 0 temporaryn') where screen-length 0. Which of the following is the function of temporary?

Cancel automatic line wrapping

Cancel split-screen display

Perform split-screen display

Perform automatic line wrapping

152. Traffic shaping technology will temporarily cache data that exceeds the forwarding threshold. For data in the cache, congestion management technology can be used to discard data packets from the cache queue in advance to prevent the cache queue from being filled.

True

False

153. Which of the following descriptions about DHCP Snooping is wrong?

If the DHCP Snooping function is enabled in the interface view, all DHCP message command functions under the interface will take effect.

DHCP Snooping can prevent illegal attacks by setting trusted ports

Enable DHCP Snooping globally. Without any post-parameters, the device only processes DHCPv4 messages by default.

If the DHCP Snooping function is enabled in the VLAN view, the command function will take effect on the DHCP messages belonging to the VLAN received by all interfaces of the device.

154. According to the information given in the picture, which of the following descriptions are correct? (Multiple choice)

R1 needs to go through a 2-hop router to access 172.16.1.4

R1 has 4 equal paths to access 172.16.1.4

R1 needs to go through a 4-hop router to access 172.16.1.4

There are two equal paths for R1 to access 172.16.1.4

155. Which of the following descriptions of 6PE and 6VPE is correct?

In 6PE networking mode, the IPv6 address on the CE side can be reused.

In 6VPE networking mode, PE does not need to create a VPN instance

In 6VPE networking mode, the IPv6 address on the CE side can be reused.

In 6PE networking mode, PE needs to create a VPN instance

156. iMaster NCE-Campus imposes certain restrictions on the headers of the RESTful interface. When the client calls the RESTfu interface to send a TP" request message to iMaster NCB-Campus, which of the following parameters do the headers mainly include? (Multiple choice)

X-ACCESS-TOKEN: Token information

Accept-Language: The language type acceptable to the client defaults to en-US

Content-Type: Contains the "mime-type" of the document. The browser will use this parameter to decide how to parse the document.

Accept: Indicates the MIME types acceptable to the browser. The browser will decide which parameter format to accept based on this parameter

157. In Huawei Cloud Campus Network Solution, which of the following online methods does the AP support? (Multiple choice)

Web network management method

Command line mode

CloudCampus APP method

Registration center query method

158. Simple traffic classification supports setting the internal priority of packets based on what information carried in the packets? (Multiple choice)

MPLS EXP

DSCP

Source or destination IP address

Traffic Class

159. As shown in the figure, 802.1X authentication is deployed on GE0/0/1 of Sw2. Which items in the following description are correct? (Multiple choice)

When using interface-based access control, assuming that 802.1X client A is successfully authenticated, 802.1X client B can use network resources without authentication.

Assume that SW2 adopts interface-based access control and 802.1X client A passes the authentication first. If 802.1N client A goes offline first, 802.1x client B will lose the corresponding network access rights.

When using the MAC address-based access control method, both 802.1.x authentication client A and 802.1X authentication client B need to be authenticated separately to obtain the corresponding network access rights.

Assume that SW2 adopts the MAC-based access control method and 802.1N client A passes the authentication first. If 802.1x client A goes offline first, since the port status does not change, 802.1X client B will Continue to retain appropriate network access rights

160. In order to ensure the reliability of Huawei iMasterNCE-WAN controller, active and backup controllers can be deployed.

In order to ensure access to the active and backup controllers, some IP addresses need to be configured to the same IP. Which of the following addresses need to be set to the same IP? (Multiple choice)

Controller southbound public network address

Northbound address

Controller internal interconnection address

Southbound private address

Page 17 of 26

161. The Python Paramiko library implements the SSH protocol. In the Python Paramiko module, which of the following methods can open an SSH interactive session?

invoke_shell()

Transport()

from_transport()

connect()

162. If the K bit in the GRE message header is 1, GRE will insert a four-byte long "keyword" field in the header, and the sender and receiver will authenticate based on the GRE keyword.

True

False

163. In the virtualized campus network scenario deployed through iMaster NCE Campus, we need to complete the management and deployment of a virtualized campus network through the following steps. Please sequence the following steps.

