source NAT
destination NAT
route lookup
zone lookup
第1题:
A. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will
B. If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will
C. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based packet.
D. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based of inner header, it will decrypt the packet.
第2题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第3题:
Router VE1 has just received a packet and needs to route it. What two actions must this router take in order to route incoming packets? (Choose two)
A. Inspect the routing table to select the best path to the destination network addresses.
B. Validate sources of routing information.
C. Inspect the ARP table to verify a legitimate source MAC address for each packet.
D. Identify the destination network address of each packet.
E. Verify the receipt of routed packets by the next hop router.
F. Identify the source network address of each packet.
第4题:
A. The source device will only retransmit lost packets on the request of the destination device.
B. The source device starts a timer when it sends a segment and retransmits if an acknowledgment is not received before the timer expires.
C. The destination device acknowledges receipt of a segment by sending a packet with a new sequence number and the ACK bit sent.
D. The destination device acknowledges receipt of a segment by sending a packet that indicates the next sequence number it expects.
E. If the destination device does not receive a segment, all segments are retransmitted.
F. The source device keeps a record of all segments sent and expects and acknowledgment of each.
第5题:
A. source NAT
B. destination NAT
C. route lookup
D. zone lookup
第6题:
Intheexhibit,youdecidedtochangemyHostsaddresses.[editsecuritypolicies]user@hostshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;Whatwillhappentothenewsessionsmatchingthepolicyandin-progresssessionsthathadalreadymatchedthepolicy?()
A.Newsessionswillbeevaluated.In-progresssessionswillbere-evaluated.
B.Newsessionswillbeevaluated.Allin-progresssessionswillcontinue.
C.Newsessionswillbeevaluated.Allin-progresssessionswillbedropped.
D.Newsessionswillhaltuntilallin-progresssessionsarere-evaluated.In-progresssessionswillbere-evaluatedandpossiblydropped.
第7题:
After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?()
A. The Junos OS drops any flow that does not match the source address or destination address.
B. All traffic is dropped.
C. All existing sessions continue.
D. The Junos OS does a policy re-evaluation.
第8题:
A. destination NAT
B. forwarding lookup
C. route lookup
D. SCREEN options
第9题:
A. The route does not match this policy.
B. The route is rejected.
C. The route is accepted.
D. The route is accepted, then rejected.
第10题:
After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?()