The SRX device receives a packet and determines that it does not match an existing session.After SCREEN options are evaluated, what is evaluated next?()A、source NATB、destination NATC、route lookupD、zone lookup

题目

The SRX device receives a packet and determines that it does not match an existing session.After SCREEN options are evaluated, what is evaluated next?()

  • A、source NAT
  • B、destination NAT
  • C、route lookup
  • D、zone lookup
相似考题

1.When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()A. The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.B. The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.C. The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.D. The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.

2.The SRX device receives a packet and determines that it does not match an existing session.After SCREEN options are evaluated, what is evaluated next?()A. source NATB. destination NATC. route lookupD. zone lookup

3.Which statement is true regarding the Junos OS for security platforms?()A. SRX Series devices can store sessions in a session table.B. SRX Series devices accept all traffic by default.C. SRX Series devices must operate only in packet-based mode.D. SRX Series devices must operate only in flow-based mode.

4.A user wants to establish an FTP session to a server behind an SRX device but must authenticate to a Web page on the SRX device for additional authentication.Which type of user authentication is configured?()A. pass-throughB. WebAuthC. WebAuth with Web redirectD. pass-through with Web redirect

参考答案和解析
正确答案:B
更多“The SRX device receives a packet”相关问题

  • 第1题:

    A user wants to establish an HTTP session to a server behind an SRX device but is being pointed to Web page on the SRX device for additional authentication.Which type of user authentication is configured?()

    A. pass-through with Web redirect

    B. WebAuth with HTTP redirect

    C. WebAuth

    D. pass-through


    参考答案:A

  • 第2题:

    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()

    • A、Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.
    • B、A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.
    • C、Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.
    • D、A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.

    正确答案:B

  • 第3题:

    Overlay Transport Virtualization (OTV) overlay interface is a logical multiaccess and multicast- capable interface that must be explicitly defined by the user and where the entire OTV configuration is applied. Which statements are true about OTV overlay interface?()

    • A、 When an OTV edge device receives a Layer 2 frame destined for a remote data center site, the frame is logically forwarded to the overlay interface.
    • B、 The OTV edge device performs the dynamic OTV encapsulation on the Layer 2 packet and sends it to the join interface toward the routed domain.
    • C、 When the OTV edge device receives a Layer 2 frame destined for a remote data center site, the frame is logically forwarded to the join interface.
    • D、 The OTV edge device performs the dynamic OTV encapsulation on the Layer 2 packet and sends it to the overlay interface toward the routed domain.

    正确答案:A,B

  • 第4题:

    When an SRX series device receives an ESP packet, what happens?()

    • A、If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will
    • B、If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will
    • C、If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based packet.
    • D、If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based of inner header, it will decrypt the packet.

    正确答案:C

  • 第5题:

    Which statement is true about SurfControl integrated Web filter solution?()

    • A、The SurfControl server in the cloud provides the SRX device with the category of the URL as well as the reputation of  the URL. 
    • B、The SurfControl server in the cloud provides the SRX device with only the category of the URL.
    • C、The SurfControl server in the cloud provides the SRX device with only the reputation of the URL.
    • D、The SurfControl server in the cloud provides the SRX device with a decision to permit or deny the URL.

    正确答案:B

  • 第6题:

    单选题
    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()
    A

    Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.

    B

    A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.

    C

    Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.

    D

    A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.


    正确答案: C
    解析: 暂无解析

  • 第7题:

    单选题
    When an SRX series device receives an ESP packet, what happens?()
    A

    If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will

    B

    If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will

    C

    If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based packet.

    D

    If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based of inner header, it will decrypt the packet.


    正确答案: D
    解析: 暂无解析

  • 第8题:

    单选题
    The SRX device receives a packet and determines that it does not match an existing session.After SCREEN options are evaluated, what is evaluated next?()
    A

    source NAT

    B

    destination NAT

    C

    route lookup

    D

    zone lookup


    正确答案: C
    解析: 暂无解析

  • 第9题:

    单选题
    A router receives an IPv6 packet which is 2000 bytes in length. The MTU of the outgoing interface is 1500 bytes. What action will the router take?()
    A

    forwards the packet

    B

    fragments the packet

    C

    drops the packet silently

    D

    drops the packet and sends an ICMP message


    正确答案: C
    解析: 暂无解析

  • 第10题:

    单选题
    A user wants to establish an FTP session to a server behind an SRX device but must authenticate to a Web page on the SRX device for additional authentication.Which type of user authentication is configured?()
    A

    pass-through

    B

    WebAuth

    C

    WebAuth with Web redirect

    D

    pass-through with Web redirect


    正确答案: B
    解析: 暂无解析

  • 第11题:

    多选题
    Which two statements are true about TCP communication?()
    A

    The receiver acknowledges the final packet in each communications stream.

    B

    The receiver adds sequencing numbers to the packets received.

    C

    The sender adds sequencing numbers to the packets it sends.

    D

    The receiver acknowledges each packet it receives from the sending device.


    正确答案: D,C
    解析: 暂无解析

  • 第12题:

    单选题
    A router receives an IPv6 packet which is 2000 bytes in length. The MTU of the outgoing interface is 1500 bytes. Which action will the router take?()
    A

    Forward the packet.

    B

    Fragment the packet.

    C

    Drop the packet silently.

    D

    Drop the packet and send an ICMPv6 message.


