违法和不良信息举报 联系客服
免费注册 登录

单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to init

题目
单选题
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()
A

A

B

B

C

C

D

D

如果没有搜索结果或未解决您的问题,请直接 联系老师 获取答案。
相似问题和答案

第1题:

You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()

A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.

B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.

C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.


参考答案:D

第2题:

Which statement is correct regarding the operation of DHCP?()

  • A、A DHCP client uses a ping to detect address conflicts.(ARP)
  • B、A DHCP server uses a gratuitous ARP to detect DHCP clients.
  • C、A DHCP client uses a gratuitous ARP to detect a DHCP server.
  • D、If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
  • E、If an address conflict is detected, the address removed from the pool for an amount of time configurable by the administrator.
  • F、If an address conflict is detected, the address is removed from the pool and will not be reused until server is rebooted.

正确答案:D

第3题:

The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch's Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)

A.Configure port Fa0/1 to accept connections only from the static IP address of the server

B.Configure the MAC address of the server as a static entry associated with port Fa0/1

C.Employ a proprietary connector type on Fa0/1 that is incomputable with other host connectors

D.Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server

E.Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address


正确答案:BD
解析:Explanation:
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port.

When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host.

The port's behavior. depends on how you configure it to respond to a security violation. When a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation.

第4题:

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()

  • A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.
  • B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
  • C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
  • D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

正确答案:D

第5题:

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()

  • A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
  • B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
  • C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
  • D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

正确答案:B

第6题:

A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()

A. Configure port Fa0/1 to accept connections only from the static IP address of the server.

B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.

C. Configure the MAC address of the server as a static entry associated with port Fa0/1.

D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.

E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.

F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.


参考答案:C, E

第7题:

An administrator mistakenly shutdown production after a fallover because the service IP address  Was shifted from the normal production node to the standby node.  What can be done to avoid this type of mistake in the future?()  

  • A、 Include the service IP address in the administrator’s PS1 prompt
  • B、 Alias the service IP address to the hostname in the /etc/host file
  • C、 Define a persistent IP address with HACMP and make it a practice to use the persistent address for administration work
  • D、 Add a DNS entry to map the standby node name to the service IP address so telnet connections will be to the correct node

正确答案:C

第8题:

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()

A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }

D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }


参考答案:B

第9题:

A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()

  • A、DHCP server
  • B、DNS server
  • C、Host file
  • D、Route statements

正确答案:C

第10题:

A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()

  • A、The host needs to open the telnet port.
  • B、The host needs a route for the translated address.
  • C、The administrator must use a proxy-arp policy for the translated address.
  • D、The administrator must use a security policy, which will allow communication between the zones.

正确答案:C

更多相关问题
相关内容