问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...
查看答案
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
问题:单选题You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?()A You must enable SPC detect within the configuration.B You must enable active-active failover for...
问题:单选题Using a policy with the policy-rematch flag enabled, what happens to the existing and newsessions when you change the policy action from permit to deny?()A The new sessions matching the policy are denied. The existing sessions are dropped.B The new ses...
问题:单选题Under which configuration hierarchy is an access profile configured for firewall user authentication?()A [edit access]B [edit security access]C [edit firewall access]D [edit firewall-authentication]...
问题:单选题In the exhibit, you decided to change myHosts addresses. [edit security policies] user@host# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers;application [ junos-ftp junos-bgp...
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.B...
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options...
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode...
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address...
问题:多选题What are three main phases of an attack?()ADoSBexploitCpropagationDport scanningEreconnaissance...
问题:多选题Users can define policy to control traffic flow between which two components?()Afrom a zone to the device itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vL...
问题:单选题Which operational mode command displays all active IPsec phase 2 security associations?()A show ike security-associationsB show ipsec security-associationsC show security ike security-associationsD show security ipsec security-associations...
问题:多选题Which two are uses of NAT?()Aenabling network migrationsBconserving public IP addressesCallowing stateful packet inspectionDpreventing unauthorized connections from outside the network...
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep...