Users can define policy to control traffic flow between which two components?()A、from a zone to the device itselfB、from a zone to the same zoneC、from a zone to a different zoneD、from one interface to another interface
题目
Users can define policy to control traffic flow between which two components?()
- A、from a zone to the device itself
- B、from a zone to the same zone
- C、from a zone to a different zone
- D、from one interface to another interface
相似考题
更多“Users can define policy to control traffic flow between which two components?()A、from a zone to the device itselfB、from a zone to the same zoneC、from a zone to a different zoneD、from one interface to another interface”相关问题
-
第1题:
Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?()
A. The untrust zone does not have a management policy configured.
B. The trust zone does not have ping enabled as host-inbound-traffic service.
C. The security policy from the trust zone to the untrust zone does not permit ping.
D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
参考答案:C
-
第2题:
Which statement best describes Cisco IOS Zone-Based Policy Firewall?()
- A、A router interface can belong to multiple zones.
- B、Policy maps are used to classify traffic into different traffic classes, and class maps are used to assignaction to the traffic classes.
- C、The pass action works in only one direction
- D、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.
正确答案:C -
第3题:
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
- A、DNS traffic is denied.
- B、HTTP traffic is denied.
- C、FTP traffic is permitted.
- D、SMTP traffic is permitted.
正确答案:A,C -
第4题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
- A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
- D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
正确答案:B -
第5题:
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
- A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
- B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
- C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
- D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
正确答案:A -
第6题:
Users can define policy to control traffic flow between which two components? ()(Choose two.)
- A、from a zone to the router itself
- B、from a zone to the same zone
- C、from a zone to a different zone
- D、from one interface to another interface
正确答案:B,C -
第7题:
Regarding zone types, which statement is true?()
- A、You cannot assign an interface to a functional zone.
- B、You can specifiy a functional zone in a security policy.
- C、Security zones must have a scheduler applied.
- D、You can use a security zone for traffic destined for the device itself.
正确答案:D -
第8题:
单选题A traffic separation zone is that part of a traffic separation scheme which().Ais between the scheme and the nearest land
Bcontains all the traffic moving in one direction
Cis designated as an anchorage area
Dseparates traffic proceeding in one direction from traffic proceeding in the opposite direction
正确答案: A解析: 暂无解析 -
第9题:
多选题Which two statements are true for a security policy? ()(Choose two.)AIt controls inter-zone traffic.
BIt controls intra-zone traffic.
CIt is named with a system-defined name.
DIt controls traffic destined to the device's ingress interface.
正确答案: D,A解析: 暂无解析 -
第10题:
多选题Users can define policy to control traffic flow between which two components?()Afrom a zone to the device itself
Bfrom a zone to the same zone
Cfrom a zone to a different zone
Dfrom one interface to another interface
正确答案: C,D解析: 暂无解析 -
第11题:
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A[edit security policies from-zone HR to-zone HR]
B[edit security zones functional-zone management protocols]
C[edit security zones protocol-zone HR host-inbound-traffic]
D[edit security zones security-zone HR host-inbound-traffic protocols]
正确答案: A解析: 暂无解析 -
第12题:
多选题Users can define policy to control traffic flow between which two components? ()(Choose two.)Afrom a zone to the router itself
Bfrom a zone to the same zone
Cfrom a zone to a different zone
Dfrom one interface to another interface
正确答案: D,C解析: 暂无解析 -
第13题:
A traffic separation zone is that part of a traffic separation scheme which ______.
A.is located between the scheme and the nearest land
B.separates traffic proceeding in one direction from traffic proceeding in the opposite direction
C.is designated as an anchorage area
D.contains all the traffic moving in the same direction
正确答案:B
-
第14题:
Which type of zone is used by traffic transiting the device?()
- A、transit zone
- B、default zone
- C、security zone
- D、functional zone
正确答案:C -
第15题:
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
- A、[edit security policies from-zone HR to-zone HR]
- B、[edit security zones functional-zone management protocols]
- C、[edit security zones protocol-zone HR host-inbound-traffic]
- D、[edit security zones security-zone HR host-inbound-traffic protocols]
正确答案:D -
第16题:
You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
- A、[edit security policies from-zone HR to-zone HR]
- B、[edit security zones functional-zone management protocols]
- C、[edit security zones protocol-zone HR host-inbound-traffic]
- D、[edit security zones security-zone HR host-inbound-traffic protocols]
正确答案:D -
第17题:
Which two statements are true for a security policy? ()(Choose two.)
- A、It controls inter-zone traffic.
- B、It controls intra-zone traffic.
- C、It is named with a system-defined name.
- D、It controls traffic destined to the device's ingress interface.
正确答案:A,B -
第18题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
- A、Traffic is permitted from the trust zone to the untrust zone.
- B、Intrazone traffic in the trust zone is permitted.
- C、All traffic through the device is denied.
- D、The policy is matched only when no other matching policies are found.
正确答案:C,D -
第19题:
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
- A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
- B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
- C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
- D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
正确答案:B -
第20题:
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.
BHTTP traffic is denied.
CFTP traffic is permitted.
DSMTP traffic is permitted.
正确答案: C,B解析: 暂无解析 -
第21题:
单选题A traffic separation zone is that part of a traffic separation scheme which().Ais located between the scheme and the nearest land
Bseparates traffic proceeding in one direction from traffic proceeding in the opposite direction
Cis designated as an anchorage area
Dcontains all the traffic moving in the same direction
正确答案: C解析: 暂无解析 -
第22题:
单选题The control mode in which the final control element is moved from one of two flexed positions to the other is known as ().Adead band action
Bneutral zone action
Crange
Don-off action
正确答案: B解析: 暂无解析 -
第23题:
多选题Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)ATraffic is permitted from the trust zone to the untrust zone.
BIntrazone traffic in the trust zone is permitted.
CAll traffic through the device is denied.
DThe policy is matched only when no other matching policies are found.
正确答案: C,A解析: 暂无解析