You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB

题目

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

  • A、Resource access policy on the MAG Series device
  • B、IPsec routing policy on the MAG Series device
  • C、General traffic policy blocking access through the firewall enforcer
  • D、Auth table entry on the firewall enforcer
相似考题

1.You are the administrator of a Junos Pulse Access Control Service implementation. You must restrict authenticated users connected from the branch offices to a few specific resources within the data center. However, when the authenticated users are connected at the corporate office, they are allowed more access to the data center resources.You have created two roles with different levels of access and are trying to determine the best way of controlling when a user is mapped to a specific role. Having the user prompted to manually select their role is possible, but you want to automate the process.Which configuration solves this problem?()A. Implement a RADIUS request attribute policy to assist with realm selection and create different role-mapping rules for the user in each realm.B. Implement a directory/attribute server on the realm and set up this server to determine by group membership the proper role to which a user should be mapped.C. Reorder the role-mapping rules to allow for the more open role to be mapped first and then enable the "stop processing rules when this rule matches" function on this role.D. Implement a Host Checker policy on the realm that determines the geographic location of the device and restricts the user based on the results of the policy.

2.You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A. resource access policiesB. Host Enforcer policiesC. source IP enforcement policiesD. IPsec enforcement policies

3.Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()A. Remote DebuggingB. System SnapshotC. User Access logsD. Policy Tracing

4.You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A. CLIB. WebUIC. NSMD. Junos Pulse Access Control Service

参考答案和解析
正确答案:A,D
更多“You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB”相关问题

  • 第1题:

    You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()

    A. The user will be instructed to call the network administrator.

    B. The user will fail authentication.

    C. The user will be prompted to install a new device certificate on the MAG Series device.

    D. The user will successfully authenticate and have full network access.


    参考答案:B

  • 第2题:

    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()

    A. Connection Requests

    B. System Errors

    C. Enforcer Events

    D. Enforcer Command Trace


    参考答案:C, D

  • 第3题:

    In the fields of physical security and information security, access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization (授权).
    An access control mechanism (71) between a user (or a process executing on behalf of a user) and system resources, such as applications, operating systems, firewalls, routers, files, and databases. The system must first authenticate(验证)a user seeking access. Typically the authentication function determines whether the user is (72) to access the system at all. Then the access control function determines if the specific requested access by this user is permitted. A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for this user. The access control function consults this database to determine whether to(73)access. An auditing function monitors and keeps a record of user accesses to system resources.
    In practice, a number of(74)may cooperatively share the access control function. All operating systems have at least a rudimentary(基本的), and in many cases a quite robust, access control component. Add-on security packages can add to the(75)access control capabilities of the OS. Particular applications or utilities, such as a database management system, also incorporate access control functions. External devices, such as firewalls, can also provide access control services.

    A.open
    B.monitor
    C.grant
    D.seek

    答案:C
    解析:
    在物理安全和信息安全领域,访问控制是对一个地方或其他资源的访问限制。访问的行为可能意味着消费、输入或使用。允许访问资源被称为授权。
    访问控制机制连接用户(代表用户执行的进程)和系统资源(如应用程序、操作系统、防火墙、路由器、文件和数据库)之间的连接。系统必须首先对用户进行身份验证。通常,身份验证功能决定用户是否被允许访问系统。然后,访问控制功能决定是否允许该用户指定的访问权限。安全管理员维护一个授权数据库,该数据库指定允许该用户访问哪些资源的类型。访问控制函数咨询此数据库以确定是否授予访问权。审计功能监视并保存用户访问系统资源的记录。
    在实践中,一些用户可以合作共享访问控制函数。所有操作系统都至少有一个基本的,而且在许多情况下是一个相当健壮的访问控制组件。附加安全包可以添加到操作系统的自动访问控制功能。特定的应用程序或实用程序,如数据库管理系统,也包括访问控制功能。外部设备,如防火墙,也可以提供访问控制服务。

  • 第4题:

    Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()

    • A、Remote Debugging
    • B、System Snapshot
    • C、User Access logs
    • D、Policy Tracing

    正确答案:C,D

  • 第5题:

    Which two statements are true regarding firewall user authentication?() (Choose two.)

    • A、When configured for pass-through firewall user authentication, the user must first open a connection to the Junos security remote network resource.
    • B、When configured for Web firewall user authentication only, the user must first open a connection to the Junos security remote network resource.
    • C、If a Junos security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted .
    • D、If a Junos security device is configured for Web firewall user authentication, new sessions are automatically intercepted.

