Q1

An administrator currently manages AR2200 devices in the network through a single password, however
the company wishes to introduce another two administrators and provide unique user credentials and
privilege levels for telnet access to the network devices.
What action can be taken? (Choose three)

A. Configure three users under the AAA-view, and assign each a different password.
B. The authentication mode must be changed to AAA.
C. Each administrator must be assigned a privilege level.
D. A public IP address must be assigned to each user for telnet access

Answer: ABC

Q2
Which of the following authentication methods are supported for Telnet users? (Choose three)

A. Password authentication
B. AAA local authentication
C. MD5 authentication
D. No authentication

Answer: ABD

Q3
On Huawei AR G3 Series routers, which authentication modes does AAA support? (Choose all that apply.)

A. None
B. Local
C. Radius
D. 802.1X

Answer: ABC

Q4
Refer to the configuration output. RTA has been configured using AAA as shown, and associated with the
“huawei” domain. For users in the huawei domain, which authentication-scheme will be used?

A. au1
B. au2
C. au1 will be used. When au1 is deleted, users will use au2
D. au2 will be used. When au2 is deleted, users will use au1

Answer: B

Q5
A user accesses a server supporting AAA, for which the authorization mode on the AAA server has been
configured using the command “authorization-mode hwtacacs ifauthenticated”. Which of the following
statements regarding this command are true? (Choose three).

A. If the hwtacacs server fails to respond, the user will be authenticated using local authentication.
B. If the hwtacacs server fails to respond, the user will be authenticated using remote authentication.
C. If the hwtacacs server fails to respond, the user will bypass authentication.
D. The hwtacacs server will authorize the user.

Answer: ABD

Q6
Which of the following descriptions regarding eSight is not correct?

A. eSight is used to monitor and manage enterprise networks.

B. eSight supports only Huawei devices.
C. eSight supports WLAN management and monitoring of hotspot coverage.
D. eSight supports the backup of configuration files and network traffic analysis.

Answer: B

Q7
What of the following statements is correct regarding access control list types and ranges?

A. A basic ACL value ranges from 1000-2999

B. An advanced ACL value ranges from 3000-4000
C. A layer 2 ACL value ranges from 4000-4999
D. An interface ACL value ranges 1000-2000

Answer: C

Q8
Which of the following parameters is not used by Advanced ACL?

A. Source interface
B. Destination port number
C. Protocol number
D. Time-range

Answer: A

Q9
Refer to the configuration output. Which of the following statements regarding ACL 2001 is correct?

A. Packets from network [Link]/24 network will be denied.

B. Packets from network [Link]/24 network will be permitted.
C. Packets destined for network [Link]/24 will be denied.
D. Packets destined for network [Link]/24 will be permitted.
Answer: B

Q10
Refer to the configuration output. A network administrator configured the ACL on router RTA, as shown.
Which of the following statements regarding the rule order are correct? (Choose two).

A. The rule-number of the first rule is 1

B. The rule-number of the first rule is 5
C. The rule-number of the second rule is 2
D. The rule-number of the second rule is 10

Answer: BD

Q11
Following a failure of services in the network, an administrator discovered that the configuration in one of
the enterprise routers had been changed. What actions can be taken by the administrator to prevent
further changes? (Choose three)

A. The administrator should limit access by setting the login privilege of users to 0.
B. The administrator should configure AAA to manage user authorization on the router.
C. The administrator should configure an ACL to allow only the administrator to manage the router.
D. The administrator should configure port-security on the router.

Answer: ABC

Q12
Refer to the configuration output. Which of the following statements is correct regarding the configuration
of the ACL on RTA?

A. Packets from network [Link]/24 network will be denied.

B. Packets from network [Link]/24 network will be permitted.
C. Packets destined for network [Link]/24 will be denied.
D. Packets destined for network [Link]/24 will be permitted.