164. The node role of SRv6 is related to the tasks it undertakes in SRv6 message forwarding. The SRv6 source node performs the Push action, the Transit node performs the Swap action, and the Endpoint node performs the Pop action. ()

True

False

165. iMaster NCE-Campus: Which of the following is the default port number of the northbound open API?

18000

18008

18006

18002

166. When the client calls the iMaster NCE-Campus login authentication RESTful interface, the method used is POST, and the request message body format is <”username”:”xxx”, ”password”: ”xxx”>.

True

False

167. Regarding the following meaning of the display current-configuration | include vlan command, which one is correct?

View all configurations containing the "VLAN" keyword

Check the IP address of the VLANIF interface

View the physical interface information bound to each VLAN

Check which VLANs are currently created

168. If you want to view files under Flash, which of the following commands should be used?

display patch-information

dir sd1:

dir flash:

dir sd0:

169. Both SNMP and NETCONF can be used to manage network devices. Which of the following descriptions of these two protocols is correct?

Both protocols manage different objects through MIBs on network devices.

When you need to manage Huawei switches through SNMP, the SNMP parameters of each switch must be manually configured by default.

When you need to manage Huawei switches through NETCONF, the NETCONF parameters of each switch must be manually configured by default.

Both protocols adopt the Client/Server architecture, with NMS as the server and the managed network device as the client.

170. IS- IS supports multiple instances and multiple processes. Which of the following descriptions of IS-IS multi-instance and multi-process are correct? (Multiple choice)

1 IS-IS process can be associated with multiple different VPN instances

One IS-IS process can only be associated with one VPN instance

If an IS-IS router creates multiple IS-IS processes, each process does not affect each other and is independent of each other.

1 VPN instance can be associated with multiple different IS-IS processes

Page 18 of 26

171. In a firewall dual-machine hot backup scenario, which of the following status information can be backed up between the active and standby firewalls? (Multiple choice)

SeverMap table

AA user table (default user admin is not backed up)

Dynamic MAC address table

Session table

172. VGMP defines multiple message types. Please match the message types and functions.

173. The network administrator enters display telemetry destination on the device to view Telemetry related information. The following is displayed. Which of the following descriptions is wrong?

This push is encapsulated by VPN

The destination object is named Dest1

Data push uses gRPC protocol

The destination address sent is 192.168.56.1

174. In business mobility, after the policy execution point device receives user traffic, it searches for the corresponding policy and executes it based on which of the following information carried in the traffic, and then forwards/drops the traffic?

Source/destination IP address

Source/destination security group

Source/destination port number

Source/destination MAC address

175. As shown in the figure, all routers in the figure run the OSPF protocol.

Because R3 is in the backbone area, there are no Type 3 LSAs in the LSDB of R3.

True

False

176. As shown in the figure, the OSPF protocol is deployed in a campus, and Area 1 is deployed as an NSSA area. By default, R2 automatically generates a default route for Type 7 LSA and floods it within the NSSA area.

True

False

177. IPsec uses an asymmetric encryption algorithm to encrypt a symmetric algorithm key, and uses a symmetric algorithm key to encrypt/decrypt data, ensuring security while taking into account performance.

True

False

178. When the client SSH logs in to a server configured with only username and password authentication, it will not go through the key exchange stage (no key will be generated).

True

False

179. The OPS function of Huawei network equipment opens a RESTful API interface. The main part of the request and response messages of this interface is in XML format.

True

False

180. After the RPT tree is established, what is the wrong description about SPT switching?

All multicast traffic passes through the RP router, and the RP router may become a bottleneck for data forwarding.

After the SPT switch is completed, multicast traffic still passes through the RPT tree.

SPT has the shortest path and better forwarding performance

The RPT tree may not be the optimal path for multicast traffic forwarding.

Page 19 of 26

181. Considering the transformation cost, technological advancement and transformation impact scope, which of the following principles should be followed during IPv6 transformation? (Multiple choice)

Choose an appropriate IPv6 upgrade and evolution plan from a global perspective, rationally reuse old materials, and avoid asset waste.

Deploy a dual-stack network to achieve long-term coexistence of IPv4 and IPv6 networks

Build an advanced next-generation enterprise IPv6 network system architecture to fully support the long-term development and stable operation of enterprise business systems and avoid network reconstruction and duplication of investment.

