问题:多选题Which three authentication server types are supported for retrieving user attributes used in role- mapping rules?()ALDAPBS/KeyCTACACS+DRADIUSESiteMinder
查看答案
问题:多选题You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()Aaccess profileBIKE parametersCtunneled interfaceDredirect policy
问题:多选题A customer wants to create a custom Junos Pulse configuration. Which two are required?()AConnection setBConfiguration setCCustom installerDComponent set
问题:多选题Which three features are supported with the Junos Pulse client?()Athird-party RADIUS supportBHost EnforcerCHost CheckerDIPsecEsoft tokens
问题:单选题A user calls the help desk and explains that they just purchased a Macintosh computer. When they log into the network, the Odyssey Access Client is not automatically downloaded as it was when the user used their Windows PC.How do you resolve this issue?()A Download the Macintosh installer from the Junos Pulse Access Control Service and manually install the Odyssey Access Client.B Provide the user with the sign-in URL you set up for Macintosh users; this will push the Odyssey Access Client to the user's machine.C Assist the user to configure the Macintosh native supplicant and provide the AppleScnptto expose the EAP-JUAC inner authentication protocol.D Configure the user's role to install the Java agent, which is a requirement to allow the Junos Pulse Access Control Service to deploy the Odyssey Access Client.
问题:单选题You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()A Enhanced Endpoint SecurityB DP signaturesC Antivirus licensingD Endpoint Security Assessment Plug-in
问题:单选题What is the function of Host Checker?()A To allow clientless access to the networkB To restrict access to protected resources on the networkC To scan an endpointfor compliance with security policiesD To push a firewall policy to the endpoint's local firewall application
问题:单选题Two MAG4610s are running in an active/passive cluster configuration. The system administrator is planning to apply a service package to the cluster.Which process should the administrator follow?()A Perform the upgrade on the active node of the cluster. When completed, the node reboots and then pushes the service package to the passive node automatically.B Perform the upgrade on the passive node of the cluster. When completed, the node reboots and then pushes the service package to the active node automatically.C On the clustering status page, disable the active node. Perform the upgrade on the disabled node. When completed and the node reboots, enable the node on the clustering status page.Repeat the process on the passive node.D On the clustering status page, disable the passive node. Perform the upgrade on the disabled node. When completed and the node reboots, enable the node on the clustering status page.Repeat the process on the active node.
问题:单选题Which Junos Pulse feature allows the user to log in once through a Junos Pulse Secure Access Service on the network and then access resources protected by a Junos Pulse Access Control Service without reauthentication?()A Roaming SessionB Session MigrationC Location AwarenessD Persistent Session
问题:单选题You have created a Host Checker policy that contains multiple rules. You want to inform end users which rule specifically has failed.In the admin GUI, which configuration setting would you enable?()A Enable Custom InstructionsB Pre-auth notificationC Remediation messageD Send reason strings
问题:单选题In a Junos Pulse Access Control Service active/active clustered environment, which statement is true about VIPs?()A VIP is not required when using only agentless access for all endpoint platforms.B VIP is not required when using Junos Pulse or Odyssey Access Client for all endpoint platforms.C VIP is not required when using Junos Pulse and agentless access for all endpoint platforms.D VIP is not required when using Odyssey Access Client and agentless access for all endpoint platforms.
问题:多选题A customer has purchased a new Junos Pulse Access Control Service and wants to install it in an existing cluster.After initial configuration, the customer finds that the firmware version running on the Junos Pulse Access Control Service is 4.1 r5, but the existing cluster is running firmware version 4.1 r3. Which two actions must be performed to allow the new Junos Pulse Access Control Service to load the older version of firmware?()AInstall a valid license on the new Junos Pulse Access Control Service.BWhen loading the older firmware, delete all the existing data on the Junos Pulse Access Control Service.CAdd the new Junos Pulse Access Control Service to the existing cluster.DDownload the 4.1 r3 version firmware from the Juniper support website.
问题:多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()AThe endpoints can use agentless access.BEncrypted traffic flows between the endpoint and the enforcer.CEncrypted traffic flows between the endpoint and the protected resourceDThe endpoints can use the Odyssey Access Client.
问题:多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.
问题:单选题You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()A The user will be instructed to call the network administrator.B The user will fail authentication.C The user will be prompted to install a new device certificate on the MAG Series device.D The user will successfully authenticate and have full network access.
问题:多选题You want to customize access to the corporate network so that agentiess users are instructed to obtain a certificatebefore accessing the network.Which two configurations solve this problem? ()ACreate a custom sign-in page with specific instructions in the Instructions field.BCreate a custom sign-in page with specific Missing Certificate messages in the Custom error messages field.CCreate a custom sign-in policy with specific instructions in the Instructions field.DCreate a custom sign-in notification and assign it to the Pre-Auth Sign-in Notification in the sign-in policy.
问题:多选题An authentication realm consists of which three authentication resources?()AAuthentication serverBSession optionsCAuthentication policyDEnd-point security policyERole-mapping rules
问题:单选题Using an LDAP authentication server, what do you configure to validate certificate attributes?()A Use the is exactly or contains operators.B Create a user filter matching the dn of the certificate.C Verify that the certificate is issued by a publicly trusted cs.D Match the certificate type and value with an attribute from the ldap server.