问题:多选题Which three statements are true when working with high-availability clusters? (Choose three.)()AThe valid cluster-id range is between 0 and 255.BJunos OS security devices can belong to more than one cluster if cluster virtualization is enabled.CIf the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.DA reboot is required if the cluster-id or node value is changed.EJunos OS security devices can belong to one cluster only.
查看答案
问题:多选题Which two UTM features require a license to be activated? ()(Choose two.)AantispamBantivirus (full AV)Ccontent filteringDWeb-filtering redirect
问题:单选题Which zone is system-defined?()A securityB functionalC junos-globalD management
问题:多选题Which two parameters are configured in IPsec policy? ()(Choose two.)AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy
问题:单选题A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?()A It enables an attacker to perform an IP sweep of devices.B It enables a hacker to know which operating system the system is running.C It can overflow the session table to its limit, which can result in rejection of legitimate traffic.D It creates a ping of death and can cause the entire network to be infected with a virus.
问题:单选题What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?()A set apply-groups node$B set apply-groups (node)C set apply-groups $(node)D set apply-groups (node)all
问题:多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
问题:单选题Which statement is true regarding the Junos OS for security platforms?()A SRX Series devices can store sessions in a session table.B SRX Series devices accept all traffic by default.C SRX Series devices must operate only in packet-based mode.D SRX Series devices must operate only in flow-based mode.
问题:单选题The Junos OS blocks an HTTP request due to the category of the URL.Which form of Web filtering is being used?()A redirect Web filteringB integrated Web filteringC categorized Web filteringD local Web filtering
问题:单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
问题:多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined
问题:单选题Which statement is true regarding NAT?()A NAT is not supported on SRX Series devices.B NAT requires special hardware on SRX Series devices.C NAT is processed in the control plane.D NAT is processed in the data plane.
问题:单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A [edit security policies from-zone HR to-zone HR]B [edit security zones functional-zone management protocols]C [edit security zones protocol-zone HR host-inbound-traffic]D [edit security zones security-zone HR host-inbound-traffic protocols]
问题:单选题Which statement is correct about HTTP trickling?()A It prevents the HTTP client or server from timing-out during an antivirus updateB It prevents the HTTP client or server from timing-out during antivirus scanning.C It is an attack.D It is used to bypass antivirus scanners.
问题:单选题What is the default session timeout for TCP sessions?()A 1 minuteB 15 minutesC 30 minutesD 90 minutes
问题:单选题How do you apply UTM enforcement to security policies on the branch SRX series?()A UTM profiles are applied on a security policy by policy basis.B UTM profiles are applied at the global policy level.C Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.D Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level.
问题:多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
