You are creating a destination NAT rule-set. Which two are valid for use with the from clause？（）A、security policyB、interfaceC、routing-instanceD、IP address

第1题：

Which two of these key fields are used to identify a flow in a traditional NetFlow implementation?（）

• A、source port
• B、output interface
• C、next-hop IP address
• D、source MAC address
• E、destination IP address
• F、next-hop MAC address

第2题：

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The Web server is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the Web server reachable from the Internet using port translation. Which type of NAT must you configure?（）

• A、source NAT with address shifting
• B、pool-based source NAT
• C、static destination NAT
• D、pool-based destination NAT

第3题：

Your network contains a server that has the SNMP Service installed.You need to configure the SNMP security settings on the server.Which tool should you use?（）

• A、Local Security Policy
• B、Scw
• C、Secedit
• D、Services console

第4题：

You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）

• A、The intranet-auth authentication option
• B、The redirect-portal application service
• C、The uac-policy application service
• D、The ipsec-vpn tunnel

第5题：

Which of the following types of NAT allows multiple private internal IP addresses to use a singlepublic external IP address？（）

• A、NAT mapping
• B、NAT overloading
• C、NAT caching
• D、Static NAT
• E、Dynamic NAT
• F、Overlapping NAT

第6题：

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com（172.19.1.1） in the Untrust zone. How do you create this policy？（）

• A、Specify the IP address （172.19.1.1/32） as the destination address in the policy.
• B、Specify the DNS entry （hostb.example.com.） as the destination address in the policy.
• C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
• D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

第7题：

Which type of source NAT is configured in the exhibit？（） [edit security nat destination] user@host# show pool A { address 10.1.10.5/32； } rule-set 1 { from zone untrust； rule 1A { match { destination-address 100.0.0.1/32； } then { destination-nat pool A； } } }

• A、static destination NAT
• B、static source NAT
• C、pool-based destination NAT without PAT
• D、pool-based destination NAT with PAT

第8题：

A network administrator receives complaints from the engineering group that an application on one server is not working properly. After further investigation, the administrator determines that source NAT translation is using a different source address after a random number of flows. Which two actions can the administrator take to force the server to use one address?（） (Choose two.)

• A、Use the custom application feature.
• B、Configure static NAT for the host.
• C、Use port address translation (PAT).
• D、Use the address-persistent option.

第9题：

Which two actions are available in the GUI for creating location awareness rules?（）

• A、WINS server
• B、DNS server
• C、IP reachability
• D、Resolve address

第10题：

Which two statements about sequences are true? （）

• A、You use a NEXTVAL pseudo column to look at the next possible value that would be generated from a sequence, without actually retrieving the value.
• B、You use a CURRVAL pseudo column to look at the current value just generated from a sequence, without affecting the further values to be generated from the sequence.
• C、You use a NEXTVAL pseudo column to obtain the next possible value from a sequence by actually retrieving the value from the sequence.
• D、You use a CURRVAL pseudo column to generate a value from a sequence that would be used for a specified database column.
• E、If a sequence starting from a value 100 and incremented by 1 is used by more then one application, then all of these applications could have a value of 105 assigned to their column whose value is being generated by the sequence.
• F、You use REUSE clause when creating a sequence to restart the sequence once it generates the maximum value defined for the sequence.

第11题：

第12题：

第13题：

The EtherChannel between your LAN switch and the Internet router is not load-balancing efficiently. On the switch，there are several workstations with valid IP ranges. Which load-balance algorithms can you use in the switch in order to optimize this load balancing？ （）

• A、source IP address
• B、destination IP address
• C、per-packet load balance
• D、destination MAC address
• E、source MAC address

第14题：

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of yourdevice. You must use NAT to make the webserver reachable from the Internet using port translation.Which type of NAT must you configure？（）

• A、source NAT with address shifting
• B、pool-based source NAT
• C、static destination NAT
• D、pool-based destination NAT

第15题：

Which statement describes the behavior of source NAT with address shifting？（）

• A、Source NAT with address shifting translates both the source IP address and the source port of a packet.
• B、Source NAT with address shifting defines a one-to-one mapping from an original source IP address to a translated source IP address.
• C、Source NAT with address shifting can translate multiple source IP addresses to the same translated IP address.
• D、Source NAT with address shifting allows inbound connections to be initiated to the static source pool IP addresses.

第16题：

Which of the following should be configured on a wireless router to enhance security? (Select TWO).（）

• A、Disable DHCP
• B、Change wireless channel
• C、Disable SSID broadcasting
• D、Change the default username and password
• E、Use a static IP address

第17题：

Which two statements are true about pool-based destination NAT？（）

• A、It also supports PAT.
• B、PAT is not supported.
• C、It allows the use of an address pool.
• D、It requires you to configure an address in the junos-global zone.

第18题：

You have a firewall filter containing two terms applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. What match criterion should be used in the first term of the filter？（）

• A、Source TCP port
• B、Source IP address
• C、Destination TCP port
• D、Destination IP address

第19题：

Which statement is true about source NAT？（）

• A、Source NAT works only with source pools.
• B、Destination NAT is required to translate the reply traffic.
• C、Source NAT does not require a security policy to function.
• D、The egress interface IP address can be used for source NAT

第20题：

Which two statements are true about the primary address on an interface?（）

• A、It is the address used by default as the local address for broadcast and multicast packets sourced locally and sent out of the interface
• B、You use the primary address when you have multiple IP addresses belonging to the same subnet on the same interface
• C、It can be useful for selecting the local address used for packets sent out of unnumbered interfaces when multiple non-127 addresses are configured on the loopback interface
• D、By default, the primary address on an interface is selected as the numerically highest local address configured on the interface

第21题：

Which type of source NAT is configured in the exhibit？（） [edit security nat source] user@host# show rule-set 1 { from interface ge-0/0/2.0； to zone untrust； rule 1A {match { destination-address 1.1.70.0/24； } then { source-nat interface； } } }

• A、interface-based source NAT
• B、static source NAT
• C、pool-based source NAT with PAT
• D、pool-based source NAT without PAT

第22题：

第23题：