问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
查看答案
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session...
问题:多选题Regarding an IPsec security association (SA), which two statements are true?()AIKE SA is bidirectional.BIPsec SA is bidirectional.CIKE SA is established during phase 2 negotiations.DIPsec SA is established during phase 2 negotiations....
问题:单选题A policy-based IPsec VPN is ideal for which scenario?()A when you want to conserve tunnel resourcesB when the remote peer is a dialup or remote access clientC when you want to configure a tunnel policy with an action of denyD when a dynamic routing pro...
问题:单选题You must configure a SCREEN option that would protect your device from a session table flood.Which configuration meets this requirement?()A AB BC CD D...
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
问题:单选题Which configuration shows a pool-based source NAT without PAT’?()A AB BC CD D...
问题:单选题Prior to applying SCREEN options to drop traffic, you want to determine how your configuration will affect traffic. Which mechanism would you configure to achieve this objective?()A the log option for the particular SCREEN optionB the permit option for...
问题:单选题Which type of source NAT is configured in the exhibit?() [edit security nat source] user@host# show rule-set 1 { from interface ge-0/0/2.0; to zone untrust; rule 1A {match { destination-address 1.1.70.0/24; } then { source-nat interface; } } }A interfa...
问题:多选题Which two external authentication server types are supported by JUNOS Software for firewall user authentication?()ARADIUSBTACACS+CLDAPDIIS...
问题:单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()A when one of the tunnel peers has a dynamic IP addressB when one of the tunnel peers wants to force main mode to be usedC when fragmentation of the IKE packet is required between t...
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separat...
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects...
问题:多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] use...
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)...
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thur...
问题:多选题Which three advanced permit actions within security policies are valid?()AMark permitted traffic for firewall user authentication.BMark permitted traffic for SCREEN options.CAssociate permitted traffic with an IPsec tunnel.DAssociate permitted traffic ...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks...