违法和不良信息举报 联系客服
免费注册 登录

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Wh

题目

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

  • A、resource access policies
  • B、Host Enforcer policies
  • C、source IP enforcement policies
  • D、IPsec enforcement policies
如果没有搜索结果或未解决您的问题,请直接 联系老师 获取答案。
相似问题和答案

第1题:

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

A. resource access policies

B. Host Enforcer policies

C. source IP enforcement policies

D. IPsec enforcement policies


参考答案:D

第2题:

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

A. Resource access policy on the MAG Series device

B. IPsec routing policy on the MAG Series device

C. General traffic policy blocking access through the firewall enforcer

D. Auth table entry on the firewall enforcer


参考答案:A, D

第3题:

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

A. access profile

B. IKE parameters

C. tunneled interface

D. redirect policy


参考答案:A, B

第4题:

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

  • A、access profile
  • B、IKE parameters
  • C、tunneled interface
  • D、redirect policy

正确答案:A,B

第5题:

Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend?()

  • A、Enable Network Access Protection (NAP) on the network.
  • B、Deploy the Root CA certificate to the external computers.
  • C、Implement the Remote Desktop Connection Broker role service.
  • D、Configure the firewall to allow inbound traffic on TCP Port 1723.

正确答案:B

第6题:

You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()

A. show services unified-access-control authentication-table

B. show auth table

C. show services unified-access-control policies

D. show services unified-access-control captive-portal


参考答案:A

第7题:

Your network contains a wired network and a wireless network. Users report that they experience intermittent problems accessing network resources when they connect to the internal wireless network. You discover that an unsecured rogue wireless access point uses the same Service Set Identifier (SSID) as the internal wireless network. You need to ensure that the users only connect to the internal wireless network. What should you do?()

A.Configure a Windows Connect Now Group Policy.

B.Configure a Wireless Network (IEEE 802.11) Policy.

C.Delete the rogue network from the Network and Sharing Center on each computer.

D.Create a Connection Manager Administration Kit (CMAK) profile and deploy it to all users.


参考答案:B

第8题:

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()

A. CLI

B. WebUI

C. NSM

D. Junos Pulse Access Control Service


参考答案:C, D

第9题:

Two routers configured to run BGP have been connected to a firewall, one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer, including the correct BGP session endpoint addresses and the correct BGP session hop-count limit (EBGP multihop). What is a good first test to see if BGP will work across the firewall?()

  • A、Attempt to TELNET from the router connected to the inside of the firewall to the router connected to the outside of the firewall. If telnet works, BGP will work, since telnet and BGP both use TCP to transport data.
  • B、Ping from the router connected to the inside interface of the firewall to the router connected to the outside interface of the firewall. If you can ping between them, BGP should work, since BGP uses IP to transport packets.
  • C、There is no way to make BGP work across a firewall without special configuration, so there is no simple test that will show you if BGP will work or not, other than trying to start the peering session.
  • D、There is no way to make BGP work across a firewall.

正确答案:A

第10题:

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

  • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
  • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
  • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
  • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

正确答案:A

更多相关问题
相关内容