    正确答案:B,C

  • 第6题:

    You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()

    • A、show services unified-access-control authentication-table
    • B、show auth table
    • C、show services unified-access-control policies
    • D、show services unified-access-control captive-portal

    正确答案:A

  • 第7题:

    Which two statements are true regarding firewall user authentication?()

    • A、When configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.
    • B、When configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.
    • C、If a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.
    • D、If a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.

    正确答案:B,C

  • 第8题:

    You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()

    • A、The endpoints can use agentless access.
    • B、Encrypted traffic flows between the endpoint and the enforcer.
    • C、Encrypted traffic flows between the endpoint and the protected resource
    • D、The endpoints can use the Odyssey Access Client.

    正确答案:B,D

  • 第9题:

    多选题
    Which two statements are true regarding firewall user authentication?()
    A

    When configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.

    B

    When configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.

    C

    If a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.

    D

    If a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.


    正确答案: B,C
    解析: 暂无解析

  • 第10题:

    单选题
    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
    A

    You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    B

    No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    C

    You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

    D

    You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.


    正确答案: C
    解析: 暂无解析

  • 第11题:

    多选题
    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()
    A

    Connection Requests

    B

    System Errors

    C

    Enforcer Events

    D

    Enforcer Command Trace


    正确答案: B,A
    解析: 暂无解析

  • 第12题:

    单选题
    You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()
    A

    The user will be instructed to call the network administrator.

    B

    The user will fail authentication.

    C

    The user will be prompted to install a new device certificate on the MAG Series device.

    D

    The user will successfully authenticate and have full network access.


    正确答案: A
    解析: 暂无解析

  • 第13题:

    You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()

    A. show services unified-access-control authentication-table

    B. show auth table

    C. show services unified-access-control policies

    D. show services unified-access-control captive-portal


    参考答案:A

  • 第14题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    A. Resource access policy on the MAG Series device

    B. IPsec routing policy on the MAG Series device

    C. General traffic policy blocking access through the firewall enforcer

    D. Auth table entry on the firewall enforcer


    参考答案:A, D

  • 第15题:

    Which two firewall user authentication objects can be referenced in a security policy?()

    • A、access profile
    • B、client group
    • C、client
    • D、default profile

    正确答案:B,C

  • 第16题:

    Which two statements are true about the security-related tags in a valid Java EE deployment descriptor?()

    • A、Every  tag must have at least one  tag.
    • B、A  tag can have many  tags.
    • C、A given  tag can apply to only one  tag.
    • D、A given  tag can contain from zero to many  tags.
    • E、It is possible to construct a valid  tag such that,for a given resource,no user rolescan access that resource.

    正确答案:B,E

  • 第17题:

    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

    • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
    • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

    正确答案:A

  • 第18题:

    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()

    • A、Connection Requests
    • B、System Errors
    • C、Enforcer Events
    • D、Enforcer Command Trace

    正确答案:C,D

  • 第19题:

    You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()

    • A、CLI
    • B、WebUI
    • C、NSM
    • D、Junos Pulse Access Control Service

    正确答案:C,D

  • 第20题:

    You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

    • A、resource access policies
    • B、Host Enforcer policies
    • C、source IP enforcement policies
    • D、IPsec enforcement policies

    正确答案:D

  • 第21题:

    多选题
    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
    A

    Resource access policy on the MAG Series device

    B

    IPsec routing policy on the MAG Series device

    C

    General traffic policy blocking access through the firewall enforcer

    D

    Auth table entry on the firewall enforcer


    正确答案: A,C
    解析: 暂无解析

  • 第22题:

    多选题
    What are three benefits of IF-MAP Federation?()
    A

    Enables seamless access for remote access users to firewall enforcer protected resources.

    B

    Scales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.

    C

    Enables dynamic configuration synchronization across multiple MAG Series devices.

    D

    Provides a substitute for WAN clustering among geographically separated MAG Series devices.

    E

    Shares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.


    正确答案: C,B
    解析: 暂无解析

  • 第23题:

    单选题
    You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()
    A

    resource access policies

    B

    Host Enforcer policies

    C

    source IP enforcement policies

    D

    IPsec enforcement policies


    正确答案: B
    解析: 暂无解析

相关内容