H12-821_V1.0 HCIP-Datacom-Core Technology V1.0 Questions and Answers

In a stateful inspection firewall, if the status detection mechanism is enabled, it tracks and validates the state of connections using the session table. If there is no session table and a SYN+ACK packet reaches the firewall, it checks the security policy. If the policy explicitly permits the packet, it will pass through the firewall, but no session table will be created without the initial SYN packet. The other options are either incorrect or misrepresent the behavior of stateful inspection ​.

 GMP Snooping Proxy

IGMP snooping proxy allows the switch to substitute for upstream Layer 3 devices and downstream hosts, reducing unnecessary bandwidth consumption by consolidating IGMP messages.

 HCIP-Datacom-Core Reference

The IGMP snooping proxy functionality is described in multicast optimization and IGMP configuration chapters​​

 ACL Number Ranges

Basic ACLs: Numbered from 2000 to 2999.

Advanced ACLs: Numbered from 3000 to 3999.

Layer 2 ACLs: Numbered from 5000 to 5999.

User-defined ACLs: Numbered from 4000 to 4999.

 HCIP-Datacom-Core Reference

ACL classifications and their number ranges are covered in the ACL principles and configuration chapters​​.

 R3, as the DIS in the Level-2 domain, periodically sends Complete Sequence Number Protocol Data Units (CSNPs) to ensure LSDB synchronization among Level-2 routers.

 R1 and R2 are in a Level-1 domain, and IS-IS requires the receiving router (R2) to acknowledge an LSP from R1 by sending a Partial Sequence Number Protocol Data Unit (PSNP).

 IS-IS LSPs in a broadcast network are sent using multicast, not unicast, making option C incorrect.

 For Level-2 LSPs, acknowledgments are not provided using PSNP by R3; CSNPs are sufficient for synchronization ​.

By default, Huawei firewalls create security zones such as Trust, Untrust, and Local. The DMZ (Demilitarized Zone) is a security zone explicitly created by users. A DMZ is used to isolate an internal network from the external one, providing an additional layer of security by placing public-facing services (e.g., web servers) in this intermediary zone. This setup ensures that if a public-facing service is compromised, the internal network remains secure. Huawei Firewall configuration steps confirm this zoning principle, making DMZ creation an explicit user-driven action ​.

BFD operates at the network layer, providing rapid fault detection for forwarding paths, such as IP routing and MPLS tunnels. It interacts closely with network protocols (e.g., OSPF, BGP) to ensure high reliability and quick response to faults. BFD does not belong to the application, data link, or physical layers but functions as a network layer diagnostic tool as confirmed in Huawei's network protocol training ​.

Based on the MSTP configuration shown, the role of the switch in MSTI 1 cannot be determined without additional details about the topology or priority values of other switches in the instance. The role could be a root switch, secondary root, or non-root, depending on these factors ​.

The prefix list permits the prefix 1.1.1.1/24 with a mask length greater than or equal to /26 and less than or equal to /32. This means only prefixes with the base 1.1.1.1 and mask lengths between /26 and /32 will be permitted. Routes like 1.1.1.2/16 and 1.1.1.1/24 do not meet the mask length criteria, so they will be denied. Conversely, routes like 1.1.1.1/26 and 1.1.1.1/32 satisfy the condition and will be permitted ​.

In the PIM protocol, Register Stop and Graft messages are sent with unicast destination addresses, typically to specific neighbors or RP (Rendezvous Point) routers. Other messages like Bootstrap and Assert use multicast addresses for broader dissemination across the network ​.

IGMPv3 builds on IGMPv1 and IGMPv2 by supporting all previous query types, including General Query and Group-Specific Query, while introducing Source/Group-Specific Query. This enhancement allows finer control over multicast group membership ​.

 Understanding BGP Route Summarization:

In Border Gateway Protocol (BGP), route summarization is a technique used to aggregate multiple specific prefixes into a broader summary prefix. This reduces the size of routing tables and improves routing efficiency.

Summarization helps to hide unnecessary details from other parts of the network while still maintaining connectivity.

Understanding DHCPv6:

DHCPv6 (Dynamic Host Configuration Protocol for IPv6) is used to assign configuration parameters to IPv6 clients.

It supports both stateful and stateless modes:

Stateful: Assigns IPv6 addresses and other configuration parameters.

