niusouti.com

单选题Which statement describes the behavior of a security policy?()A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface doe

题目
单选题
Which statement describes the behavior of a security policy?()
A

The implicit default security policy permits all traffic.

B

Traffic destined to the device itself always requires a security policy.

C

Traffic destined to the device’s incoming interface does not require a security policy.

D

The factory-default configuration permits all traffic from all interfaces.

相似考题

1.Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.

2.Which statement about IDS/IPS design is correct?()A、An IPS should be deployed if the security policy does not support the denial of traffic.B、An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.C、An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.D、Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.

3.What is a Host Enforcer policy?()A、A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.B、A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.C、A policy that is sent to the protected resource that permits or denies inbound or outbound traffic.D、A policy that is defined on the protected resource that permits or denies inbound or outbound traffic.

4.You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A. [edit security policies from-zone HR to-zone HR]B. [edit security zones functional-zone management protocols]C. [edit security zones protocol-zone HR host-inbound-traffic]D. [edit security zones security-zone HR host-inbound-traffic protocols]

更多“单选题Which statement describes the behavior of a security policy?()A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface doe”相关问题

  • 第1题:

    Which type of zone is used by traffic transiting the device?()

    • A、transit zone
    • B、default zone
    • C、security zone
    • D、functional zone

    正确答案:C

  • 第2题:

    Which statement describes the behavior of a security policy?()

    • A、The implicit default security policy permits all traffic.
    • B、Traffic destined to the device itself always requires a security policy.
    • C、Traffic destined to the device’s incoming interface does not require a security policy.
    • D、The factory-default configuration permits all traffic from all interfaces.

    正确答案:C

  • 第3题:

    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

    • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
    • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

    正确答案:A

  • 第4题:

    Which two statements are true for a security policy? ()(Choose two.)

    • A、It controls inter-zone traffic.
    • B、It controls intra-zone traffic.
    • C、It is named with a system-defined name.
    • D、It controls traffic destined to the device's ingress interface.

    正确答案:A,B

  • 第5题:

    You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()

    • A、Telnet is not being permitted by self policy.
    • B、Telnet is not being permitted by security policy.
    • C、Telnet is not allowed because it is not considered secure.
    • D、Telnet is not enabled as a host-inbound service on the zone

    正确答案:D

  • 第6题:

    Regarding zone types, which statement is true?()

    • A、You cannot assign an interface to a functional zone.
    • B、You can specifiy a functional zone in a security policy.
    • C、Security zones must have a scheduler applied.
    • D、You can use a security zone for traffic destined for the device itself.

    正确答案:D

  • 第7题:

    多选题
    Which two statements are true for a security policy? ()(Choose two.)
    A

    It controls inter-zone traffic.

    B

    It controls intra-zone traffic.

    C

    It is named with a system-defined name.

    D

    It controls traffic destined to the device's ingress interface.


    正确答案: D,A
    解析: 暂无解析

  • 第8题:

    单选题
    You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain.    Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network.  How should you configure Server1?()
    A

     Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.

    B

     Configure the network adapter on the test network to disable IEEE 802.1x authentication.

    C

     Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.

    D

     Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.

    E

     Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.


    正确答案: A
    解析: 暂无解析

  • 第9题:

    多选题
    Which two statements are true regarding IDP?()
    A

    IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.

    B

    IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.

    C

    IDP inspects traffic up to the Presentation layer.

    D

    IDP inspects traffic up to the Application layer.


    正确答案: A,B
    解析: 暂无解析

  • 第10题:

    单选题
    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
    A

    You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    B

    No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    C

    You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

    D

    You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.


    正确答案: C
    解析: 暂无解析

  • 第11题:

    单选题
    Regarding zone types, which statement is true?()
    A

    You cannot assign an interface to a functional zone.

    B

    You can specifiy a functional zone in a security policy.

    C

    Security zones must have a scheduler applied.

    D

    You can use a security zone for traffic destined for the device itself.


