当前分类: JN0-331
问题:单选题Your task is to provision the JUNOS security platform to permit transit packets from the Private zone to theExternal zone by using an IPsec VPN and log information at the time of session close. Which configurationmeets this requirement?()A AB BC CD ...
查看答案
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode...
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options...
问题:多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?()Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication...
问题:多选题What are two uses of NAT?()Aconserving public IP addressesBallowing stateful packet inspectionCpreventing unauthorized connections from outside the networkDallowing networks with overlapping private address space to communicate...
问题:多选题Which two traffic types trigger pass-through firewall user authentication?()ASSHBTelnetCICMPDOSPFEHTTP...
问题:单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny act...
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.B...
问题:单选题Which statement is true regarding proxy ARP?()A Proxy ARP is enabled by default on stand-alone JUNOS security devices.B Proxy ARP is enabled by default on chassis clusters.C JUNOS security devices can forward ARP requests to a remote device when proxy ...
问题:单选题Which zone is a system-defined zone?()A null zoneB trust zoneC untrust zoneD management zone...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Which three advanced permit actions within security policies are valid?()AMark permitted traffic for firewall user authentication.BMark permitted traffic for SCREEN options.CAssociate permitted traffic with an IPsec tunnel.DAssociate permitted traffic ...
问题:多选题Which two statements are true regarding IDP?()AIDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.BIDP cannot be used in conjunction with other JUNOS Software security features s...
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address...
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vL...
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep...
