单选题You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer

第1题：

第2题：

Your network contains a stand-alone root certification authority （CA）. You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol （SSTP） on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend？（）

• A、Enable Network Access Protection （NAP） on the network.
• B、Deploy the Root CA certificate to the external computers.
• C、Implement the Remote Desktop Connection Broker role service.
• D、Configure the firewall to allow inbound traffic on TCP Port 1723.

第3题：

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?（）

• A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
• D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

第4题：

A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?（）

• A、Connection Requests
• B、System Errors
• C、Enforcer Events
• D、Enforcer Command Trace

第5题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第6题：

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?（）

• A、resource access policies
• B、Host Enforcer policies
• C、source IP enforcement policies
• D、IPsec enforcement policies

第7题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 （SP2）.A firewall separates the internal network from the Internet.  The firewall blocks all outbound traffic except for HTTP and SMTP traffic.You install a DNS server. The DNS server is configured to use the default root hints. You need to ensure that the DNS server can resolve the host names on the Internet.  Which port should you open on the firewall？（）

• A、53
• B、135
• C、500
• D、3389

第8题：

You are the administrator of a Windows Server 2003 computer named Server1. The network contains another Windows Server 2003 computer named Server2 that has the DNS and WINS services installed. Two hundred Windows 2000 Professional computers regularly connect to Server1 to access file and print resourcesAdministrators report that network traffic has increased and that response times for requests for network resources on Server1 have increased.   You need to identify whether Server1 is receiving requests for resources through NetBIOS broadcasts. What should you do？（）

• A、Use Network Monitor to capture traffic between Server1 and all client computers.
• B、Use Network Monitor to capture traffic between Server1 and Server2.
• C、Monitor Event Viewer for Net Logon error or warning events.
• D、Run the tracert command on Server1.

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?（）

• A、access profile
• B、IKE parameters
• C、tunneled interface
• D、redirect policy

第15题：

You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?（）

• A、show services unified-access-control authentication-table
• B、show auth table
• C、show services unified-access-control policies
• D、show services unified-access-control captive-portal

第16题：

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?（）

• A、Resource access policy on the MAG Series device
• B、IPsec routing policy on the MAG Series device
• C、General traffic policy blocking access through the firewall enforcer
• D、Auth table entry on the firewall enforcer

第17题：

You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?（）

• A、The endpoints can use agentless access.
• B、Encrypted traffic flows between the endpoint and the enforcer.
• C、Encrypted traffic flows between the endpoint and the protected resource
• D、The endpoints can use the Odyssey Access Client.

第18题：

You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed?（）

• A、VPN Traffic
• B、DNS Traffic
• C、LDAP Traffic
• D、HTTP Traffic
• E、HTTPS Traffic
• F、Traffic from the network address of 192.168.10/24

第19题：

You are designing a strategy to allow users to gain VPN access to the internal network.  What should you do？（）

• A、 Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.
• B、 Allow all inbound VPN traffic to pass through the perimeter firewall only.
• C、 Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.
• D、 Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.

第20题：

第21题：

第22题：

第23题：