Specify the IP address (172.19.1.1/32) as the destination address in the policy.
Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
第1题:
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
A. You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
B. No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
C. You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
D. You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
第2题:
You‘re the systems administrator at Testing, and you create the following access control lists.You then enter the command "ip access-group 101 in" to apply access control list 101 to router TK1s e0 interface.Which of the following Telnet sessions will be blocked as a result of your access lists?()
A. Telnet sessions from host A to host 5.1.1.10
B. Telnet sessions from host A to host 5.1.3.10
C. Telnet sessions from host B to host 5.1.2.10
D. Telnet sessions from host B to host 5.1.3.8
E. Telnet sessions from host C to host 5.1.3.10
F. Telnet sessions from host F to host 5.1.1.10
第3题:
You are having problems with connections from a specific host (192.168.1.15) not closing down correctly.You want to find the state of the threads from that host check for long-running queries. Which statement will accomplish this?()
A.A
B.B
C.C
D.D
第4题:
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
第5题:
I don't want you to make any trouble,(), I urge you to solve the problem.
第6题:
You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()
A. Enhanced Endpoint Security
B. DP signatures
C. Antivirus licensing
D. Endpoint Security Assessment Plug-in
第7题:
A.FTP traffic from 192.169.1.22 will be denied
B.No traffic, except for FTP traffic will be allowed to exit E0
C.FTP traffic from 192.169.1.9 to any host will be denied
D.All traffic exiting E0 will be denied
E.All FTP traffic to network 192.169.1.9/29 will be denied
第8题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第9题:
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()
第10题:
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()