    正确答案: D
    解析: 暂无解析

  • 第12题:

    单选题
    Which statement about IDS/IPS design is correct?()
    A

     An IPS should be deployed if the security policy does not support the denial of traffic.

    B

     An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.

    C

     An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.

    D

     Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.


    正确答案: A
    解析: 暂无解析

  • 第13题:

    You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()

    • A、[edit security policies from-zone HR to-zone HR]
    • B、[edit security zones functional-zone management protocols]
    • C、[edit security zones protocol-zone HR host-inbound-traffic]
    • D、[edit security zones security-zone HR host-inbound-traffic protocols]

    正确答案:D

  • 第14题:

    You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()

    • A、[edit security policies from-zone HR to-zone HR]
    • B、[edit security zones functional-zone management protocols]
    • C、[edit security zones protocol-zone HR host-inbound-traffic]
    • D、[edit security zones security-zone HR host-inbound-traffic protocols]

    正确答案:D

  • 第15题:

    Which two statements describe the purpose of a security policy?()

    • A、It enables traffic counting and logging.
    • B、It enforces a set of rules for transit traffic.
    • C、It controls host inbound services on a zone.
    • D、It controls administrator rights to access the device.

    正确答案:A,B

  • 第16题:

    Which two statements are true regarding IDP?()

    • A、IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.
    • B、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.
    • C、IDP inspects traffic up to the Presentation layer.
    • D、IDP inspects traffic up to the Application layer.

    正确答案:A,D

  • 第17题:

    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

    • A、Traffic is permitted from the trust zone to the untrust zone.
    • B、Intrazone traffic in the trust zone is permitted.
    • C、All traffic through the device is denied.
    • D、The policy is matched only when no other matching policies are found.

    正确答案:C,D

  • 第18题:

    You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain.    Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network.  How should you configure Server1?()

    • A、 Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.
    • B、 Configure the network adapter on the test network to disable IEEE 802.1x authentication.
    • C、 Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.
    • D、 Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.
    • E、 Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.

    正确答案:D

  • 第19题:

    单选题
    Which statement is true about source NAT?()
    A

    Source NAT works only with source pools.

    B

    Destination NAT is required to translate the reply traffic.

    C

    Source NAT does not require a security policy to function.

    D

    The egress interface IP address can be used for source NAT


    正确答案: A
    解析: 暂无解析

  • 第20题:

    单选题
    Which statement describes the behavior of a security policy?()
    A

    The implicit default security policy permits all traffic.

    B

    Traffic destined to the device itself always requires a security policy.

    C

    Traffic destined to the device’s incoming interface does not require a security policy.

    D

    The factory-default configuration permits all traffic from all interfaces.


    正确答案: C
    解析: 暂无解析

  • 第21题:

    单选题
    You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
    A

    [edit security policies from-zone HR to-zone HR]

    B

    [edit security zones functional-zone management protocols]

    C

    [edit security zones protocol-zone HR host-inbound-traffic]

    D

    [edit security zones security-zone HR host-inbound-traffic protocols]


    正确答案: D
    解析: 暂无解析

  • 第22题:

    多选题
    Which two statements describe the purpose of a security policy?()
    A

    It enables traffic counting and logging.

    B

    It enforces a set of rules for transit traffic.

    C

    It controls host inbound services on a zone.

    D

    It controls administrator rights to access the device.


    正确答案: B,D
    解析: 暂无解析

  • 第23题:

    单选题
    You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
    A

    [edit security policies from-zone HR to-zone HR]

    B

    [edit security zones functional-zone management protocols]

    C

    [edit security zones protocol-zone HR host-inbound-traffic]

    D

    [edit security zones security-zone HR host-inbound-traffic protocols]


    正确答案: A
    解析: 暂无解析

  • 第24题:

    多选题
    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
    A

    Traffic is permitted from the trust zone to the untrust zone.

    B

    Intrazone traffic in the trust zone is permitted.

    C

    All traffic through the device is denied.

    D

    The policy is matched only when no other matching policies are found.


    正确答案: C,A
    解析: 暂无解析

相关内容