单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?（）A [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B [edit security screen] user@host# show ids-option

第1题：

第2题：

第3题：

You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?（）

• A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
• B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
• C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
• D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }

第4题：

You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic？（）

• A、[edit security policies from-zone HR to-zone HR]
• B、[edit security zones functional-zone management protocols]
• C、[edit security zones protocol-zone HR host-inbound-traffic]
• D、[edit security zones security-zone HR host-inbound-traffic protocols]

第5题：

Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?（）

• A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
• B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
• C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
• D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }

第6题：

At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? （）(Choose two.)

• A、[edit security idp]
• B、[edit security zones security-zone trust interfaces ge-0/0/0.0]
• C、[edit security zones security-zone trust]
• D、[edit security screen]

第7题：

Prior to applying SCREEN options to drop traffic， you want to determine how your configuration will affect traffic. Which mechanism would you configure to achieve this objective？（）

• A、the log option for the particular SCREEN option
• B、the permit option for the particular SCREEN option
• C、the SCREEN option， because it does not drop traffic by default
• D、the alarm-without-drop option for the particular SCREEN option

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

第15题：

Which two statements about the use of SCREEN options are correct? （）(Choose two.)

• A、SCREEN options offer protection against various attacks
• B、SCREEN options are deployed prior to route and policy processing in first path packet processing
• C、SCREEN options are deployed at the ingress and egress sides of a packet flow
• D、SCREEN options, you must take special care to protect OSPF

第16题：

Which configuration shows the correct application of a security policy scheduler?（）

• A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
• B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
• C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
• D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;

第17题：

You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality？（）

• A、[edit interfaces]
• B、[edit security zones]
• C、[edit system services]
• D、[edit security interfaces]

第18题：

You are required to configure a SCREEN option that enables IP source route option detection.Which twoconfigurations meet this requirement?（） (Choose two.)

• A、[edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }
• B、[edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }
• C、[edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }
• D、[edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }

第19题：

第20题：

第21题：

第22题：

第23题：