问题:单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A [edit security policies from-zone HR to-zone HR]B [edit security zones functional-zone management protocols]C [edit security zones protocol-zone HR host-inbound-traffic]D [edit security zones security-zone HR host-inbound-traffic protocols]
查看答案
问题:多选题Which two statements are true with regard to policy ordering? ()(Choose two.)AThe last policy is the default policy, which allows all traffic.BThe order of policies is not important.CNew policies are placed at the end of the policy list.DThe insert command can be used to change the order.
问题:单选题A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?()A It enables an attacker to perform an IP sweep of devices.B It enables a hacker to know which operating system the system is running.C It can overflow the session table to its limit, which can result in rejection of legitimate traffic.D It creates a ping of death and can cause the entire network to be infected with a virus.
问题:多选题Which three components can be leveraged when defining a local whitelist or blacklist for antispam on a branch SRX Series device? (Choose three.)()Aspam assassin filtering scoreBsender countryCsender IP addressDsender domainEsender e-mail address
问题:多选题Which three parameters are configured in the IKE policy? ()(Choose three.)AmodeBpreshared keyCexternal interfaceDsecurity proposalsEdead peer detection settings
问题:多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
问题:单选题In a chassis cluster with two SRX 5800 devices, the interface ge-13/0/0 belongs to which device?()A This interface is a system-created interface.B This interface belongs to node 0 of the cluster.C This interface belongs to node 1 of the cluster.D This interface will not exist because SRX 5800 devices have only 12 slots.
问题:单选题What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?()A set apply-groups node$B set apply-groups (node)C set apply-groups $(node)D set apply-groups (node)all
问题:多选题Which two functions of the Junos OS are handled by the data plane? ()(Choose two.)ANATBOSPFCSNMPDSCREEN options
问题:单选题Which zone type can be specified in a policy?()A securityB functionalC userD system
问题:单选题How do you apply UTM enforcement to security policies on the branch SRX series?()A UTM profiles are applied on a security policy by policy basis.B UTM profiles are applied at the global policy level.C Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.D Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level.
问题:多选题Which three methods of source NAT does the Junos OS support?() (Choose three.)Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT
问题:单选题The Junos OS blocks an HTTP request due to the category of the URL.Which form of Web filtering is being used?()A redirect Web filteringB integrated Web filteringC categorized Web filteringD local Web filtering
问题:多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
问题:单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
问题:单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
问题:多选题Which three statements are true when working with high-availability clusters? (Choose three.)()AThe valid cluster-id range is between 0 and 255.BJunos OS security devices can belong to more than one cluster if cluster virtualization is enabled.CIf the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.DA reboot is required if the cluster-id or node value is changed.EJunos OS security devices can belong to one cluster only.
问题:单选题Which zone is system-defined?()A securityB functionalC junos-globalD management