Ensure that existing users are unaware and business migration is smooth

182. Which packets can Huawei equipment perform traffic suppression on? (Multiple choice)

Multicast

Known unicast

Broadcast

Unknown unicast

183. As shown in the figure, if you want to allow only legal users (users who obtain IP addresses through a legal DHCP server or specific static IP users) to access the network in the network, which of the following solutions can be used?

DAI+IPSG

DHCP Snooping+DAI

DAI+Port Security

DHCP Snooping+IPSG

184. An enterprise purchased dedicated lines from two operators. In order to optimize the line, the enterprise uses the BGP protocol to learn the routing entries of the two operators. However, the enterprise found that after such configuration, the traffic of the egress router increased significantly. After investigation, the network engineer found that the traffic of the two operators was transmitted to each other through the enterprise's egress router. If the enterprise uses the following configuration, it can avoid passing the traffic of the two operators. of traffic.

True

False

185. When the ARP distributed gateway is enabled under the VBDIF interface of the VTEP, VETP will still retain the ARP information of the host under the remote VTEP.

True

False

186. Telemetry data subscription defines the interactive relationship between the data sender and the data acquirer. Which of the following does not belong to the process of Telemetry static subscription?

The analyzer analyzes the sampled data and sends the analysis results to the controller.

After completing the relevant configuration of the GRPC service for a device that supports Telemetry, the collector will deliver the configuration to the device to complete data collection.

The network device reports the collected data to the collector for reception and storage according to the configuration requirements of the controller.

The analyzer reads the sampling data stored by the collector

187. In Huawei's SD-WAN networking solution, RR must use independent equipment and cannot be deployed on the same equipment as CPE.

True

False

188. As shown in the figure, there is a packet containing a three-layer label header. Please select the values (decimal) corresponding to the X, Y, and Z fields in the figure.

189. Please match OSPFv3 LSA with its delivery range.

190. IPsec SA (Security Association, Security Association) has two generation methods, namely manual method and IKE automatic negotiation method.

Which of the following descriptions of these two methods is wrong?

Both manual and IKE-established SAs support dynamic refresh.

The lifetime of an SA established in IKE mode is controlled by the lifetime parameters configured by both parties.

In manual mode, all parameters required to establish SA, including encryption/verification keys, etc., need to be manually configured by the user.

In IKE mode, the encryption/verification key required to establish SA is generated through the DH algorithm.

Page 20 of 26

191. Which of the following IPV6 transition technologies are address translation technologies? (Multiple choice)

NAT64

IVI

Dual stack

6PE

192. In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, which of the following descriptions about symmetric IRB forwarding are correct? (Multiple choice)

When forwarding cross-segment user communication packets between VTEPs, the VNI carried in the VXLAN header is L3 VN

Egress VTEP only performs L2 table lookup forwarding

Both Ingress VTEP and Egress VTEP will perform L3 table lookup forwarding.

Ingress VTEP only performs L2 table lookup forwarding

193. In Huawei's SD-WAN solution, what are the correct descriptions of Hub-Spoke topology? (Multiple choice)

Hub-Spoke topology mode supports dual Hub site networking

Hub-Spoke topology mode supports active-active Hub sites based on network segments

Hub-Spoke topology mode supports active-active Hub site based on Spoke site

Hub-Spoke topology mode supports four Hub site networking

194. In the SR network, if IS-IS is used to transmit SID, by default the Node SID advertised by the Level -2 router is only transmitted within the same area.

True

False

195. IPv6 link-local addresses can be generated through stateless autoconfiguration.

True

False

196. Please match the functions and names of the following BGP extended community attributes. (Drag and drop questions)

197. A certain campus deploys the OSPF protocol to achieve network interoperability. The LSDB information of R2 is as shown in the figure.

Which of the following information derived from this LSDB is correct? (Multiple choice)

Area1 is the NSSA area

R2 delivers the default route within the OSPF process.

R2 converts the default route of Type7 LSA into the default route of Type5 LSA

There is no Type3 LSA in Area1. It may be that R2 filters Type3 LSA in the outbound direction of Area1.

198. Please complete the following static VXLAN tunnel configuration and drag the corresponding configuration to the corresponding area.

