问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
查看答案
问题:单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A [edit security policies from-zone HR to-zone HR]B [edit security zones functional-zone management protocols]C [edit security zones protocol-zone HR host-inbound-traffic]D [edit security zones security-zone HR host-inbound-traffic protocols]
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:单选题A policy-based IPsec VPN is ideal for which scenario?()A when you want to conserve tunnel resourcesB when the remote peer is a dialup or remote access clientC when you want to configure a tunnel policy with an action of denyD when a dynamic routing protocol such as OSPF must be sent across the VPN
问题:多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
问题:单选题Which configuration shows a pool-based source NAT without PAT’?()AABBCCDD
问题:多选题Which two statements about static NAT are true?()AStatic NAT can only be used with destination NAT.BStatic NAT rules take precedence over overlapping dynamic NAT rules.CDynamic NAT rules take precedence over overlapping static NAT rules.DA reverse mapping is automatically created.
问题:多选题What are three main phases of an attack?()ADoSBexploitCpropagationDport scanningEreconnaissance
问题:单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A Specify the IP address (172.19.1.1/32) as the destination address in the policy.B Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题Which three statements are true regarding IDP?()AIDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.BIDP inspects traffic up to the Application layer.CIDP searches the data stream for specific attack patterns.DIDP inspects traffic up to the Presentation layer.EIDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
问题:多选题Regarding an IPsec security association (SA), which two statements are true?()AIKE SA is bidirectional.BIPsec SA is bidirectional.CIKE SA is established during phase 2 negotiations.DIPsec SA is established during phase 2 negotiations.
问题:多选题What are two components of the JUNOS Software architecture?()ALinux kernelBrouting protocol daemonCsession-based forwarding moduleDseparate routing and security planes
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
