违法和不良信息举报 联系客服
免费注册 登录

多选题Users can define policy to control traffic flow between which two components? ()(Choose two.)Afrom a zone to the router itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface

题目
多选题
Users can define policy to control traffic flow between which two components? ()(Choose two.)
A

from a zone to the router itself

B

from a zone to the same zone

C

from a zone to a different zone

D

from one interface to another interface

如果没有搜索结果或未解决您的问题,请直接 联系老师 获取答案。
相似问题和答案

第1题:

At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)

A. [edit security idp]

B. [edit security zones security-zone trust interfaces ge-0/0/0.0]

C. [edit security zones security-zone trust]

D. [edit security screen]


参考答案:B, C

第2题:

Users can define policy to control traffic flow between which two components? ()(Choose two.)

A. from a zone to the router itself

B. from a zone to the same zone

C. from a zone to a different zone

D. from one interface to another interface


参考答案:B, C

第3题:

Click the Exhibit button.Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? ()(Choose two.)

A. DNS traffic is denied.

B. HTTP traffic is denied.

C. FTP traffic is permitted.

D. SMTP traffic is permitted.


参考答案:A, C

第4题:

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

  • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
  • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
  • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
  • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

正确答案:A

第5题:

You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()

  • A、[edit security policies from-zone HR to-zone HR]
  • B、[edit security zones functional-zone management protocols]
  • C、[edit security zones protocol-zone HR host-inbound-traffic]
  • D、[edit security zones security-zone HR host-inbound-traffic protocols]

正确答案:D

第6题:

You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()

A. [edit security policies from-zone HR to-zone HR]

B. [edit security zones functional-zone management protocols]

C. [edit security zones protocol-zone HR host-inbound-traffic]

D. [edit security zones security-zone HR host-inbound-traffic protocols]


参考答案:D

第7题:

Which statement best describes Cisco IOS Zone-Based Policy Firewall?()

  • A、A router interface can belong to multiple zones.
  • B、Policy maps are used to classify traffic into different traffic classes, and class maps are used to assignaction to the traffic classes.
  • C、The pass action works in only one direction
  • D、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.

正确答案:C

第8题:

Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

A. Traffic is permitted from the trust zone to the untrust zone.

B. Intrazone traffic in the trust zone is permitted.

C. All traffic through the device is denied.

D. The policy is matched only when no other matching policies are found.


参考答案:C, D

第9题:

Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()

  • A、Pass
  • B、Flow
  • C、Allow
  • D、Inspect

正确答案:A,D

第10题:

Which two steps are performed when configuring a zone?()

  • A、Define a default policy for the zone.
  • B、Assign logical interfaces to the zone.
  • C、Assign physical interfaces to the zone.
  • D、Define the zone as a security or functional zone

正确答案:B,D

更多相关问题
相关内容