问题:单选题What is the function of Host Checker?()A To allow clientless access to the networkB To restrict access to protected resources on the networkC To scan an endpointfor compliance with security policiesD To push a firewall policy to the endpoint's local firewall application
查看答案
问题:多选题You want to provide 802.1X access for Windows clients using Junos Pulse as the agent. Which two considerations must you take into account()AJunos Pulse out erauth entication uses EAP-PEAP.BJunos Pulse ou terauth entication uses EAP-TTLS.CJunos Pulse innerauth entication uses EAP-MSCHAP-V2.DTheend point must use thenative Microsoft 802.1X supplicant.
问题:单选题A company has completed two acquisitions over the previous year. Each of the acquired companies was allowed to keep its own independent authentication server. The network administrator has been asked to roll out the Junos Pulse Access Control Service to users within the original company along with each of the two acquired organizations.The administrator configures three authentication realms, one for each independent authentication server, and associates them all with a single sign-in policy. All of the client endpoints are running Junos Pulse on their Windows XP desktops. When a user signs in to the Junos Pulse Access Control Service, which statement is correct?()A The first authentication realm that was added to the sign-in policy is used by default.B The user is allowed to choose the correct authentication realm from a list presented by Junos Pulse.C When Junos Pulse is initially installed on the desktop, it must be configured with the correct realm.D This is not an allowed configuration; the administrator should configure separate sign-in policies for each realm.
问题:多选题You administer a network with Windows-based endpoints that have custom software images. You want to use Host Checker to require that endpoints are running the custom software image.Which two Host Checker policy rules would be used to enforce this requirement?()AIsolate a file name unique to the custom image and create a custom rule-type of File which matches on the file. Select the Required option under the custom rule.BIdentify the MAC address unique to network cards installed in PCs with the custom image and create a custom rule-type of MAC Address which matches on the appropriate MAC address.CSelect the Required option under the custom rule Identify the IP address unique to the network cards installed in PCs with the custom image and create a custom rule-type of IP Address which matches on the appropriate IP address. Select the Required option under the custom rule.DIsolate or create a unique Windows registry key for the custom image and create a custom rule- type of Registry Setting which matches on the name of the registry key.
问题:多选题What are three necessary steps for enabling 802.1X access when configuring Layer 2 enforcement?()AConfigure a location groupBCreatean authentication protocol setCConfigure the RADIUS AV pair listDConfigure RADIUS clientsEConfigure role and role-mapping rules
问题:多选题Your IT director has decided to allow employees to use their laptops at home as well as in the office. You have deployed the Junos Pulse client to allow access to the offices 802.1X-enabled wired network. Your company also has the Junos Pulse Secure Access Service deployed. You want the Junos Pulse client to automatically launch the appropriate access method depending on each users location. Which three are supported to determine the users location?()AMAC addressBDNS serverCDHCP serverDresolve addressEendpoint address
问题:多选题An authentication realm consists of which three authentication resources?()AAuthentication serverBSession optionsCAuthentication policyDEnd-point security policyERole-mapping rules
问题:单选题A customer is trying to decide which 802.1X inner protocol to use on their network. The customer requires that nopasswords be sent across the network in plain text, that the protocol be supported by the Windows native supplicant,and that the protocol supports password changes at Layer 2. Which protocol would meet the customers needs?()A EAP-TLSB EAP-MD5C PAPD EAP-MSCHAPv2
问题:多选题A customer has purchased a new Junos Pulse Access Control Service and wants to install it in an existing cluster.After initial configuration, the customer finds that the firmware version running on the Junos Pulse Access Control Service is 4.1 r5, but the existing cluster is running firmware version 4.1 r3. Which two actions must be performed to allow the new Junos Pulse Access Control Service to load the older version of firmware?()AInstall a valid license on the new Junos Pulse Access Control Service.BWhen loading the older firmware, delete all the existing data on the Junos Pulse Access Control Service.CAdd the new Junos Pulse Access Control Service to the existing cluster.DDownload the 4.1 r3 version firmware from the Juniper support website.