    正确答案: A
    解析: 暂无解析

  • 第13题:

    Which two statements are true about TCP communication?()

    A. The receiver acknowledges the final packet in each communications stream.

    B. The receiver adds sequencing numbers to the packets received.

    C. The sender adds sequencing numbers to the packets it sends.

    D. The receiver acknowledges each packet it receives from the sending device.


    参考答案:A, C

  • 第14题:

    Which two statements are true about TCP communication?()

    • A、The receiver acknowledges the final packet in each communications stream.
    • B、The receiver adds sequencing numbers to the packets received.
    • C、The sender adds sequencing numbers to the packets it sends.
    • D、The receiver acknowledges each packet it receives from the sending device.

    正确答案:A,C

  • 第15题:

    The same Web site is visited for the second time using a branch SRX Series Services Gateway configured with SurfControl integrated Web filtering.Which statement is true?()

    • A、The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server provides the SRX. 
    • B、The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server asks the SRX device previously visited.
    • C、The SRX device looks at its local cache to find the category of the URL.
    • D、The SRX device does not perform any Web filtering operation as the Web site has already been visited.

    正确答案:C

  • 第16题:

    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()

    • A、The MAG Series device has multiple ports associated with the certificate.
    • B、The MAG Series device's serial number needs to be configured on the SRX Series device.
    • C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
    • D、The MAG Series device and SRX Series device are not synchronized to an NTP server.

    正确答案:C,D

  • 第17题:

    单选题
    You are validating the configuration of your SRX Series device and see the output shown below. What does this indicate?()
    A

    The SRX Series device has been configured correctly, the Junos Pulse Access Control Service is reachable on the network, and the SRX Series device is waiting to receive the initial connection from the Junos Pulse Access Control Service.

    B

    The SRX Series device has confirmed that the Junos Pulse Access Control Service is configured and is reachable on the network, the SRX Series device is waiting to receive the connection from the Junos Pulse Access Control Service, and all that remains to be accomplished is to configure the SRX Series device.

    C

    The SRX Series device is configured correctly and connected to the Junos Pulse Access Control Service. All that remains to be done to complete the configuration is to configure the SRX Series device on the Junos Pulse Access Control Service.

    D

    Both the Junos Pulse Access Control Service and the SRX Series device are configured correctly and communicating with each other.


    正确答案: The SRX Series device has been configured correctly, the Junos Pulse Access Control Service is reachable on the network, and the SRX Series device is waiting to receive the initial connection from the Junos Pulse Access Control Service., The SRX Series device has confirmed that the Junos Pulse Access Control Service is configured and is reachable on the network, the SRX Series device is waiting to receive the connection from the Junos Pulse Access Control Service, and all that remains to be accomplished is to configure the SRX Series device., The SRX Series device is configured correctly and connected to the Junos Pulse Access Control Service. All that remains to be done to complete the configuration is to configure the SRX Series device on the Junos Pulse Access Control Service., Both the Junos Pulse Access Control Service and the SRX Series device are configured correctly and communicating with each other.
    解析: 暂无解析

  • 第18题:

    多选题
    Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)
    A

    The server sending the e-mail to the SRX Series device is a known open SMTP relay.

    B

    The server sending the e-mail to the SRX Series device is running unknown SMTP server software.

    C

    The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.

    D

    The e-mail that the server is sending to the SRX Series device has a virus in its attachment.

    E

    The server sending the e-mail to the SRX Series device is a known spammer IP address.


    正确答案: B,A
    解析: 暂无解析

  • 第19题:

    多选题
    Which two statements are true about the Websense redirect Web filter solution? ()(Choose two.)
    A

    The Websense redirect Web filter solution does not require a license on the SRX device.

    B

    The Websense server provides the SRX device with a category for the URL and the SRX device then matches the category decides to permit or deny the URL.

    C

    The Websense server provides the SRX device with a decision as to whether the SRX device permits or denies the URL.

    D

    When the Websense server does not know the category of the URL, it sends a request back to the SRX device SurfControl server in the cloud.


    正确答案: A,C
    解析: 暂无解析

  • 第20题:

    单选题
    When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()
    A

    The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.

    B

    The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.

    C

    The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.

    D

    The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.


    正确答案: C
    解析: 暂无解析

  • 第21题:

    多选题
    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
    A

    The MAG Series device has multiple ports associated with the certificate.

    B

    The MAG Series device's serial number needs to be configured on the SRX Series device.

    C

    The SRX Series device must have a certificate signed by the same authority as the MAG Series device.

    D

    The MAG Series device and SRX Series device are not synchronized to an NTP server.


    正确答案: C,B
    解析: 暂无解析

  • 第22题:

    单选题
    Which statement is true about SurfControl integrated Web filter solution?()
    A

    The SurfControl server in the cloud provides the SRX device with the category of the URL as well as the reputation of  the URL. 

    B

    The SurfControl server in the cloud provides the SRX device with only the category of the URL.

    C

    The SurfControl server in the cloud provides the SRX device with only the reputation of the URL.

    D

    The SurfControl server in the cloud provides the SRX device with a decision to permit or deny the URL.


    正确答案: D
    解析: 暂无解析

  • 第23题:

    单选题
    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
    A

    You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    B

    No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    C

    You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

    D

    You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.


    正确答案: A
    解析: 暂无解析

  • 第24题:

    单选题
    The same Web site is visited for the second time using a branch SRX Series Services Gateway configured with SurfControl integrated Web filtering.Which statement is true?()
    A

    The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server provides the SRX. 

    B

    The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server asks the SRX device previously visited.

    C

    The SRX device looks at its local cache to find the category of the URL.

    D

    The SRX device does not perform any Web filtering operation as the Web site has already been visited.


    正确答案: A
    解析: 暂无解析

相关内容