单选题Which statement describes the behavior of a security policy？（）A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface doe

第1题：

Which statement about IDS/IPS design is correct?（）

• A、An IPS should be deployed if the security policy does not support the denial of traffic.
• B、An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.
• C、An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.
• D、Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.

第2题：

Which type of zone is used by traffic transiting the device？（）

• A、transit zone
• B、default zone
• C、security zone
• D、functional zone

第3题：

第4题：

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?（）

• A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
• D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

第5题：

Which statement describes the behavior of a security policy？（）

• A、The implicit default security policy permits all traffic.
• B、Traffic destined to the device itself always requires a security policy.
• C、Traffic destined to the device’s incoming interface does not require a security policy.
• D、The factory-default configuration permits all traffic from all interfaces.

第6题：

What is a Host Enforcer policy?（）

• A、A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.
• B、A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.
• C、A policy that is sent to the protected resource that permits or denies inbound or outbound traffic.
• D、A policy that is defined on the protected resource that permits or denies inbound or outbound traffic.

第7题：

You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?（）

• A、[edit security policies from-zone HR to-zone HR]
• B、[edit security zones functional-zone management protocols]
• C、[edit security zones protocol-zone HR host-inbound-traffic]
• D、[edit security zones security-zone HR host-inbound-traffic protocols]

第8题：

第9题：

You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic？（）

• A、[edit security policies from-zone HR to-zone HR]
• B、[edit security zones functional-zone management protocols]
• C、[edit security zones protocol-zone HR host-inbound-traffic]
• D、[edit security zones security-zone HR host-inbound-traffic protocols]

第10题：

Which two statements describe the purpose of a security policy？（）

• A、It enables traffic counting and logging.
• B、It enforces a set of rules for transit traffic.
• C、It controls host inbound services on a zone.
• D、It controls administrator rights to access the device.