199. In Business Companion, which one of the following descriptions about "security group" and "resource group" is wrong?

Security groups support static binding of IP addresses or address segments.

Any group can serve as both a source group and a destination group.

On iMaster NCE-Campus, the UCL group is the security group

Resource groups support static binding of IP addresses or address segments.

200. A certain device outputs information as shown in the figure. Based on this judgment, when this device forwards data packets to 10.0.2.2, which of the following MPLS labels needs to be carried?

40100

36100

40200

36200

Page 21 of 26

201. In the small and medium-sized cloud management campus network scenario based on Huawei Cloud Campus Network Solution, which of the following devices are supported for going online through the registration query center? (Multiple choice)

202. Which of the following descriptions of the MP_REACH NLRI attribute of BGP4+ are correct? (Multiple choice)

AFI (address family) value is 2, which represents IPv6

The NLRI field carries IPv6 routing prefix and mask information

The next hop address length can be 16 or 32

When the next hop address length is 16, the Network Address of Next Hop carries the link local address.

203. On the Huawei iMaster NCE-Campus controller, 5 security group types are defined, including: dynamic security group, static security group, escape security group, unknown security group and () security Group.

204. Which of the following statements about selecting the location of an authentication point in a network is wrong?

Setting the user authentication point at the access layer has advantages and disadvantages compared with setting it at the aggregation layer or core layer. Policy linkage can be used as a solution.

Deploying authentication at the access layer of the network is conducive to achieving fine-grained management of permissions and high network security.

After the user authentication point is moved from the access layer to the aggregation layer, the user's MAC authentication may fail.

When the user authentication point is moved from the access layer to the aggregation layer and core layer, the number of authentication points is greatly reduced, which can effectively alleviate the pressure on the AAA server.

205. A virtualized campus network is deployed as shown in the figure. In this scenario, which method should be used to interconnect the Fabric with the external network?

Exclusive export method on the second floor

Three-tier exclusive export method

Layer 2 shared exit method

Three-layer shared exit method

206. In Huawei's SDWAN solution, which of the following items are included in the information transmitted using EVPN? (Multiple choice)

NAT configuration information

Business routing

TNP routing

IPsec SA information

207. As shown in the figure, R1 and R2 establish a GRE tunnel, and execute "Ping -a 10.1.1.1 10.3.1.1" on R1. At this time, the description of the ICMP message sent from the GE0/0/1 interface of R1 is correct. Which item is it?

The message will be encapsulated using GR

The source IP address of the outer IP header is 10.0.12.1, and the destination IP address of the outer IP header is 10.3.1.1.

This message does not use GRE encapsulation, the source IP address is 10.1.1.1, and the destination IP address is 10.3.1.1

This message does not use GRE encapsulation, the source IP address is 10.0.12.1, and the destination IP address is 10.0.12.2

The packet will be encapsulated using GR

The source IP address of the inner IP header is 10.1.1.1, and the destination IP address of the inner IP header is 10.0.12.2.

208. The figure below shows the MPLS-VPN cross-domain Option C solution. In the scenario where RR exists in the domain, if Option C method 1 is used, which of the following options are correct regarding the neighbor relationship between devices? (Multiple choice)

Establish VPNv4 neighbor relationship between RR1 and RR2

Establish VPNv4 neighbor and unicast BGP neighbor relationships at the same time between ASBR1 and ASBR2

Establish VPNv4 neighbor relationship and unicast BGP neighbor relationship simultaneously between PE1 and RR1

Establish a unicast BGP neighbor relationship between RR1 and RR2

209. R1, R2, and R3 enable SR-MPLS based on IS-IS. By default, which of the following is the outgoing label of the R1 device when it reaches 10.0.3.3? (The prefix sid of 10.0.3.3 is 100)

40100

No label

20100

30100

210. Huawei SD-VAN solution architecture has three channels. Please match the channels in the picture with their names one by one.

Page 22 of 26

211. What is the default aging time of Huawei switch MAC address table?

500

300

400

212. In a virtualized campus network deployed through iMaster NCE-Campus, during the "network planning" stage, which of the following is not an operation that the administrator needs to complete?

