niusouti.com

多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on th

题目
多选题
You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()
A

The endpoints can use agentless access.

B

Encrypted traffic flows between the endpoint and the enforcer.

C

Encrypted traffic flows between the endpoint and the protected resource

D

The endpoints can use the Odyssey Access Client.

相似考题

1.Which antivirus solution integrated on branch SRX Series devices do you use to ensure maximum virus coverage for network traffic?()A. express AVB. full AVC. desktop AVD. ICAP

2.You are validating the configuration of your SRX Series device and see the output shown below.What does this indicate?()A.The SRX Series device has been configured correctly, the Junos Pulse Access Control Service is reachable on the network, and the SRX Series device is waiting to receive the initial connection from the Junos Pulse Access Control Service.B.The SRX Series device has confirmed that the Junos Pulse Access Control Service is configured and is reachable on the network, the SRX Series device is waiting to receive the connection from the Junos Pulse Access Control Service, and all that remains to be accomplished is to configure the SRX Series device.C.The SRX Series device is configured correctly and connected to the Junos Pulse Access Control Service. All that remains to be done to complete the configuration is to configure the SRX Series device on the Junos Pulse Access Control Service.D.Both the Junos Pulse Access Control Service and the SRX Series device are configured correctly and communicating with each other.

3.Which statement is true regarding NAT?()A. NAT is not supported on SRX Series devices.B. NAT requires special hardware on SRX Series devices.C. NAT is processed in the control plane.D. NAT is processed in the data plane.

4.Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()A. Source IP and browserB. Source IP and certificateC. Certificate and Host CheckerD. Host Checker and source IP

更多“多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on th”相关问题

  • 第1题:

    You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()

    A. guest-vlan

    B. auth-fail-vlan

    C. server-reject-vlan

    D. server-fail-vlan


    参考答案:C

  • 第2题:

    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()

    A. Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.

    B. A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.

    C. Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.

    D. A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.


    参考答案:B

  • 第3题:

    Which statement is true regarding NAT?()

    • A、NAT is not supported on SRX Series devices.
    • B、NAT requires special hardware on SRX Series devices.
    • C、NAT is processed in the control plane.
    • D、NAT is processed in the data plane.

    正确答案:D

  • 第4题:

    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

    • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
    • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

    正确答案:A

  • 第5题:

    Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()

    • A、Source IP and browser
    • B、Source IP and certificate
    • C、Certificate and Host Checker
    • D、Host Checker and source IP

    正确答案:D

  • 第6题:

    Which antivirus solution integrated on branch SRX Series devices do you use to ensure maximum virus coverage for network traffic?()

    • A、express AV
    • B、full AV
    • C、desktop AV
    • D、ICAP

    正确答案:B

  • 第7题:

    You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()

    • A、The endpoints can use agentless access.
    • B、Encrypted traffic flows between the endpoint and the enforcer.
    • C、Encrypted traffic flows between the endpoint and the protected resource
    • D、The endpoints can use the Odyssey Access Client.

    正确答案:B,D

  • 第8题:

    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()

    • A、The MAG Series device has multiple ports associated with the certificate.
    • B、The MAG Series device's serial number needs to be configured on the SRX Series device.
    • C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
    • D、The MAG Series device and SRX Series device are not synchronized to an NTP server.

    正确答案:C,D

  • 第9题:

    单选题
    You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()
    A

    guest-vlan

    B

    auth-fail-vlan

    C

    server-reject-vlan

    D

    server-fail-vlan


    正确答案: D
    解析: 暂无解析

  • 第10题:

    多选题
    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
    A

    Resource access policy on the MAG Series device

    B

    IPsec routing policy on the MAG Series device

    C

    General traffic policy blocking access through the firewall enforcer

    D

    Auth table entry on the firewall enforcer


    正确答案: A,C
    解析: 暂无解析

  • 第11题:

    多选题
    You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()
    A

    The endpoints can use agentless access.

    B

    Encrypted traffic flows between the endpoint and the enforcer.

