问题:单选题Prior to applying SCREEN options to drop traffic, you want to determine how your configuration will affect traffic. Which mechanism would you configure to achieve this objective?()A the log option for the particular SCREEN optionB the permit option for the particular SCREEN optionC the SCREEN option, because it does not drop traffic by defaultD the alarm-without-drop option for the particular SCREEN option
查看答案
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:多选题Which two are uses of NAT?()Aenabling network migrationsBconserving public IP addressesCallowing stateful packet inspectionDpreventing unauthorized connections from outside the network
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep
问题:多选题Which two parameters are configured in IPsec policy?()AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
问题:单选题Which statement regarding the implementation of an IDP policy template is true?()A IDP policy templates are automatically installed as the active IDP policy.B IDP policy templates are enabled using a commit script.C IDP policy templates can be downloaded without an IDP license.D IDP policy templates are included in the factory-default configuration.
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
问题:多选题What are three benefits of using chassis clustering?()AProvides stateful session failover for sessions.BIncreases security capabilities for IPsec sessions.CProvides active-passive control and data plane redundancy.DEnables automated fast-reroute capabilities.ESynchronizes configuration files and session state
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:单选题A policy-based IPsec VPN is ideal for which scenario?()A when you want to conserve tunnel resourcesB when the remote peer is a dialup or remote access clientC when you want to configure a tunnel policy with an action of denyD when a dynamic routing protocol such as OSPF must be sent across the VPN
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题Which two commands can be used to monitor firewall user authentication?()Ashow access firewall-authenticationBshow security firewall-authentication usersCshow security audit logDshow security firewall-authentication history
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A Specify the IP address (172.19.1.1/32) as the destination address in the policy.B Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
问题:多选题You are implementing an IDP policy template from Juniper Networks. Which three steps are included in thisprocess?()Aactivating a JUNOS Software commit scriptBconfiguring an IDP groups statementCsetting up a chassis clusterDdownloading the IDP policy templatesEinstalling the policy templates
