H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

Stateless Address Autoconfiguration (SLAAC)is an IPv6 mechanism where a host automatically configures its ownglobal unicast addresswithout requiring a DHCPv6 server.

IPv6 Address Format in SLAAC:

First 64 bits→Network Prefix(received from the router's RA message).

Last 64 bits→Interface Identifier(generated using EUI-64 or a randomly assigned value).

Why is the Prefix Always 64 Bits?

SLAAC requires a/64 prefixbecause the host needsthe lower 64 bitsto generate a unique address.

IPv6 Neighbor Discovery (ND) and Address Autoconfiguration are designed for a /64 subnet mask.

Reference from Huawei HCIE-Datacom Documentation:

Huawei IPv6 Configuration Guide – SLAAC Addressing and Prefix Allocation

HCIE-Datacom Training Material – IPv6 Stateless Address Autoconfiguration (SLAAC)

A screenshot of a computer AI-generated content may be incorrect.

IPsec (Internet Protocol Security) provides secure communication over IP networks through several essential functions. Let’s explain each function and its purpose:

1. Data Origin Authentication:

Description:The receiver verifies the identity of the sender.

This function ensures that the data received actually comes from the claimed source.

IPsec achieves this usingIKE (Internet Key Exchange)anddigital signatures.

TheAuthentication Header (AH)andEncapsulating Security Payload (ESP)support authentication.

Use Case:Verifying that a message claiming to be from a specific IP address is genuinely from that source.

2. Data Encryption:

Description:The sender encrypts the data, and the receiver decrypts the data.

Encryption ensuresdata confidentialityby transforming readable data (plaintext) into unreadable data (ciphertext).

Only the intended receiver with the correct decryption key can convert the ciphertext back to plaintext.

Common encryption algorithms used includeAES (Advanced Encryption Standard)andDES (Data Encryption Standard).

Use Case:Protecting sensitive data transferred over public networks.

3. Data Integrity:

Description:The receiver verifies received data to determine whether the data has been tampered with.

Ensures that the data was not altered during transmission.

Uses cryptographichash functions(e.g.,SHA-1, SHA-256) to generate amessage digest.

The digest is sent with the data and verified on the receiving side.

Use Case:Detecting any changes made to the data packet during transmission.

4. Anti-Replay:

Description:The receiver rejects duplicate data packets.

Prevents attackers from capturing packets and replaying them later.

Usessequence numbersto detect replayed or duplicated packets.

The receiver keeps asliding windowof sequence numbers to compare incoming packets.

Use Case:Blocking malicious actors from sending previously intercepted packets to disrupt communication.

Why This Mapping Is Correct:

The functions and descriptions are aligned based on the core concepts of IPsec and the roles they play in ensuring secure data transmission.

Each function addresses a specific aspect of security:authentication, confidentiality, integrity, and replay protection.

Comprehensive and Detailed In-Depth Explanation:

When invokingRESTful APIsiniMaster NCE-Campus, the client must include theACCESS-TOKENin therequest headerto authenticate the request.

TheACCESS-TOKENis obtained throughauthenticationand is required forAPI access control.

The correct format in the HTTP header is:

Authorization: Bearer ACCESS-TOKEN

Other formats likeACCEPT-TOKEN,X-ACCEPT-TOKEN, andX ACCESS TOKENare not recognized or valid foriMaster NCE-Campus API requests.

Therefore, the correct answer isA.