Stateless: Assigns only configuration parameters (e.g., DNS server) without providing IPv6 addresses.

The forwarding plane of a switch consists of data forwarding hardware, such as line cards or forwarding engines, and is responsible for tasks like encapsulating/decapsulating packets, providing high-speed data channels, and collecting packet statistics. However, main control boards are part of the control plane, not the forwarding plane. This distinction ensures a separation of data forwarding and control functionalities ​.

 LSA Lifetime and Deletion

The LS Age field in the LSA header tracks the age of an LSA. When the LS Age reaches its maximum value (3600 seconds), the LSA is marked for deletion. This ensures old or stale LSAs are removed from the network to maintain accurate routing information.

 HCIP-Datacom-Core Reference

Detailed explanation of LS Age behavior and LSA deletion processes can be found in the OSPF LSDB and LSA sections​​.

In dual-link MSB networking with load balancing, the new AP will connect to the AC with the lower number of connected APs. In this case, AC2 has only 20 connected APs, while AC1 has 100. Therefore, the new AP will connect to AC2 ​.

OSPF (Open Shortest Path First) mandates that the backbone area (Area 0) serves as the central area for routing information exchange. To avoid inter-area routing loops, routing information is only exchanged between the backbone area and non-backbone areas, not directly between two non-backbone areas. Consequently, each Area Border Router (ABR) must connect to the backbone area to facilitate this routing exchange ​.

Edge ports are used in RSTP to bypass the spanning tree calculation for ports connected to end devices. By configuring ports like SWD's GE0/0/2 and SWC's GE0/0/2 as edge ports, they transition directly to the Forwarding state upon activation, ensuring faster convergence. Statement A is incorrect because receiving BPDU invalidates the edge port status ​.

Root protection ensures that a designated port does not become a root port by discarding superior BPDUs. However, if superior BPDUs are no longer received, the port can return to its original forwarding state, meaning its role can change. This makes option B incorrect, while the other options correctly describe RSTP behavior ​.

The error indicates "Incorrect remote AS," which refers to a mismatch in the autonomous system (AS) numbers during BGP peer configuration. This issue is unrelated to the neighbor address. The neighbor address (10.1.1.5) and timestamp (2010-03-22 12:40:39) provided in the output are correct, and the error type confirms a neighbor relationship issue ​.

 ACL Modification

Named ACLs can be modified after their creation. Unlike numbered ACLs, named ACLs provide greater flexibility for editing individual rules without deleting the entire ACL.

Therefore, the statement is incorrect.

 HCIP-Datacom-Core Reference

The flexibility and editability of named ACLs are discussed in the ACL configuration sections​​.

IGMP Version Mismatch

If the IGMP snooping version on the device is earlier than the IGMP version on user hosts, the device may fail to parse IGMP Report messages correctly. As a result, the device forwards these messages only to router ports without generating group member ports or forwarding entries.

Consequently, users cannot receive multicast data.

HCIP-Datacom-Core Reference

Multicast and IGMP snooping behaviors under mismatched conditions are described in the multicast configuration chapters​​.

 Notification Message Purpose

BGP Notification messages are used to report errors or terminate a connection. They do not request peers to resend routing information after routing policies are changed.

Routing updates following policy changes require manual resynchronization, not Notification messages.

 HCIP-Datacom-Core Reference

The purpose and usage of Notification messages are discussed in the BGP operation chapters​​.

 Transitive vs. Non-Transitive Attributes

The Community attribute is a transitive optional attribute, meaning that if a router receives a route with this attribute and does not understand its purpose, the router retains and propagates it to other peers.

Other options, such as AS_Path and MED, are well-defined mandatory or optional attributes with specific purposes.

 HCIP-Datacom-Core Reference

The behavior of optional transitive attributes is detailed in the BGP protocol and attribute chapters​​.

In the provided configuration, IS-IS is enabled on Loopback0 but not on Loopback3 of R2. As a result, R2 will advertise the route 10.0.2.2/32 (from Loopback0) to R1 through IS-IS. However, the route 10.0.2.3/32 will not be advertised because IS-IS is not enabled on that loopback interface. The import-route direct command does not override this behavior ​.

