单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However， the administrator does not want the server to be able to init

第1题：

Which statement is correct regarding the operation of DHCP?（）

• A、A DHCP client uses a ping to detect address conflicts.(ARP)
• B、A DHCP server uses a gratuitous ARP to detect DHCP clients.
• C、A DHCP client uses a gratuitous ARP to detect a DHCP server.
• D、If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
• E、If an address conflict is detected, the address removed from the pool for an amount of time configurable by the administrator.
• F、If an address conflict is detected, the address is removed from the pool and will not be reused until server is rebooted.

第2题：

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）

• A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
• D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

第3题：

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com（172.19.1.1） in the Untrust zone. How do you create this policy？（）

• A、Specify the IP address （172.19.1.1/32） as the destination address in the policy.
• B、Specify the DNS entry （hostb.example.com.） as the destination address in the policy.
• C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
• D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

第4题：

A network administrator receives complaints from the engineering group that an application on one server is not working properly. After further investigation, the administrator determines that source NAT translation is using a different source address after a random number of flows. Which two actions can the administrator take to force the server to use one address?（） (Choose two.)

• A、Use the custom application feature.
• B、Configure static NAT for the host.
• C、Use port address translation (PAT).
• D、Use the address-persistent option.

第5题：

You are the administrator of a Windows 2000 network. The network consists of a Windows 2000 domain named Company.com. You install Windows 2000 Professional on a new computer named ES1 and configure the TCP/IP settings to have a static IP address. You plan to join ES1 to the Company.com domain. You configure two DNS server addresses in the TCP/IP properties. The first DNS server address is for a DNS server hosted by your ISP, the second DNS server address is for a DNS server authoritative for the Company.com domain. When you attempt to join ES1 to the domain, you are unable to do so. You can successfully PING the IP address of each DNS server from ES1. You want ES1 to be able to join the Company.com domain. What should you do?（）

• A、Delete the second DNS server entry.
• B、Delete the first DNS server entry.
• C、Add an A （host） record for the computer to the appropriate DNS zone.
• D、Configure the computer to Obtain an IP address automatically.

第6题：

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

An administrator mistakenly shutdown production after a fallover because the service IP address  Was shifted from the normal production node to the standby node.  What can be done to avoid this type of mistake in the future？（）  

• A、 Include the service IP address in the administrator’s PS1 prompt
• B、 Alias the service IP address to the hostname in the /etc/host file
• C、 Define a persistent IP address with HACMP and make it a practice to use the persistent address for administration work
• D、 Add a DNS entry to map the standby node name to the service IP address so telnet connections will be to the correct node

第14题：

A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver； the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this？（）

• A、DHCP server
• B、DNS server
• C、Host file
• D、Route statements

第15题：

A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?（）

• A、The host needs to open the telnet port.
• B、The host needs a route for the translated address.
• C、The administrator must use a proxy-arp policy for the translated address.
• D、The administrator must use a security policy, which will allow communication between the zones.

第16题：

You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?（）

• A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
• B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
• C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
• D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam

第17题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6，000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture， you see that Network Monitor captured over 40，000 frames. As you look at the captured frames， you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor， you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address.  What should you do？（）

• A、Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.
• B、Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.
• C、Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.
• D、Create a Pattern Match capture trigger for the 131.107.0.1 IP address.

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：