问题:单选题What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()A Checkpoint firewallB SRX Series deviceC DP sensorD MX Series device
问题:单选题Which Junos Pulse Access Control Service client provides a built-in viewer to access local logs?()A Odyssey Access ClientB Junos PulseC Java agentD Agent less access
问题:单选题Two MAG4610s are running in an active/passive cluster configuration. The system administrator is planning to apply a service package to the cluster.Which process should the administrator follow?()A Perform the upgrade on the active node of the cluster. When completed, the node reboots and then pushes the service package to the passive node automatically.B Perform the upgrade on the passive node of the cluster. When completed, the node reboots and then pushes the service package to the active node automatically.C On the clustering status page, disable the active node. Perform the upgrade on the disabled node. When completed and the node reboots, enable the node on the clustering status page.Repeat the process on the passive node.D On the clustering status page, disable the passive node. Perform the upgrade on the disabled node. When completed and the node reboots, enable the node on the clustering status page.Repeat the process on the active node.
问题:多选题You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()ACLIBWebUICNSMDJunos Pulse Access Control Service
问题:单选题You have configured Junos Pulse on your Windows desktop and want to verify that the IPsec configuration policy is being pushed down to your workstation upon network authentication and login.Which utility program do you use to see this configuration and where do you find it?()A the Pulse Diagnostics Tool in the File > Tools menu option in the Pulse GUIB the Pulse Diagnostics Tool in the Start > All Programs > Juniper Networks > Junos Pulse menu folder next to the Junos Pulse applicationC the Pulse Diagnostics Viewer, which you access by simultaneously pressing Ctrl and F2D the Pulse Diagnostics Viewer in the File > Tools menu option in the Pulse GUI
问题:多选题A user logs in and is mapped to two roles. The first role has a maximum timeout value of 600 minutes and the default Juniper Networks logo on the user interface page. The second role has a maximum timeout value of 1200 minutes and a custom logo on the user interface page. Based on the merging of these two roles, which two will be applied?()AA custom logo on the user interface pageBA maximum timeout value of 600 minutesCA maximum time out value of 1200 minutesDA default Juniper Networks logo on the user interface page
问题:多选题On the Junos Pulse Access Control Service, you have created a role called Secret that you only want to provide to users who present a certificate.Using the admin GUI, which two features would you configure to satisfy this requirement?()ASign-in PolicyBRole Mapping RuleCRole RestrictionsDTrusted Server CA
问题:单选题You navigate to "UAC" > "Infranet Enforcer" > "Auth Table Mapping" in the admin GUI. You see one policy, which is the unmodified, original default policy.Which statement is true?()A Dynamic auth table mapping is not enabled.B A successful authentication attempt will result in a new authentication table entry, which will be delivered only to the Junos enforcer protecting the network from which the user has authenticated.C To create a static auth table mapping, you must delete the default policy.D The default policy applies only to the factory-default role User.
问题:多选题In the admin GUI, you navigate to "System" > "Status" > "Active Users". You see several buttons, including "Delete Session", "Delete All Sessions". "Refresh Roles", and "Disable All Users".Which two statements are true?()ATo forcibly sign out a single user, you should select the check box next to that user's login name, then select Delete Session.BIf you select Delete All Sessions, all users are forcibly signed out and are unable to sign in again until Enable All Users is selected.CSelecting Disable All Users prevents users from signing in and starting a new session, but does not forcibly sign out any users that already have an existing session.DSelecting Refresh Roles re-evaluates authentication policies, role-mapping rules, and resource policies for all existing user sessions.
问题:单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
问题:单选题A user calls the help desk and explains that they just purchased a Macintosh computer. When they log into the network, the Odyssey Access Client is not automatically downloaded as it was when the user used their Windows PC.How do you resolve this issue?()A Download the Macintosh installer from the Junos Pulse Access Control Service and manually install the Odyssey Access Client.B Provide the user with the sign-in URL you set up for Macintosh users; this will push the Odyssey Access Client to the user's machine.C Assist the user to configure the Macintosh native supplicant and provide the AppleScnptto expose the EAP-JUAC inner authentication protocol.D Configure the user's role to install the Java agent, which is a requirement to allow the Junos Pulse Access Control Service to deploy the Odyssey Access Client.