问题:单选题Which configuration shows a pool-based source NAT without PAT’?()AABBCCDD
查看答案
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)
问题:多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题What are three main phases of an attack?()ADoSBexploitCpropagationDport scanningEreconnaissance
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks
问题:多选题Which two statements about the use of SCREEN options are correct?()ASCREEN options are deployed at the ingress and egress sides of a packet flow.BAlthough SCREEN options are very useful, their use can result in more session creation.CSCREEN options offer protection against various attacks at the ingress zone of a packet flow.DSCREEN options examine traffic prior to policy processing, thereby resulting in fewer resouces used formalicious packet processing.
问题:多选题Which two statements about the Diffie-Hellman (DH) key exchange process are correct?()AIn the DH key exchange process, the session key is never passed across the network.BIn the DH key exchange process, the public and private keys are mathematically related using the DH algorithm.CIn the DH key exchange process, the session key is passed across the network to the peer for confirmation.DIn the DH key exchange process, the public and private keys are not mathematically related, ensuring higher security
问题:单选题What is the default session timeout for UDP sessions?()A 30 secondsB 1 minuteC 5 minutesD 30 minutes
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:单选题Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing asecurity policy change?()A policy-rematchB policy-evaluateC rematch-policyD evaluate-policy
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
问题:单选题In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()A The existing FTP and BGP sessions will continue.B The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.C The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.D The existing FTP sessions will continue and only the existing BGP sessions will be dropped.
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]