问题:单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connectionto Host B. These connections are the only communication between Host A and Host B. Thesecurity policy configuration permits both connections.How many flows exist between Host A and Host B?()A 1B 2C 3D 4
查看答案
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks
问题:单选题Which configuration shows a pool-based source NAT without PAT’?()AABBCCDD
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
问题:单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A set policy tunnel-traffic then tunnel remote-vpnB set policy tunnel-traffic then permit tunnel remote-vpnC set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
问题:单选题In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()A The existing FTP and BGP sessions will continue.B The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.C The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.D The existing FTP sessions will continue and only the existing BGP sessions will be dropped.
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)
问题:单选题You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?()A You must enable SPC detect within the configuration.B You must enable active-active failover for redundancy.C You must ensure all SPCs use the same slot placement.D You must configure auto-negotiation on the control ports of both devices
问题:单选题Your task is to provision the JUNOS security platform to permit transit packets from the Private zone to theExternal zone by using an IPsec VPN and log information at the time of session close. Which configurationmeets this requirement?()AABBCCDD
问题:多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
问题:多选题What are three benefits of using chassis clustering?()AProvides stateful session failover for sessions.BIncreases security capabilities for IPsec sessions.CProvides active-passive control and data plane redundancy.DEnables automated fast-reroute capabilities.ESynchronizes configuration files and session state
问题:单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A Specify the IP address (172.19.1.1/32) as the destination address in the policy.B Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
问题:多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
问题:多选题Which two statements are true regarding IDP?()AIDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.BIDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.CIDP inspects traffic up to the Presentation layer.DIDP inspects traffic up to the Application layer.