An enterprise network deployed USG series firewalls, and they need to achieve per-user Telnet / SSH login to the USG and only the commands authorized by the server should be allowed.

Which of the following authentication methods would meet these business requirements?

A. Radius

B. LDAP

C. HWTACACS

D. AD

Which ofthe following statements is correct about the blacklist? (Choose three answers)

A. When you log into a device and incorrectly enter the username/password three times, the IP address of the administrator will be added to the blacklist via Web or Telnet.

B. Blacklist is divided into static and dynamic.

C. When the device is perceived to have behavioral characteristics of packets to a user's attempt to attack a specific IP address, it will use a dynamic IP address blacklist technology.

D. When the packet reaches the firewall, the first thing to check for is packet filtering, and then it will match the blacklist.

With regard to the Radius protocol, which of the following statements are correct (choose three answers)

A. Use the UDP protocol to transmit packets Radius

B. authentication and authorization port number can be 1812

C. To account for encryption processing using the Radius protocol to transmit user account and password

D. authentication and authorization port number can be 1645

An SSL VPN user authenticates, has enabled network expansion on the PC, and has been assigned an IP addresses. However, the user can not access resources within theintermal network server. Which of the following are possible reasons for this? (Choose three)

A. Configuration error in the "Routing Client mode" configuration.

B. User access is limited

C. The network server is unreachable.

D. The PC's physical interface and assigned VPN addresses overlap.

An IPsec VPN connection established by two USG firewalls in NAT traversal mode fail to see any information from the "display ike sa" command. Neither session information nor UDP port 500 information is displayed. What are possible reasons for this? (Choose two answers)

A. public network unreachable.

B. middle device blocking UDP 500 port.

C. middle device blocking UDP 4500 port.

D. middle device blocking ESP packets.

The DHCP Snooping binding table function needs to maintain its binding table of contents that include? (Choose three answers)

A. MAC

B. Vlan

C. Interface IP D. DHCP Server's

What type of packet sent in a VRRP HELLO message?

A. unicast packets

B. broadcast packets

C. multicast packets

D. UDP packets

Load balancing to ensure that the same user traffic will access the IP address assigned to different servers uses what technology? (Choose three answers)

A. Virtual Services Technology

B. Server Health Check

C. Hot Standby Technology

D. Flow-based forwarding

SSL works at the application layer and is encrypted for specific applications, while IPsec operates at which layer and provides transparent encryption protection for this level and above?

A. The data link layer

B. Network Layer

C. Transport Layer

D. Presentation Layer

As shown below, the address pool for domain abc is the L2TP VPN user's address pool.

Based on the information, which of the following statements is wrong?

A. L2TP users can authenticate the domain account.

B. If the value of Used-addr-number field is less than the value of the Pool-length field, the on-line domain does not exceed the maximum number of user access number.

C. From a corporate LAN a PC can obtain an IP address, but not dial L2TP VPN users.

D. The address pool address range is from 100.0.0.2 to 100.0.0.99.