问题:多选题Which two statements are true regarding high-availability chassis clustering?()AA chassis cluster consists of two devices.BA chassis cluster consists of two or more devices.CDevices participating in a chassis cluster can be different models.DDevices participating in a chassis cluster must be the same models
查看答案
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:多选题You have been tasked with performing an update to the IDP attack database. Which three requirements areincluded as part of this task?()AThe IDP security package must be installed after it is downloaded.BThe device must be rebooted to complete the update.CThe device must be connected to a network.DAn IDP license must be installed on your device.EYou must be logged in as the root user
问题:单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()AABBCCDD
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:单选题In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()A The existing FTP and BGP sessions will continue.B The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.C The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.D The existing FTP sessions will continue and only the existing BGP sessions will be dropped.
问题:单选题Which statement describes the behavior of source NAT with address shifting?()A Source NAT with address shifting translates both the source IP address and the source port of a packet.B Source NAT with address shifting defines a one-to-one mapping from an original source IP address to a translated source IP address.C Source NAT with address shifting can translate multiple source IP addresses to the same translated IP address.D Source NAT with address shifting allows inbound connections to be initiated to the static source pool IP addresses.
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:单选题[edit groups] user@host# show node0 { system { host-name NODE0; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.1/24; } } } } } node1 { system { host-name NODE1; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.2/24; } } } } } In the exhibit, what is the function of the configuration statements?()A This section is where you define all chassis clustering configuration.B This configuration is required for members of a chassis cluster to talk to each other.C You can apply this configuration in the chassis cluster to make configuration easier.D This section is where unique node configuration is applied.
问题:单选题You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?()A You must enable SPC detect within the configuration.B You must enable active-active failover for redundancy.C You must ensure all SPCs use the same slot placement.D You must configure auto-negotiation on the control ports of both devices
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:单选题Under which configuration hierarchy is an access profile configured for firewall user authentication?()A [edit access]B [edit security access]C [edit firewall access]D [edit firewall-authentication]
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.