You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()
第1题:
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()
A. resource access policies
B. Host Enforcer policies
C. source IP enforcement policies
D. IPsec enforcement policies
第2题:
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
A. Resource access policy on the MAG Series device
B. IPsec routing policy on the MAG Series device
C. General traffic policy blocking access through the firewall enforcer
D. Auth table entry on the firewall enforcer
第3题:
A. access profile
B. IKE parameters
C. tunneled interface
D. redirect policy
第4题:
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()
第5题:
Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()
第6题:
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()
A. show services unified-access-control authentication-table
B. show auth table
C. show services unified-access-control policies
D. show services unified-access-control captive-portal
第7题:
Your network contains a wired network and a wireless network. Users report that they experience intermittent problems accessing network resources when they connect to the internal wireless network. You discover that an unsecured rogue wireless access point uses the same Service Set Identifier (SSID) as the internal wireless network. You need to ensure that the users only connect to the internal wireless network. What should you do?()
A.Configure a Windows Connect Now Group Policy.
B.Configure a Wireless Network (IEEE 802.11) Policy.
C.Delete the rogue network from the Network and Sharing Center on each computer.
D.Create a Connection Manager Administration Kit (CMAK) profile and deploy it to all users.
第8题:
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()
A. CLI
B. WebUI
C. NSM
D. Junos Pulse Access Control Service
第9题:
Two routers configured to run BGP have been connected to a firewall, one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer, including the correct BGP session endpoint addresses and the correct BGP session hop-count limit (EBGP multihop). What is a good first test to see if BGP will work across the firewall?()
第10题:
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()