问题:单选题Which Junos Pulse feature allows the user to log in once through a Junos Pulse Secure Access Service on the network and then access resources protected by a Junos Pulse Access Control Service without reauthentication?()A Roaming SessionB Session MigrationC Location AwarenessD Persistent Session
查看答案
问题:多选题Which three authentication resources are grouped within an authentication realm?()AAuthentication enforcerBDirectory serverCCaptive authenticationDAuthentication policyERole-mapping rules
问题:单选题You have created a Host Checker policy that contains multiple rules. You want to inform end users which rule specifically has failed.In the admin GUI, which configuration setting would you enable?()A Enable Custom InstructionsB Pre-auth notificationC Remediation messageD Send reason strings
问题:多选题Which three authentication server types are supported for retrieving user attributes used in role- mapping rules?()ALDAPBS/KeyCTACACS+DRADIUSESiteMinder
问题:单选题A users Junos Pulse client uses 802.1X to access a wired network and is failing to authenticate. You run a packet capture from the users PC and notice that immediately after the client machine sends an EAPoL-start packet, an EAP-failure packet is returned. You review the RADIUS troubleshooting logs on the MAG Series device and do not see any authentication attempts from the user. Other users on the same Ethernet switch are successfully authenticating. Which device is sending the EAP-failure packet to the workstation?()A The RADIUS serverB The EAPoL serverC The workstation's network adapterD The Ethernet switch
问题:多选题What are two roles of the authenticator as described in the 802.1X standard? ()AIt proxies the authentication information between the supplicant and the authentication server.BIt controls physical access to the network.CIt communicates with the authentication server only.DIt is responsible for verifying the identity of the supplicant through the use of an internal database.
问题:单选题You are the administrator of a Junos Pulse Access Control Service implementation. You must restrict authenticated users connected from the branch offices to a few specific resources within the data center. However, when the authenticated users are connected at the corporate office, they are allowed more access to the data center resources. You have created two roles with different levels of access and are trying to determine the best way of controlling when a user is mapped to a specific role. Having the user prompted to manually select their role is possible, but you want to automate the process. Which configuration solves this problem?()A Implement a RADIUS request attribute policy to assist with realm selection and create different role-mapping rules for the user in each realm.B Implement a directory/attribute server on the realm and set up this server to determine by group membership the proper role to which a user should be mapped.C Reorder the role-mapping rules to allow for the more open role to be mapped first and then enable the stop processing rules when this rule matches function on this role.D Implement a Host Checker policy on the realm that determines the geographic location of the device and restricts the user based on the results of the policy.
问题:多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()AThe endpoints can use agentless access.BEncrypted traffic flows between the endpoint and the enforcer.CEncrypted traffic flows between the endpoint and the protected resourceDThe endpoints can use the Odyssey Access Client.
问题:多选题A customer has purchased a new Junos Pulse Access Control Service and wants to install it in an existing cluster.After initial configuration, the customer finds that the firmware version running on the Junos Pulse Access Control Service is 4.1 r5, but the existing cluster is running firmware version 4.1 r3. Which two actions must be performed to allow the new Junos Pulse Access Control Service to load the older version of firmware?()AInstall a valid license on the new Junos Pulse Access Control Service.BWhen loading the older firmware, delete all the existing data on the Junos Pulse Access Control Service.CAdd the new Junos Pulse Access Control Service to the existing cluster.DDownload the 4.1 r3 version firmware from the Juniper support website.
问题:多选题A customer wants to create a custom Junos Pulse configuration. Which two are required?()AConnection setBConfiguration setCCustom installerDComponent set
问题:多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.
问题:单选题You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()A Enhanced Endpoint SecurityB DP signaturesC Antivirus licensingD Endpoint Security Assessment Plug-in
问题:单选题You want to provide all users in your corporation with a single agent that provides access to multiple connection types conditionally. For example, you connect to the Junos Pulse Access Control Service if you are connected to the intranet, but you connect to the Junos Pulse Secure Access Service if you are on a remote network. Which agent should you use for this type of connection requirement?()A Junos Pulse should be configured with location awareness rules configured.B Odyssey Access Client should be installed with Host Checker configured to check the client's location.C Junos Pulse should be configured with all components installed.D Agentless access should be enabled so that clients can connect to any service without concern for installing an agent.
问题:多选题Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()ARemote DebuggingBSystem SnapshotCUser Access logsDPolicy Tracing
问题:多选题You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()Aaccess profileBIKE parametersCtunneled interfaceDredirect policy
问题:多选题You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?()ASelect Require and Enforce for the Host Checker Policy in the realm authentication policy.BSelect Evaluate Policies for the Host Checker policy in the realm authentication policy.CConfigure the Host Checker policy as a role restriction for the Employee role.DConfigure the Host Checker policy as a resource access policy for the Employee role.
问题:单选题A customer is trying to decide which 802.1X inner protocol to use on their network. The customer requires that nopasswords be sent across the network in plain text, that the protocol be supported by the Windows native supplicant,and that the protocol supports password changes at Layer 2. Which protocol would meet the customers needs?()A EAP-TLSB EAP-MD5C PAPD EAP-MSCHAPv2
问题:单选题You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()A The user will be instructed to call the network administrator.B The user will fail authentication.C The user will be prompted to install a new device certificate on the MAG Series device.D The user will successfully authenticate and have full network access.
问题:多选题Which three features are supported with the Junos Pulse client?()Athird-party RADIUS supportBHost EnforcerCHost CheckerDIPsecEsoft tokens
问题:单选题When using RADIUS as an external authentication method for 802.1X authentication for the Junos Pulse Access Control Service, what must you do to ensure that the RADIUS authentication works properly?()A Configure IP helper to forward the authentication requests from the clients to the external RADIUS serverB Configure the supplicant as anexternal authentication serverC Configure RADIUS proxy on the realmD Specify the correct RADIUS port 389 on the Junos Pulse Access Control Service
