A
B
C
D
第1题:
A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
第2题:
Which statement is correct regarding the operation of DHCP?()
第3题:
The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch's Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)
A.Configure port Fa0/1 to accept connections only from the static IP address of the server
B.Configure the MAC address of the server as a static entry associated with port Fa0/1
C.Employ a proprietary connector type on Fa0/1 that is incomputable with other host connectors
D.Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server
E.Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address
第4题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
第5题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
第6题:
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
第7题:
An administrator mistakenly shutdown production after a fallover because the service IP address Was shifted from the normal production node to the standby node. What can be done to avoid this type of mistake in the future?()
第8题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第9题:
A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()
第10题:
A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()