单选题Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?（）A policy-rematchB policy-evaluateC rematch-policyD evaluate-policy

第1题：

Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?（）

• A、policy-rematch
• B、policy-evaluate
• C、rematch-policy
• D、evaluate-policy

第2题：

Which statement describes the behavior of a security policy？（）

• A、The implicit default security policy permits all traffic.
• B、Traffic destined to the device itself always requires a security policy.
• C、Traffic destined to the device’s incoming interface does not require a security policy.
• D、The factory-default configuration permits all traffic from all interfaces.

第3题：

It is a company’s policy to shut down all workstations at the end of the day. However, the majority of employees are leaving disks in their workstations and upon start up the next morning they are receiving a ‘NTLDR is missing’ error. Which of the following is a possible solution?（）

• A、Make a daily announcement to remove all disks before departing for the day.
• B、Change the Boot order in the BIOS.
• C、Make it a part of the evening checks to ensure all disks are removed.
• D、Make a company policy that states that it is unlawful to leave disks in the machines.

第4题：

Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing asecurity policy change？（）

• A、policy-rematch
• B、policy-evaluate
• C、rematch-policy
• D、evaluate-policy

第5题：

Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessions when you change the policy action from permit to deny?（）

• A、The new sessions matching the policy are denied. The existing sessions are dropped.
• B、The new sessions matching the policy are denied. The existingsessions, not being allowed tocarry any traffic, simply timeout.
• C、The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.
• D、The new sessions matching the policy are denied. The existing sessions continue until they are completed or their time.

第6题：

You need to ensure that all servers meet the company’s security requirements. Which tool should you use？（）

• A、Microsoft Baseline Security Analyzer （MBSA）
• B、Microsoft Security Assessment Tool （MSAT）
• C、Resultant Set of Policy （RSoP）
• D、Security Configuration Wizard （SCW）

第7题：

Your network contains a Terminal Services server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.  Server1 has a server certificate from a trusted authority installed. All Terminal Services clients have the RDP client version 5.2 installed. You need to ensure that all Terminal Services connections to Server1 use Transport Layer Security.  What should you do？（）

• A、In Terminal Services Configuration， change the permissions for Remote Desktop Users to Full Control.
• B、In Terminal Services Configuration， change the security layer setting to Negotiate and set the encryption level to High.
• C、In Local Security Policy， enable Domain Member： Require strong （Windows 2000 or later） session key.
• D、In Local Security Policy， enable Domain Member： Digitally encrypt or sign secure channel data （always）.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

In the exhibit， you decided to change myHosts addresses. [edit security policies] user@host# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts； destination-address  ExtServers；application  [ junos-ftp junos-bgp ]； } then { permit { tunnel { ipsec-vpn vpnTunnel； } } } } } policy-rematch； What will happen to the new sessions matching the policy and in-progress sessions that hadalready matched the policy？（）

• A、New sessions will be evaluated. In-progress sessions will be re-evaluated.
• B、New sessions will be evaluated. All in-progress sessions will continue.
• C、New sessions will be evaluated. All in-progress sessions will be dropped.
• D、New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

第14题：

When determining a customer’s security requirements using the security site survey from the steps for success methodology， which three of theses should be included in the customer’s security policy and procedures？（）

• A、Third-party due diligence policy review
• B、Remote Access Policy
• C、Encryption Policy
• D、Application change control policy
• E、Security Personnel policy

第15题：

Which two statements regarding firewall user authentication client groups are true？（）

• A、Individual clients are configured under client groups in the configuration hierarchy.
• B、Client groups are configured under individual clients in the configuration hierarchy.
• C、Client groups are referenced in security policy in the same manner in which individual clients are referenced.
• D、Client groups are used to simplify configuration by enabling firewall user authentication without security policy.

第16题：

In the configuration shown in the exhibit， you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts； destination-address ExtServers； application [ junos-ftp junos-bgp ]； } then { permit { tunnel { ipsec-vpn vpnTunnel； } } } } } policy-rematch； What will happen to the existing FTP and BGP sessions？（）

• A、The existing FTP and BGP sessions will continue.
• B、The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.
• C、The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.
• D、The existing FTP sessions will continue and only the existing BGP sessions will be dropped.

第17题：

Which two configuration elements are required for a route-based VPN？（）

• A、secure tunnel interface
• B、security policy to permit the IKE traffic
• C、a route for the tunneled transit traffic
• D、tunnel policy for transit traffic referencing the IPsec VPN

第18题：

You are the network administrator in the New York office of TestKing. The company network consists of a single Active Directory domain The New York office currently contains one Windows Server 2003 file server named TestKingA. All file servers in the New York office are in an organizational unit (OU) named New York Servers. You have been assigned the Allow - Change permission for a Group Policy object (GPO) named NYServersGPO, which is linked to the New York Servers OU. The written company security policy states that all new servers must be configured with specified predefined security settings when the servers join the domain. These settings differ slightly for the various company offices. You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers. You will need to configure the specified security settings on the new file servers. TestKingA currently has the specified security settings configured in its local security policy. You need to ensure that the security configuration of the new file servers is identical to that of TestKingA. You export a copy of TestKingA's local security policy settings to a template file. You need to configure the security settings of the new servers, and you want to use the minimum amount of administrative effort. What should you do?（）

• A、Use the Security Configuration and Analysis tool on one of the new servers to import the template file.
• B、Use the default Domain Security Policy console on one of the new servers to import the template file.
• C、Use the Group Policy Editor console to open NYServersGPO and import the template file.
• D、Use the default Local Security Policy console on one of the new servers to import the template file.

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：