H12-725_V4.0 Exam Dumps : HCIP-Security V4.0 Exam

Comprehensive and Detailed Explanation:

IPsec VPN only supports IP unicast traffic.

Non-IP unicast packets (such as multicast and broadcast) are not natively supported.

To transmit multicast traffic over IPsec, GRE over IPsec is required.

Why is this statement true?

Standard IPsec VPN does not support non-IP unicast packets.

HCIP-Security References:

Huawei HCIP-Security Guide → IPsec VPN Limitations

Comprehensive and Detailed Explanation:

Inbound bandwidth= Trafficenteringthe firewall.

Outbound bandwidth= Trafficleavingthe firewall.

Correct answer:

A. Private → Public traffic is controlled by outbound bandwidth.

Why are the other options incorrect?

Bis incorrect because public → private traffic is controlled byinbound bandwidth, not outbound.

Cis incorrect because inbound bandwidth does not apply to private → public traffic.

Dis incorrect because public → private traffic is controlled by inbound bandwidth.

HCIP-Security References:

Huawei HCIP-Security Guide → Firewall Virtual System Bandwidth Control

Comprehensive and Detailed Explanation:

GRE over IPsecis used totunnel non-IP traffic, multicast, and dynamic routing protocolsover IPsec VPN.

Tunnel mode is requiredbecause:

Transport mode only encrypts the payload, but GRE needs the entireoriginal IP packet encrypted.

Tunnel mode encrypts the entire packet(original + GRE headers), ensuring full encapsulation.

Why is this statement true?

GRE over IPsec must use tunnel modeto fully encapsulate and protect packets.

HCIP-Security References:

Huawei HCIP-Security Guide → GRE over IPsec Configuration