Deploy overlay to access the resource pool

Deploy Fabric global resource pool

Deploy Underlay automated resource pool

Create a certification template

213. Engineers need to download the device configuration file vrpcfg.cfg locally through SFTP, then rename the configuration file to backup.cfg and re-upload it to the device's default directory. It is known that the configuration file path of the device is /vrpcfg.cfg, which is located in the default directory / of the device.

The engineer's local file path is C:. Which of the following Python Paramiko codes can achieve the above function?

sftp.get('/vrpcfg.cfg', r'C:backup.cfg') sftp.put(r'C:backup.cfg', '/backup.cfg')

sftp.get(r'C:backup.cfg','/vrpcfg.cfg') sftp.put('/backup.cfg,r'

:backup.cfg')

sftp.get('/vrpcfg.cfg', r'C:vrpcfg.cfg') sftp.put('/backup.cfg', r'C:vrpcfg. cfg')

sftp.get('/vrpcfg.cfg', r'C:') sftp.put(r'C:backup.cfg', '/')

214. Which of the following channels does Huawei’s SD-WAN solution use to achieve flexible networking? (Multiple choice)

Arrangement channels

Control channel

Data channel

Management channel

215. Huawei AR series routers configure GRE tunnels and enable the Keepalive detection function. By default, the Keepalive sending period is () seconds.

216. The output information of a certain router is as shown in the figure. Which of the following are the correct reasons for the failure of OSPF adjacency to be established? (Multiple choice)

Hello message sending interval is inconsistent

Inconsistent area types

The IP address masks of the interfaces are inconsistent

Area codes are inconsistent

217. By default, VRP requires manual operation to resend an Update message to the neighbor after the BGP neighbor's egress routing policy (route policy) changes.

True

False

218. Which of the following external network types does the VXLAN virtual campus network deployed using iMaster NCE-Campus support? (Multiple choice)

L2 shared egress

L3 exclusive export

L2 exclusive export

L3 shared exit

219. HTTP/1.1 is the mainstream standard today. Regarding the HTTP/1.1 request message, which of the following request methods are included? (Multiple choice)

DELETE

POST

GET

PATCH

220. The iMaster NCE-Campus controller connects to various applications through open APIs in the north direction, and delivers configurations to campus network devices through Telemetry technology in the south direction.

True

False

Page 23 of 26

221. Which of the following descriptions of data encryption methods is wrong?

Data encryption methods are divided into symmetric encryption and asymmetric encryption

Asymmetric encryption uses public key encryption and private key decryption

The keys used in the symmetric encryption algorithm must be exchanged via email, otherwise there is a risk of key leakage

Symmetric encryption algorithms use the same key to encrypt and decrypt data.

222. In the following description of roaming, which of the following statements is correct? (Multiple choice)

APs that implement wireless roaming must have signal coverage overlapping areas

APs that implement wireless roaming must be in the same basic service set (BSS)

APs that implement wireless roaming do not need to have signal coverage in overlapping areas.

APs that implement wireless roaming must be in the same extended service set (ESS)

223. Before the SSH client uses public key authentication to connect to the SSH server, it needs to create a key pair in advance. The client uses GitBash to create a DS3 key pair. Which of the following commands is used to create it?

ssh-keygen -t dsa

ssh-keygen -t dss

ssh-keygen-t ecc

ssh-keygen-trsa

224. Which of the following descriptions of the differences between OSPFv2 and OSPFv3 are correct? (Multiple choice)

OSPFv3 is similar to OSPFv2. Use the multicast address as the destination address of OSPF packets

O SPFv2 and OSPFv3 have the same type of messages: Hello DD, LS

LSAack, and their message formats are the same

The protocol number of OSPFv2 in the IPv4 packet header is 89, and the next header number of OSPFv3 in the IPv6 packet header is 89.

O SPFv2- OSPFv3 all support interface authentication, and OSPFv3 authentication is still based on the fields in the OSPF packet header.

225. As shown in the figure, the entire network of a company uses the OSPF protocol to connect the network, but RouterS and RouterE cannot establish an OSPF neighbor relationship. When network administrators detect OSPF faults, they can execute the display ospf 100 () GE0/0/1 command on RouterS to obtain error-related information. Users can follow Use this information to perform OSPF troubleshooting.

