问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
查看答案
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
问题:多选题Users can define policy to control traffic flow between which two components?()Afrom a zone to the device itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:多选题In JUNOS Software, which three packet elements can be inspected to determine if asession already exists?()AIP protocolBIP time-to-liveCsource and destination IP addressDsource and destination MAC addressEsource and destination TCP/UDP port
问题:多选题Which two statements regarding external authentication servers for firewall userauthentication are true?()AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is not performed.DIf the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is not performed
问题:单选题Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of yourdevice. You must use NAT to make the webserver reachable from the Internet using port translation.Which type of NAT must you configure?()A source NAT with address shiftingB pool-based source NATC static destination NATD pool-based destination NAT
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
问题:多选题Which two statements are true regarding redundancy groups?()AWhen priority settings are equal and the members participating in a cluster are initialized at the same time, the primary role for redundancy group 0 is assigned to node 0.BThe preempt option determines the primary and secondary roles for redundancy group 0 during a failure and recovery scenario.CRedundancy group 0 manages the control plane failover between the nodes of a cluster.DThe primary role can be shared for redundancy group 0 when the active-active option is enabled
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:多选题Which two statements regarding firewall user authentication client groups are true?()AIndividual clients are configured under client groups in the configuration hierarchy.BClient groups are configured under individual clients in the configuration hierarchy.CClient groups are referenced in security policy in the same manner in which individual clients are referenced.DClient groups are used to simplify configuration by enabling firewall user authentication without security policy.
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
问题:多选题Which two statements about the use of SCREEN options are correct?()ASCREEN options are deployed at the ingress and egress sides of a packet flow.BAlthough SCREEN options are very useful, their use can result in more session creation.CSCREEN options offer protection against various attacks at the ingress zone of a packet flow.DSCREEN options examine traffic prior to policy processing, thereby resulting in fewer resouces used formalicious packet processing.
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题Which two statements regarding asymmetric key encryption are true?()AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decryption.DAn attacker can decrypt data if the attacker captures the key used for encryption