Answer: A

Q13
Refer to the configuration output. Which of the following statements are correct regarding the
configuration of the ACL on RTA? (Choose two).
[Link] from network [Link]/32 will be denied.
[Link] from network [Link]/24 will be denied.
C. Packets from network [Link]/24 will be denied.
D. Packets from network [Link]/16 will be denied.
Answer: AD

Q14

Refer to the capture output. The administrator has captured three packets in the network. Which statement regarding
the captured packets is incorrect?

[Link] packets represent a TCP three-way handshake process.

B.[Link] is the telnet server, while [Link] is the telnet client.
[Link] three packets contain no application data.
D.[Link] uses port 50190 to buid the telnet connection.
Answer: B

Q15
Refer to the capture output. The administrator has captured three packets in the network. Which
statement regarding the captured packets is incorrect?

A. This packets represent a TCP three-way handshake process.

B. [Link] is the telnet server, while [Link] is the telnet client.
C. The three packets contain no application data.
D. [Link] uses port 50190 to buid the telnet connection.

Answer: B

Q16
An administrator wishes to manage the router in the remote branch office, which method can be used?

A. Telnet
B. FTP
C. Console Connection
D. DHCP

Answer: A

Q17
The administrator cannot use telnet to manage the AR2200. The administrator is able to verify connectivity
to the router and has been informed that other administrators have no difficulties using telnet.
Which statements describe the possible reasons for this problem? (Choose all that apply.)
A. The user’s status has been blocked
B. The user’s privilege level has been changed to 0.
C. The user has been deleted.
D. The telnet service in the AR2200 router has been disabled.

Answer: AC

Q18
A user logged into a VRP supported device through telnet, but when attempting to configure the device,
found that he is unable to use the system-view command to enter the system-view.
What are the possible reasons for this? (Choose two)

A. The device’s VTY interface only provides permission for some telnet users to run the system-
viewcommand.
B. The user’s telnet software restricts use of this command.
C. The user’s privilege level is lower than the level associated with the system-view command.
D. The system-view command privilege level is lower than the level associated with the user.

Answer: AC

Q19
The users who log on the router through Telnet are not permitted to configure IP address.
What is the possible reason?

A. Communication failures occur between the user and the router.

B. The authentication mode of Telnet is set incorrectly.
C. Privilege level of Telnet is set incorrectly.
D. SNMP parameters are set incorrectly.

Answer: C

Q20
Refer to the graphic.
The host has a problem establishing a telnet connection with the router attached to interface G0/0/0.
Which of the following steps can be used to help the administrator identify the problem? (Choose two)
A. Check whether the host has configured the gateway IP address.
B. Check whether the switch has configured the gateway IP address.
C. Use the ping tool to check connectivity between host and router.
D. Check the telnet server configuration is right on the router.

Answer: CD

Q21
The administrator wishes to manage a network through telnet from a user's terminal to a router.
How can this be achieved?

A. A connection should be established between the ethernet port of the terminal and the console port of
therouter.
B. A connection should be established between the ethernet port of the terminal and the ethernet port of
therouter.
C. A connection should be established between the console port of the terminal and the ethernet port of
[Link] console cable connect pc’s ethernet port and router’s console port.
D. A connection should be established between the COM port of the terminal and the console port of
therouter.

Answer: B

Q22
Refer to the configuration output. The administrator configured the device using the commands in the
configuration output. Regarding these commands, which statement is false?
A. The administrator wishes to enable management through the console interface.
B. Following configuration, the administrator cannot manage the device remotely.
C. A user that logs-in through the console interface is assigned the highest privilege level.
D. The password of a user logged in through console is ‘cipher huawei2012’.

Answer: D

Q23
<Huawei> system-view
[Huawei]command-privilege level 3 view user save Refer to the command output. What is the result of the
shown command?

A. The command adjusts the save command of a user to privilege level 3.

B. The command adjusts the save command in the user view to privilege level 3.
C. The command adjusts the user view command privilege level to 3, and saves the configuration.
D. The command adjusts the privilege level of a user to 3, and saves the configuration.