226. Which of the following options is not the discarding strategy of the cache queue?

Tail discard

WRR

RED

WRED

227. Which of the following items belong to the QoS service model? (Multiple choice)

Comprehensive service model

Differentiated Services Model

Priority service model

Best effort service model

228. When a terminal device accesses a campus network where MAC bypass authentication is deployed, the access device will first perform MAC authentication on the terminal device. If authentication fails three times in a row, the terminal device needs to actively initiate 802.1X authentication.

True

False

229. The OPS (Open Programmability System) function of Huawei network equipment provides open programmability of network equipment and empowers users with secondary development capabilities. Which of the following descriptions of the OPS function of Huawei network equipment are correct? (Multiple choice)

Python scripts can also be run on the user's local PC and call the RESTful API interface opened by the network device.

With the help of OPS function, the function of automatic deployment of empty configuration equipment can be realized

Users can manually run Python scripts through the command line

Users can run Python scripts by configuring the maintenance assistant

230. Which of the following descriptions about IPSG is wrong?

IPSG can be used to prevent hosts from changing IP addresses privately.

IPSG can enable the IP packet inspection alarm function and link the network management to issue alarms.

IPSG can prevent IP address spoofing attacks

IPSG is a source IP address filtering technology based on layer 3 interfaces

Page 24 of 26

231. LLDP (Link Layer Discovery Protocol) is the link layer discovery protocol defined in IEEE 802. lab. Because it works at the data link layer, it cannot obtain the neighbor's management IP address.

True

False

232. The figure below shows the MPLS VPN cross-domain Option C solution. In the scenario where RR exists in the domain, if Option C method 1 is used, which of the following descriptions of neighbor relationships between devices are correct? (Multiple choice)

Establish a unicast BGP neighbor relationship between RR1 and RR2

Establish VPNv4 neighbor relationship and unicast BGP neighbor relationship simultaneously between ASRB 1 and ASBR2

Establish VPNv4 neighbor relationship between RR1 and RR2

Establish VPNv4 neighbor relationship and unicast BGP neighbor relationship simultaneously between PE1 and RR1

233. Which of the following intelligent operation and maintenance functions supported by Huawei Cloud Campus Network Solution include? (Multiple choice)

Visually monitor network quality through network health

Ability to analyze network failures based on individual and group problems

Based on big data + AI, provide predictive intelligent tuning capabilities

Based on Telemetry technology, monitor the network quality on the wireless side from three dimensions: AP, radio frequency and user.

234. Which of the following descriptions of OSPF packets is wrong?

Hello messages are used to discover and maintain neighbor relationships. Hello messages are also used to elect DR and BDR on broadcast networks and NBMA networks.

DD packets contain all LSA information and can be used to regularly synchronize link state database information between neighbors.

The interval between sending hel1o messages between the two routers must be consistent, otherwise the neighbor cannot be established.

DD packets carry LSA header information describing link status summary information.

235. Users encounter different events during the authentication process, causing the user to be in an unsuccessful authentication state. At this time, authentication event authorization can be configured to meet the needs of these users to access specific network resources.

Which of the following descriptions of authentication event authorization is wrong?

Events that can trigger authentication event authorization include authentication server Down, authentication server unresponsive, and pre-connection. Authentication failure cannot trigger authentication event authorization.

If the user's network access rights are not configured when authentication fails or the authentication server Dowm is configured, when the user authentication fails, the user remains in the pre-connected state and has the network access rights of the pre-connected user.

Authorization parameters that can be supported by authentication event authorization include VLAN, user group and business plan.

Authorization in a non-authentication-successful state may also be called elective. There are different escape plans for different authentication methods. Some selection plans are common, and some selection plans are only supported by specific authentication methods.

236. VXLAN is based on UDP encapsulation, which encapsulates Ethernet data frames on UDP in IP packets, so it is called MAC in UDP encapsulation.

True

False

237. Which of the following statements about OSPF and IS-IS is wrong?

Both DR and BDR need to be elected in the broadcast network

OSPF and IS-IS are both link state protocols

Both OSPF and IS-IS support area division

Both OSPF and IS-IS use Hello messages to establish and maintain neighbor relationships.

238. Which of the following sequence of numbers can be matched by the regular expression 100$? (Multiple choice)

1001

100

1000

10000

239. A company's headquarters network and branch network are interconnected through the Internet. If you want to use VPN technology to achieve safe and reliable data transmission between headquarters users and branch users, which of the following VPN technologies is the most suitable?

SSL VPN

IPsec VPN

MPLS VPN

L2TP VPN

240. All routers in a network enable the SR-MPLS function based on OSPF. The SRGB of each router is as shown in the figure. By default, when R3 forwards a packet with the destination address 10.0.4.4, the SRGB carried is as shown in the figure. It shows that by default, when R3 forwards a packet with the destination address 10.0.4.4, which of the following MPLS labels is carried?

50100

40100

100

Page 25 of 26

241. Which of the following methods are used to establish IPsec SA? (Multiple choice)

Certificate negotiation method

Establish IKE mode

Establish oral and manual methods

Establish template negotiation method

242. As shown in the figure, OSPF protocol is enabled on all interfaces of the router.

The IP addresses identified in the figure are all the IP addresses of the Loopback0 interface of the device. The Loopback0 interfaces of R1, R2, and R3 are advertised in area 1, the Loopback0 interface of R4 is advertised in area 0, and the Loopback0 interface of R5 is advertised in area 2.

Based on this judgment, which of the following IP addresses can ping each other? (Multiple choice)

10.0.3.3 and 10.0.5.5

10.0.4.4 and 10.0.2.2

10.0.2.2 and 10.0.5.5

10.0.2.2 and 10.0.3.3

243. As shown in the figure, all routers in the figure run the OSPF protocol.

Which of the following descriptions is correct?

R2 will generate Router LSA in both area 1 and area 0.

R2 forwards the Router LSA generated by R3 to R1

R2 forwards the Router LSA generated by R1 to R3

R2 only generates Router LSA in area 0

244. In BGP4+, regarding the content of the next hop network address field carried by the MP_REACH_NLRI attribute in the Update message, which of the following descriptions is correct?

Can carry link local address and global unicast address at the same time

Can only be a global unicast address

Can only be a link-local address

Can be just a link-local address

245. Which of the following regular expressions can only match BCP routing entries that first pass through AS300 and then pass through AS200?

^200 | ^300

_[200 300]_

200$ | 300$

_(200 300)_

246. Traffic policing can only be used in the inbound direction. Its function is to monitor the traffic entering the device to ensure that the upstream device does not abuse network resources.

True

False

247. Which of the following channels is established between the CPE and the independently deployed RR in Huawei's SD-WAN solution?

Authentication channel

Control channel

Management channel

Data channel

248. The following is the main process for the controller to issue SR-MPLS Policy. Please sort the processes in order.

249. Four routers run IS-IS and have established adjacencies. The area numbers and router levels are marked in the figure. If route penetration is configured on the R3 device, what is the Cost value for R4 to reach 10.0.2.2/32?

250. Regarding the description of Network Address Port Translation (NAPT) and Network Address Only Translation (No-PAT), which of the following statements is correct?

After NAPT conversion, for external network users, all packets will only come from the same IP address.

No-PAT supports protocol address translation at the network layer

NAPT only supports protocol address translation at the network layer

No-PAT only supports protocol port conversion at the transport layer

Page 26 of 26

251. According to the information given in the picture, which of the following descriptions is correct? (Multiple choice)

The IS-IS interface type of R1’s GE0/0/0 interface is Level-1-2

IS-IS IPv6 is enabled on R1’s GE0/0/0 interface.

IS-IS IPv6 is not enabled on R1’s GE0/0/1 interface.

The IS-IS interface type of R1’s GE0/0/1 interface is Level-1

TAGS:

H12-891_V1.0-ENU, H12-891_V1.0-ENU exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get H12-891_V1.0-ENU Dumps Full Version

Q&As: 849
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

H12-891_V1.0-ENU Dumps Questions Increase Your Chance of Success

Related

Posts

H19-102_V2.0-ENU Dumps Guarantee You Pass H19-102_V2.0-ENU Exam Easily

Get Certified Easily with Online H12-411_V2.0-ENU Dumps

2024 Huawei H19-413_V1.0-ENU Exam Dumps Questions

Get Certified Easily with Online H12-893_V1.0-ENU Dumps

About Us

EMAIL

Services

Opening Hours