When the Infranet Enforcer is set up in transparent mode, which additional resource policy must be configured to use OAC for IPsec enforcement? （）A、IPsec RoutingB、Access ControlC、IP Address PoolD、Source Interface

第1题：

第2题：

第3题：

第4题：

When using the Cisco SDM Quick Setup Siteto-Site VPN wizard， which three parameters do you configure？（）

• A、Source interface where encrypted traffic originates
• B、IP address for the remote peer
• C、Transform set for the IPsec tunnel
• D、Interface for the VPN connection

第5题：

Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? （）

• A、You do not need to configure a RADIUS client policy.
• B、You must know the exact model number of the Infranet Enforcer.
• C、You must specify the NACN password of the device in the RADIUS client policy.
• D、You do not need to designate a location group to which the Infranet Enforcer will belong.

第6题：

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?（）

• A、access profile
• B、IKE parameters
• C、tunneled interface
• D、redirect policy

第7题：

In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?（）

• A、to specify the destination addresses to which access is permitted
• B、to specify the source address permitted to access the resource
• C、to specify the services to which access is permitted
• D、to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

第8题：

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?（）

• A、Resource access policy on the MAG Series device
• B、IPsec routing policy on the MAG Series device
• C、General traffic policy blocking access through the firewall enforcer
• D、Auth table entry on the firewall enforcer

第9题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第10题：

You work as the enterprise exchange administrator at Xxx .Xxx is using Microsoft Exchange Server 2010 as their messaging solution.What actions must you take to change the Exchange-specific cost for a site link？（）

• A、You must configure the host （A） resource records.
• B、You must add and configure an IPSec Enforcement Network policy.
• C、You must create an Outlook Web App Mailbox policy.
• D、You must use the Set-ADSiteLink cmdlet.

第11题：

You need to design a method of communication between the IT and HR departments. Your solution must meet business requirements. What should you do？（）

• A、Design a custom IPSec policy to implement Encapsulating Security Payload （ESP） for all IP traffic Design the IPSec policy to use certificate-based authentication between the two departments’ computers
• B、Design a customer IPSec policy to implement Authentication Header （AH） for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
• C、Design a customer IPSec policy to implement Encapsulating Payload （ESP） for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computers
• D、Design a customer IPSec policy to implement Authentication Header （AH） for all IP traffic. Desing the IPSec policy to use certificate-based authentication between the two departments’ computers

第12题：

第13题：

第14题：

第15题：

You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec， which two parameters are required when defining the tunnel interfaceinformation？（）

• A、The crypto ACL number
• B、The IPSEC mode （tunnel or transport）
• C、The GRE tunnel interface IP address
• D、The GRE tunnel source interface or IP address， and tunnel destination IP address
• E、The MTU size of the GRE tunnel interface

第16题：

The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?（）

• A、when all access to the Internet is through the IPSec tunnel
• B、when there is direct Internet access via split-tunneling
• C、when there is no Internet access configured through the Teleworker router
• D、whenever you have IOS-Firewall (CBAC) configured

第17题：

You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）

• A、The intranet-auth authentication option
• B、The redirect-portal application service
• C、The uac-policy application service
• D、The ipsec-vpn tunnel

第18题：

Which two methods of authentication are used by the Infranet Controller for IPSec enforcement?（）

• A、dial-up VPN
• B、IKE authentication
• C、XAuth authentication
• D、shared IKE authentication

第19题：

Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）

• A、Source IP and browser
• B、Source IP and certificate
• C、Certificate and Host Checker
• D、Host Checker and source IP

第20题：

An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? （）(Choose two.)

• A、Only main mode can be used for IKE negotiation
• B、A local-identity must be defined
• C、It must be the initiator for IKE
• D、A remote-identity must be defined

第21题：

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?（）

• A、resource access policies
• B、Host Enforcer policies
• C、source IP enforcement policies
• D、IPsec enforcement policies

第22题：

You want to configure your Windows 2000 Professional computer to remotely access your company's Windows 2000 Routing and Remote Access server. You configure a VPN connection. For security purposes, you configure the VPN connection to use MS-CHAP v2 only and to require encryption. You also configure TCP/IP to obtain an IP address automatically, to enable IPSec, and to set IPSec to Secure Server.  When you try to connect, you receive the following error message, "The encryption attempt failed because no valid certificate was found."  What should you do to connect to the server? （）

• A、Enable the VPN connection to use MS-CHAP.
• B、Change the data encryption setting toOptional Encryption.
• C、Specify a TCP/IP address in theNetworkproperties.
• D、Change the IPSec policy setting toClient.

第23题：