    C

    Encrypted traffic flows between the endpoint and the protected resource

    D

    The endpoints can use the Odyssey Access Client.


    正确答案: B,D
    解析: 暂无解析

  • 第12题:

    多选题
    Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)
    A

    The server sending the e-mail to the SRX Series device is a known open SMTP relay.

    B

    The server sending the e-mail to the SRX Series device is running unknown SMTP server software.

    C

    The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.

    D

    The e-mail that the server is sending to the SRX Series device has a virus in its attachment.

    E

    The server sending the e-mail to the SRX Series device is a known spammer IP address.


    正确答案: D,C
    解析: 暂无解析

  • 第13题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    A. Resource access policy on the MAG Series device

    B. IPsec routing policy on the MAG Series device

    C. General traffic policy blocking access through the firewall enforcer

    D. Auth table entry on the firewall enforcer


    参考答案:A, D

  • 第14题:

    What would you use to enforce security-policy compliance on all devices that seek to access the network?()

    • A、 VLAN
    • B、 NAC
    • C、 EAP
    • D、 WLAN

    正确答案:B

  • 第15题:

    You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()

    • A、The intranet-auth authentication option
    • B、The redirect-portal application service
    • C、The uac-policy application service
    • D、The ipsec-vpn tunnel

    正确答案:C

  • 第16题:

    How do you apply UTM enforcement to security policies on the branch SRX series?()

    • A、UTM profiles are applied on a security policy by policy basis.
    • B、UTM profiles are applied at the global policy level.
    • C、Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.
    • D、Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level.

    正确答案:A

  • 第17题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    • A、Resource access policy on the MAG Series device
    • B、IPsec routing policy on the MAG Series device
    • C、General traffic policy blocking access through the firewall enforcer
    • D、Auth table entry on the firewall enforcer

    正确答案:A,D

  • 第18题:

    Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)

    • A、The server sending the e-mail to the SRX Series device is a known open SMTP relay.
    • B、The server sending the e-mail to the SRX Series device is running unknown SMTP server software.
    • C、The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.
    • D、The e-mail that the server is sending to the SRX Series device has a virus in its attachment.
    • E、The server sending the e-mail to the SRX Series device is a known spammer IP address.

    正确答案:A,C,E

  • 第19题:

    Which statement is true regarding the Junos OS for security platforms?()

    • A、SRX Series devices can store sessions in a session table.
    • B、SRX Series devices accept all traffic by default.
    • C、SRX Series devices must operate only in packet-based mode.
    • D、SRX Series devices must operate only in flow-based mode.

    正确答案:A

  • 第20题:

    You deploy mobile devices that run Microsoft Windows Mobile 5.0.   Company security policy requires an authentication process that is stronger than a user name and password combination.   You need to ensure that Microsoft ActiveSync sessions use an authentication process that meets the company security policy.   What should you do?()

    • A、Deploy a two-factor authentication process.
    • B、Deploy a single-factor authentication process.
    • C、Deploy a simple PIN policy for the Windows Mobilebased devices.
    • D、Deploy a complex PIN policy for the Windows Mobilebased devices.

    正确答案:A

  • 第21题:

    多选题
    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
    A

    The MAG Series device has multiple ports associated with the certificate.

    B

    The MAG Series device's serial number needs to be configured on the SRX Series device.

    C

    The SRX Series device must have a certificate signed by the same authority as the MAG Series device.

    D

    The MAG Series device and SRX Series device are not synchronized to an NTP server.


    正确答案: A,C
    解析: 暂无解析

  • 第22题:

    单选题
    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
    A

    You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    B

    No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    C

    You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

    D

    You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.


    正确答案: C
    解析: 暂无解析

  • 第23题:

    单选题
    What would you use to enforce security-policy compliance on all devices that seek to access the network?()
    A

     VLAN

    B

     NAC

    C

     EAP

    D

     WLAN


    正确答案: B
    解析: 暂无解析

  • 第24题:

    单选题
    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()
    A

    Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.

    B

    A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.

    C

    Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.

    D

    A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.


    正确答案: D
    解析: 暂无解析

相关内容