问题:单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
查看答案
问题:多选题Which two statements regarding asymmetric key encryption are true?()AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decryption.DAn attacker can decrypt data if the attacker captures the key used for encryption
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
问题:多选题Which two statements regarding firewall user authentication client groups are true?()AIndividual clients are configured under client groups in the configuration hierarchy.BClient groups are configured under individual clients in the configuration hierarchy.CClient groups are referenced in security policy in the same manner in which individual clients are referenced.DClient groups are used to simplify configuration by enabling firewall user authentication without security policy.
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }A ftp-groupB ftp-usersC firewall-userD nancy and walter
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
问题:多选题In JUNOS Software, which three packet elements can be inspected to determine if asession already exists?()AIP protocolBIP time-to-liveCsource and destination IP addressDsource and destination MAC addressEsource and destination TCP/UDP port
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
问题:多选题Which two are uses of NAT?()Aenabling network migrationsBconserving public IP addressesCallowing stateful packet inspectionDpreventing unauthorized connections from outside the network
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control of NATD The NAT action of off is useful for disabling NAT when a pool is exhausted.
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
问题:单选题Which statement describes the behavior of a security policy?()A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface does not require a security policy.D The factory-default configuration permits all traffic from all interfaces.
问题:多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
问题:单选题Which statement is true about interface-based source NAT?()A PAT is a requirement.B It requires you to configure address entries in the junos-nat zone.C It requires you to configure address entries in the junos-global zone.D The IP addresses being translated must be in the same subnet as the egress interface.