Answer: B

Q24
What is the default authentication mode for the default_admin domain?

A. None
B. Local
C. Radius
D. 802.1X

Answer: B

Q25
An authenticator router has been configured with two domains named “Area1” and “Area2”, following
which a user is created with the username “huawei” and the password ”hello” for authentication. Which
domain does this user belongs to?

A. Area1 domain
B. Area2 domain
C. default domain
D. default_admin domain

Answer: C

Q26
If AH and ESP are both required to protect data streams between IPsec peers, how many Security
Associations (SA) are required in total?

A. 1
B. 2
C. 3
D. 4

Answer: D
Q27
Two routers establish an IPsec tunnel, which of the following does not need to be the same on both
peering devices?

A. Encapsulation mode
B. Transform mode
C. Proposal name
D. authentication algorithm

Answer: C

Q28
Which of the following statements are true about ACL deployment on Huawei devices? (Choose all that
apply)

A. ACL can only be used in the outbound direction of an interface

B. The same ACL can be used on multiple interfaces
C. The ACL rules can only be configured in the following sequence: 10, 20, 30…
D. ACLs cannot be used to filter OSPF traffic because OSPF does not use UDP to encapsulate packets
E. ACLs can be used to match with the TCP/UDP port IDs of packets and to designate the port ID range

Answer: BE

Q29
Which of the following technologies is used to bind MAC addresses to interfaces on a switch?

A. SEP.
B. Port security.
C. ACL.
D. NAT.

Answer: B

Q30
Refer to the graphic. IPsec VPN uses ESP to encrypt which fields?

A. TCP, Data and ESP Trailer.

B. ESP, TCP and Data.
C. ESP, TCP, Data and ESP Trailer.
D. ESP, TCP, Data, ESP Trailer and ESP Auth.

Answer: A

Q31
Which SNMP version focuses on two main aspects, namely security and administration. The security
aspect is addressed by offering both strong authentication and data encryption for privacy. The
administration aspect is focused on two parts, namely notification originators and proxy forwarders.

A. SNMPv1
B. SNMPv2
C. SNMPv2c
D. SNMPv3

Answer: D

Q32
Which of the following is not included in AAA?

A. Audit
B. Authentication
C. Authorization
D. Accounting

Answer: A

Q33
Which of the following encapsulation modes are supported by IPsec VPN? (Choose two.)

A. Routing mode
B. Tunnel mode
C. Transport mode
D. Switching mode

Answer: BC

Q34
Which of the following SNMP packets is sent by the agent on the managed device to the NMS?

A. Get-Request
B. Response
C. Get-Next-Request
D. Set-Request

Answer: B

Q35
The RADIUS information of the router is configured as follows. Which of the following statements are
correct? (Choose three.)

A. The IP address of the authentication server is [Link].

B. The IP address of the authorization server is [Link].
C. The source IP address of the RADIUS packets sent by the router is [Link].
D. The IP address of the accounting server is [Link].
Answer: ACD

Q36
Which of the following statements are true about the blackhole MAC address table?

A. Entries are manually configured and delivered to each interface card. The entries cannot be aged out.
B. After a device is reset, an interface card is hot swapped, or an interface card is reset, the saved entries
onthe device or interface card are not lost.
C. After a blackhole MAC address is configured on a device, the device discards packets whose source
ordestination MAC address is the blackhole MAC address.
D. Blackhole MAC address entries can be used to filter out unauthorized users.

Answer: C

Q37
As shown in the following figure, which position should the AH header in IPsec transmission mode be
inserted into?

A. 2
B. 3
C. 4
D. 1

Answer: A

Q38
Which of the following ACLs can match the transport layer port number?

A. Basic ACL
B. Intermediate ACL
C. Layer 2 ACL
D. Advanced ACL

Answer: D

Q39
As shown in the following figure, which of the following is the authentication scope of the AH protocol in
IPsec tunnel mode?

