Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A. [edit securit
题目
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()
A. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
B. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
C. [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
D. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
相似考题
更多“Your task is to provision the Junos security platform to permit transit packets from the P ”相关问题
-
第1题:
Assumethedefault-policyhasnotbeenconfigured.Giventheconfigurationshownintheexhibit,whichtwostatementsabouttrafficfromhost_aintheHRzonetohost_binthetrustzonearetrue?()[editsecuritypoliciesfrom-zoneHRto-zonetrust]user@hostshowpolicyone{match{source-addressany;destination-addressany;application[junos-httpjunos-ftp];}then{permit;}}policytwo{match{source-addresshost_a;destination-addresshost_b;application[junos-httpjunos-smtp];}then{deny;}}
A.DNStrafficisdenied.
B.HTTPtrafficisdenied.
C.FTPtrafficispermitted.
D.SMTPtrafficispermitted.
参考答案:A, C
-
第2题:
Intheconfigurationshownintheexhibit,youdecidedtoeliminatethejunos-ftpapplicationfromthematchconditionofthepolicyMyTraffic.[editsecuritypolicies]user@hostlshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;WhatwillhappentotheexistingFTPandBGPsessions?()
A.TheexistingFTPandBGPsessionswillcontinue.
B.TheexistingFTPandBGPsessionswillbere-evaluatedandonlyFTPsessionswillbedropped.
C.TheexistingFTPandBGPsessionswillbere-evaluatedandallsessionswillbedropped.
D.TheexistingFTPsessionswillcontinueandonlytheexistingBGPsessionswillbedropped.
参考答案:B
-
第3题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
参考答案:B
-
第4题:
Giventheconfigurationshownintheexhibit,whichstatementistrueabouttrafficfromhost_atohost_b?()[editsecuritypoliciesfrom-zoneHRto-zonetrust]user@hostshowpolicytwo{match{source-addresssubnet_a;destination-addresshost_b;application[junos-telnetjunos-ping];}then{reject;}}policyone{match{source-addresshost_a;destination-addresssubnet_b;applicationany;}then{permit;}}host_aisinsubnet_aandhost_bisinsubnet_b.
A.DNStrafficisdenied.
B.Telnettrafficisdenied.
C.SMTPtrafficisdenied.
D.Pingtrafficispermitted
参考答案:B
-
第5题:
Intheexhibit,youdecidedtochangemyHostsaddresses.[editsecuritypolicies]user@hostshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;Whatwillhappentothenewsessionsmatchingthepolicyandin-progresssessionsthathadalreadymatchedthepolicy?()
A.Newsessionswillbeevaluated.In-progresssessionswillbere-evaluated.
B.Newsessionswillbeevaluated.Allin-progresssessionswillcontinue.
C.Newsessionswillbeevaluated.Allin-progresssessionswillbedropped.
D.Newsessionswillhaltuntilallin-progresssessionsarere-evaluated.In-progresssessionswillbere-evaluatedandpossiblydropped.
参考答案:A
-
第6题:
关于数据封装的顺序()是正确的。A.DatA.segments-packets-frames-bits
B.DatA.packets-segments-frames-bits
C.DatA.frames-segments-packets-bits
D.DatA.segments-frames-packets-bits
参考答案:A