当前分类: JN0-331
问题:多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] use...
查看答案
问题:多选题Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()AJUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.BJUNOS Software for secur...
问题:单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A close-connectionB terminate-connectionC close-client-and-serverD terminate-session...
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)...
问题:单选题You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()A set security zones management interfaces ge-0/0/0.0B set zones funct...
问题:单选题Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()A message 1 and 2B message 3 and 4C message 5 and 6D message 7 and 8...
问题:多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separat...
问题:多选题Which two statements about the use of SCREEN options are correct?()ASCREEN options are deployed at the ingress and egress sides of a packet flow.BAlthough SCREEN options are very useful, their use can result in more session creation.CSCREEN options off...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:单选题A traditional router is better suited than a firewall device for which function?()A VPN establishmentB packet-based forwardingC stateful packet processingD Network Address Translation...
问题:单选题Which configuration shows a pool-based source NAT without PAT’?()A AB BC CD D...
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
问题:单选题Which parameters are valid SCREEN options for combating operating system probes?()A syn-fin, syn-flood, and tcp-no-fragB syn-fin, port-scan, and tcp-no-flagC syn-fin, fin-no-ack, and tcp-no-fragD syn-fin, syn-ack-ack-proxy, and tcp-no-frag...
问题:多选题Which three advanced permit actions within security policies are valid?()AMark permitted traffic for firewall user authentication.BMark permitted traffic for SCREEN options.CAssociate permitted traffic with an IPsec tunnel.DAssociate permitted traffic ...
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks...
问题:多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects...
问题:单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thur...
问题:多选题Which two parameters are configured in IPsec policy?()AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy...
问题:单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to init...
问题:单选题By default, which condition would cause a session to be removed from the session table?()A Route entry for the session changed.B Security policy for the session changed.C The ARP table entry for the source IP address timed out.D No traffic matched the ...