A. 2
B. 3
C. 1
D. 4

Answer: D

Q40
If the output information of a router is as follows, which of the following tunnel protocols is used by the
interface?
[Router A]display interface Tunnel 0/0/0
Tunnel0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2019-03-06 [Link] UTC-08:00 Description:HUAWEI, AR Series, Tunnel0/0/0
Interface Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack0([Link]/32) Encapsulation is TUNNEL,
loopback not set
Tunnel source [Link] (GigabitEthernet0/0/0), destination [Link] Tunnel protocol/transport GRE/IP,
key disabled

A. GRE
B. IPsec
C. LDP
D. MPLS

Answer: A

Q41
If the “user-interface maximum-vty 0” command is run on a router, which of the following statements is
true?

A. A maximum of 5 VTY users can access the router at the same time.
B. No user can log in to the router through Telnet or SSH.
C. A maximum of 15 VTY users can access the router at the same time.
D. A maximum of 4 VTY users can access the router at the same time.

Answer: B

Q42
Which of the following methods is not used for logging in to the VRP system?

A. SSH.
B. Web.
C. Netstream.
D. Telnet.

Answer: C

Q43
What is the number range of a basic ACL?

A. 2000-2999
B. 3000-3999
C. 4000-4999
D. 6000-6031

Answer: A

Q44
Which of the following parameter settings for terminal emulation are correct when configuring a Huawei
router through the Console port?

A. 4800bps, 8 data bits,1 stop bits, odd parity check, and no flow control
B. 9600bps, 8 data bits, 1 stop bits, no parity check, and no flow control
C. 9600bps, 8 data bits, 1 stop bits, even parity check, and hardware flow control
D. 19200bps, 8 data bits, 1 stop bits, no parity check, and no flow control

Answer: B

Q45
On VRP platform, the command lines are classified into four levels in increasing priority: Visit level,
Monitoring level, Configuration level, and Management level. At which level, the operator is permitted to
configure service but is not permitted to operate the file system?

A. Visit level
B. Monitoring level
C. Configuration level
D. Management level

Answer: C

Q46
An AR2200 router is required to be reconfigured from scratch. Which steps are needed to achieve this?
(Choose all that apply.)

A. Reset the saved configuration.

B. Clear the current configuration.
C. Reboot the AR2200.
D. Assign the configuration file to be used at next startup.

Answer: AC

Q47

When a router is powered on, the router reads the configuration file saved in the default save directory to
get itself initialized. If the configuration file does not exist in the default save directory, what does the router
use to initialize itself?

A. New configuration file

B. Initial configuration file
C. Default parameters
D. Current configuration file

Answer: C
Q48

An administrator wishes to update the VRP software of company’s AR2200 router. How can this be
achieved? (Choose three)

A. The administrator can use FTP to transfer the VRP software, with the AR2200 router as the FTP client.
B. The administrator can use FTP to transfer the VRP software, with the AR2200 router as the FTP server.
C. The administrator can use TFTP to transfer the VRP software, with the AR2200 router as the TFTP
server.
D. The administrator can use TFTP to transfer the VRP software, with the AR2200 router as the TFTP
client.

Answer: ABD

Q49

FTP and TFTP can be used to update the system file on Huawei routers. Which of the following
statements arecorrect? (Choose three)

A. Huawei router can be configured as FTP Client

B. Huawei router can be configured as FTP Server
C. Huawei router can be configured as TFTP Client
D. Huawei router can be configured as TFTP Server

Answer: ABC

Q50
An administrator discovered he/she was unable to use TFTP to transfer files to the router.
Which of the following describes the likely reason for this?

A. The TFTP service had been disabled on the router.

B. TCP port 69 of the server had been blocked.
C. UDP port 69 of the server had been blocked.
D. The username and password had been modified.

Answer: C