问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
查看答案
问题:单选题In a chassis cluster with two SRX 5800 devices, the interface ge-13/0/0 belongs to which device?()A This interface is a system-created interface.B This interface belongs to node 0 of the cluster.C This interface belongs to node 1 of the cluster.D This interface will not exist because SRX 5800 devices have only 12 slots.
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:多选题Which two commands can be used to monitor firewall user authentication?()Ashow access firewall-authenticationBshow security firewall-authentication usersCshow security audit logDshow security firewall-authentication history
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:多选题Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()AJUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.BJUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default.CJUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding.DJUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet.
问题:单选题You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?()A You must enable SPC detect within the configuration.B You must enable active-active failover for redundancy.C You must ensure all SPCs use the same slot placement.D You must configure auto-negotiation on the control ports of both devices
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:多选题What are three main phases of an attack?()ADoSBexploitCpropagationDport scanningEreconnaissance
问题:多选题What are two interfaces created when enabling a chassis cluster?()Ast0Bfxp1Cfab0Dreth0
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
问题:单选题You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()A set security zones management interfaces ge-0/0/0.0B set zones functional-zone management interfaces ge-0/0/0.0C set security zones functional-zone management interfaces ge-0/0/0.0D set security zones functional-zone out-of-band interfaces ge-0/0/0.0
问题:单选题Which statement is true about source NAT?()A Source NAT works only with source pools.B Destination NAT is required to translate the reply traffic.C Source NAT does not require a security policy to function.D The egress interface IP address can be used for source NAT
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
问题:单选题When applying the configuration in the exhibit and initializing a chassis cluster, which statement is correct?() [edit chassis] user@host# show cluster { reth-count 3; redundancy-group 1 { node 0 priority 1; node 1 priority 100; } }A Three physical interfaces are redundant.B You must define an additional redundancy group.C node 0 will immediately become primary for redundancy group 1.D You must issue an operational command and reboot the system for the above configuration to take effect.
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep