当前分类: JN0-331
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)...
查看答案
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thur...
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects...
问题:单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connectionto Host B. These connections are the only communication between Host A and Host B. Thesecurity policy configuration permits both connections.How many flows exist bet...
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separat...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] use...
问题:多选题Which three parameters are configured in the IKE policy?()AmodeBpreshared keyCexternal interfaceDsecurity proposalsEdead peer detection settings...
问题:单选题What is the purpose of an address book?()A It holds security policies for particular hosts.B It holds statistics about traffic to and from particular hosts.C It defines hosts in a zone so they can be referenced by policies.D It maps hostnames to IP add...
问题:单选题Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the...
问题:多选题Which two statements regarding asymmetric key encryption are true?()AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decrypti...
问题:单选题Which statement describes the behavior of source NAT with address shifting?()A Source NAT with address shifting translates both the source IP address and the source port of a packet.B Source NAT with address shifting defines a one-to-one mapping from a...
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session...
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks...
问题:单选题Regarding zone types, which statement is true?()A You cannot assign an interface to a functional zone.B You can specifiy a functional zone in a security policy.C Security zones must have a scheduler applied.D You can use a security zone for traffic des...
问题:单选题Which configuration shows a pool-based source NAT without PAT’?()A AB BC CD D...
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...
