Which two statements are true regarding firewall user authentication?（） (Choose two.)A、When configured for pass-through firewall user authentication, the user must first open a connection to the Junos security remote network resource.B、When configured for

第1题：

Which two statements regarding firewall user authentication client groups are true?（） (Choose two.)

• A、A client group is a list of clients associated with a group.
• B、A client group is a list of groups associated with a client.
• C、Client groups are referenced in security policy in the same manner in which individual clients are referenced.
• D、Client groups are used to simplify configuration by enabling firewall user authentication without security policy.

第2题：

Which two commands can be used to monitor firewall user authentication？（）

• A、show access firewall-authentication
• B、show security firewall-authentication users
• C、show security audit log
• D、show security firewall-authentication history

第3题：

Which statement describes the Authentication Proxy feature？（）

• A、All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
• B、A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
• C、Prior to responding to a proxy ARP，the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
• D、The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

第4题：

Under which configuration hierarchy is an access profile configured for firewall user authentication？（）

• A、[edit access]
• B、[edit security access]
• C、[edit firewall access]
• D、[edit firewall-authentication]

第5题：

A user wants to establish an FTP session to a server behind an SRX device but must authenticate to a Web page on the SRX device for additional authentication.Which type of user authentication is configured?（）

• A、pass-through
• B、WebAuth
• C、WebAuth with Web redirect
• D、pass-through with Web redirect

第6题：

Which two statements regarding external authentication servers for firewall userauthentication are true？（）

• A、Up to three external authentication server types can be used simultaneously.
• B、Only one external authentication server type can be used simultaneously.
• C、If the local password database is not configured in the authentication order， and the configured authentication server is unreachable， authentication is not performed.
• D、If the local password database is not configured in the authentication order， and the configured authentication server rejects the authentication request， authentication is not performed

第7题：

Which two statements regarding external authentication servers for firewall user authentication are true?（） (Choose two.)

• A、Up to three external authentication server types can be used simultaneously.
• B、Only one external authentication server type can be used simultaneously.
• C、If the local password database is not configured in the authentication order, and the configured authentication server  bypassed.
• D、If the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.

第8题：

Which three firewall user authentication objects can be referenced in a security policy? （）(Choose three.)

• A、access profile
• B、client group
• C、client
• D、default profile
• E、external

第9题：

Which statement accurately describes firewall user authentication？（）

• A、Firewall user authentication provides another layer of security in a network.
• B、Firewall user authentication provides a means for accessing a JUNOS Software-based security device.
• C、Firewall user authentication enables session-based forwarding.
• D、Firewall user authentication is used as a last resort security method in a network.

第10题：

第11题：

第12题：

第13题：

Which two firewall user authentication objects can be referenced in a security policy？（）

• A、access profile
• B、client group
• C、client
• D、default profile

第14题：

Which two traffic types trigger pass-through firewall user authentication？（）

• A、SSH
• B、Telnet
• C、ICMP
• D、OSPF
• E、HTTP

第15题：

Which two statements regarding firewall user authentication client groups are true？（）

• A、Individual clients are configured under client groups in the configuration hierarchy.
• B、Client groups are configured under individual clients in the configuration hierarchy.
• C、Client groups are referenced in security policy in the same manner in which individual clients are referenced.
• D、Client groups are used to simplify configuration by enabling firewall user authentication without security policy.

第16题：

You have multiple realms configured on a MAG Series device. A user is authenticating with a non- Junos Pulse Access Control Service client. The username does not contain a realm suffix.Which behavior will the user experience?（）

• A、The user will not be able to log-in, as the Junos Pulse Access Control Service device cannot map the user to a realm when the realm value is empty.
• B、The user will be mapped to all realms available to the user.
• C、The Junos Pulse Access Control Service device displays a page where the user must choose from a list of realms.
• D、The endpoint is assigned to the first realm in the list whose authentication server is a match with the endpoints software.

第17题：

Given the configuration shown in the exhibit， which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy？（） profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"； ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"； ## SECRET-DATA } } session-options { client-group ftp-group； } } firewall-authentication { pass-through { default-profile ftp-users；ftp { banner { login "JUNOS Rocks!"； } } } }

• A、ftp-group
• B、ftp-users
• C、firewall-user
• D、nancy and walter

第18题：

Which two external authentication server types are supported by JUNOS Software for firewall user authentication？（）

• A、RADIUS
• B、TACACS+
• C、LDAP
• D、IIS

第19题：

Which two statements are true regarding firewall user authentication？（）

• A、When configured for pass-through firewall user authentication， the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.
• B、When configured for Web firewall user authentication only， the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.
• C、If a JUNOS security device is configured for pass-through firewall user authentication， new sessions are automatically intercepted to perform authentication.
• D、If a JUNOS security device is configured for Web firewall user authentication， new sessions are automatically intercepted to perform authentication.

第20题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第21题：

第22题：

第23题：