Secure access channels include protocols that encrypt the transmitted data to protect against interception or unauthorized access. HTTPS (HyperText Transfer Protocol Secure) ensures data encryption over web communications, while SFTP (Secure File Transfer Protocol) provides secure file transfer by utilizing SSH for data encryption. Telnet and SNMPv2, on the other hand, lack robust encryption and are considered insecure. Huawei security standards highlight the importance of encrypted communication to prevent data leaks ​.

ICMPv6 messages are classified into two types: error messages (e.g., Destination Unreachable, Time Exceeded) and informational messages (e.g., Echo Request, Echo Reply). This classification is fundamental to ICMPv6's operation ​.

By default, BGP does not automatically summarize imported routes. Route summarization must be explicitly configured using the summary or similar commands ​.

The DHCPNAK message is sent by the DHCP server to the client to indicate that the requested configuration is not valid. Messages like DHCPDiscover, DHCPRequest, and DHCPRelease are initiated by the client in the DHCP process ​.

The sequence of steps for electing the root port in an STP (Spanning Tree Protocol) network is as follows:

Bridge ID Comparison: The Bridge ID (BID) is compared between the bridges in the network. A smaller value indicates a higher priority, meaning the bridge with the lowest Bridge ID is elected as the root bridge.

RPC (Root Path Cost) Comparison: The path cost to reach the root bridge is calculated. The router with the lowest Root Path Cost (RPC) to the root bridge will have a higher priority for the election of the root port.

Peer BID Comparison: If there is a tie in the Root Path Cost, the Peer BID is compared. A smaller Peer BID indicates a higher priority. This step ensures that if two routers have the same RPC, the one with the lower Peer Bridge ID wins.

Local BID Comparison: If there is still a tie, the Local BID is compared. A smaller Local BID indicates a higher priority. This final step ensures that the router with the lowest local identifier is selected.

Bridge ID Comparison:The first step in electing the root port is comparing the Bridge IDs. The bridge with the lowest Bridge ID becomes the root bridge. The Bridge ID is made up of the bridge priority and MAC address. The root bridge is the center of the network for STP, and all other ports will calculate their paths based on this root.

The default sending interval for BFD (Bidirectional Forwarding Detection) control packets is 100 milliseconds. This interval ensures rapid detection of link faults, providing fast failover and minimizing downtime in network operations ​.

The asbr-summary command is executed in the global OSPF view to summarize external routes. The abr-summary command is executed in the OSPF area view to summarize routes between areas. By default, the advertise parameter is enabled unless explicitly overridden by the not-advertise option ​.

ARP spoofing is a Layer 2 attack, as it targets ARP tables in switches or end devices. All other attacks, including IP spoofing, ICMP attacks, and Smurf attacks, are network layer (Layer 3) attacks ​.

When a stack splits, the MAC addresses of the newly formed stacks do not change immediately. Instead, they retain their original MAC addresses until new ones are reassigned during topology updates. This delayed update prevents immediate conflicts and allows MAD (Multiple Active Detection) to handle any resulting issues ​.

The IPv6 address 2001:0DBB:B8:0000:C030:0000:0000:09A0:CDEF can be compressed by removing leading zeros in each segment and collapsing consecutive zero groups into ::. The result is 2001:DBB:B8:0:C030::9A0:CDEF ​.

GRE (Generic Routing Encapsulation) is not a Layer 2 VPN technology. Instead, it is a Layer 3 tunneling protocol used to encapsulate a wide variety of network layer protocols inside point-to-point connections. GRE is commonly used for creating VPN tunnels across IP networks, allowing for the transport of various types of payloads. This misunderstanding about GRE being a Layer 2 technology contradicts its definition and typical application ​.

 IP Prefix List Matching Conditions

An IP prefix list matches based on:

Mask: Specifies the subnet mask length.

Action: Specifies whether to permit or deny.

Index: Orders the rules within the prefix list.

Port numbers are not applicable as matching conditions in an IP prefix list.

 HCIP-Datacom-Core Reference

IP prefix list configurations are detailed in the routing policy and route filtering chapters​​.

In inter-AC roaming scenarios, an AC (Access Controller) can serve as the mobility server for multiple mobility groups, enabling it to manage roaming among multiple groups. However, an AC can only belong to one specific mobility group. This constraint ensures that mobility management remains streamlined and avoids conflicts. Huawei WLAN mobility configuration guides validate this setup ​.

In a route-policy, attributes such as MED (Multi-Exit Discriminator) and Local-Preference can be used in apply clauses to influence BGP route selection. Attributes like AS_Path and Tag are typically matched or filtered but not directly applied in the apply clause ​.

In Huawei firewalls, the security level of a zone can be reconfigured by an administrator, making the statement that it cannot be changed false. Other statements accurately describe security level restrictions or defaults ​.

The monitoring plane's primary role is environmental monitoring, ensuring the stability of the system. Functions like voltage monitoring, temperature tracking, fan speed control, and power management are standard. These are independent of the forwarding or control planes and critical for maintaining device health in network operations ​.

The question indicates that a router performs a lookup in its FIB table for a packet and determines that the tunnel ID in the matching entry is 0, suggesting that the packet needs to be forwarded through a tunnel such as an MPLS tunnel. However, this is a misunderstanding of the FIB functionality.

FIB Table OverviewThe Forwarding Information Base (FIB) is used to make packet-forwarding decisions. Entries in the FIB include next-hop information, which can be directly linked to an interface or a tunnel.

If the Tunnel ID is 0, it indicates that the packet is forwarded via a normal routing path and not through a tunnel.

For MPLS or other tunnels, the Tunnel ID would have a non-zero value pointing to the associated tunnel.

MPLS Tunnel OperationWhen a router forwards packets through an MPLS tunnel, a label-switched path (LSP) is set up. The FIB would reflect specific tunnel identifiers for packets that need such encapsulation.

HCIP-Datacom-Core Reference

Routing Principles and MPLS​explain the forwarding mechanisms clearly, stating that if a packet is routed normally, the tunnel ID remains 0.

The section on MPLS​clarifies the encapsulation process and the role of tunnel identifiers.

Hence, the claim in the question is incorrect. A Tunnel ID of 0 implies no tunneling is required, and normal IP forwarding occurs

Application Specific Packet Filtering (ASPF) is a feature that allows the firewall to understand and handle multi-channel protocols such as FTP, H.323, and SIP. ASPF inspects the control channel to dynamically create temporary rules for the data channels, enabling the firewall to secure and manage complex application protocols. This feature ensures that appropriate security policies are applied to these multi-channel applications ​.

 BGP Next_Hop Attribute

Unlike IGP, the Next_Hop attribute in BGP does not necessarily have to be the IP address of a peer interface. For example, in multi-hop BGP configurations, the Next_Hop can point to a different router or interface within the network.

 HCIP-Datacom-Core Reference

Details of the Next_Hop attribute and its behavior are outlined in BGP path selection principles​​.

 Additional Port Roles in MSTP

Master Port: Indicates the port on the shortest path to the root bridge in a region.

Regional Edge Port: Identifies a port at the boundary of the MST region.

Backup and edge ports exist in RSTP and are not newly introduced by MSTP.

 HCIP-Datacom-Core Reference

MSTP port roles are elaborated in the MSTP configuration sections​​.

In asynchronous mode, the local device sends BFD control packets at predefined intervals, and the remote device monitors the receipt of these packets to detect connectivity issues. This is one of the two operating modes in BFD, the other being demand mode ​.

The Origin attribute in the display bgp routing-table output is marked as i, indicating that the route was injected into the BGP routing table using the network command. The other options are incorrect because the AS path is not displayed, the MED is 0, and the route is marked as the best (>), meaning it is the optimal route ​.

 LSP Generation in IS-ISIS-IS routers generate new Link State Packets (LSPs) under the following conditions:

Interface Status Changes: When IS-IS interfaces go up or down, the link state changes, triggering LSP updates.

Periodic Updates: IS-IS periodically regenerates LSPs to ensure link-state information remains synchronized across the network.

Interface Metric Changes: Any modification to interface costs results in a new LSP to reflect the updated cost in the network.

 Incorrect Option

C. Inter-area IP routes change is incorrect because IS-IS does not inherently differentiate between areas for LSP generation.

 HCIP-Datacom-Core Reference

IS-IS LSP generation rules are detailed in the IS-IS configuration and implementation chapters​​.

Route summarization in OSPF is restricted to specific routers: Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). These devices perform summarization to reduce routing table size and minimize advertised routing information between areas or across AS boundaries. Regular routers cannot perform route summarization, making this statement false ​.