Which statement describes a security zone?()A. A security zone can contain one or more interfaces.B. A security zone can contain interfaces in multiple routing instances.C. A security zone must contain two or more interfaces.D. A security zone must contai

第1题：

第2题：

Which statement best describes Cisco IOS Zone-Based Policy Firewall？（）

• A、A router interface can belong to multiple zones.
• B、Policy maps are used to classify traffic into different traffic classes， and class maps are used to assignaction to the traffic classes.
• C、The pass action works in only one direction
• D、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.

第3题：

Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed？（）

• A、Pass
• B、Flow
• C、Allow
• D、Inspect

第4题：

Which two steps are performed when configuring a zone？（）

• A、Define a default policy for the zone.
• B、Assign logical interfaces to the zone.
• C、Assign physical interfaces to the zone.
• D、Define the zone as a security or functional zone

第5题：

At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? （）(Choose two.)

• A、[edit security idp]
• B、[edit security zones security-zone trust interfaces ge-0/0/0.0]
• C、[edit security zones security-zone trust]
• D、[edit security screen]

第6题：

Regarding secure tunnel （st） interfaces， which statement is true？（）

• A、You cannot assign st interfaces to a security zone.
• B、You cannot apply static NAT on an st interface logical unit.
• C、st interfaces are optional when configuring a route-based VPN
• D、A static route can reference the st interface logical unit as the next-hop

第7题：

Which two statements are true regarding the system-default security policy [edit security policies default-policy]?（）(Choose two.)

• A、Traffic is permitted from the trust zone to the untrust zone.
• B、Intrazone traffic in the trust zone is permitted.
• C、All traffic through the device is denied.
• D、The policy is matched only when no other matching policies are found.

第8题：

You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?（）

• A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
• B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
• C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
• D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

Which type of zone is used by traffic transiting the device？（）

• A、transit zone
• B、default zone
• C、security zone
• D、functional zone

第15题：

You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic？（）

• A、[edit security policies from-zone HR to-zone HR]
• B、[edit security zones functional-zone management protocols]
• C、[edit security zones protocol-zone HR host-inbound-traffic]
• D、[edit security zones security-zone HR host-inbound-traffic protocols]

第16题：

What is the purpose of a zone in JUNOS Software？（）

• A、A zone defines a group of security devices with a common management.
• B、A zone defines the geographic region in which the security device is deployed.
• C、A zone defines a group of network segments with similar security requirements.
• D、A zone defines a group of network segments with similar class-of-service requirements.

第17题：

Which statement describes a security zone?（）

• A、A security zone can contain one or more interfaces.
• B、A security zone can contain interfaces in multiple routing instances.
• C、A security zone must contain two or more interfaces.
• D、A security zone must contain bridge groups.

第18题：

You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?（）

• A、set security zones management interfaces ge-0/0/0.0
• B、set zones functional-zone management interfaces ge-0/0/0.0
• C、set security zones functional-zone management interfaces ge-0/0/0.0
• D、set security zones functional-zone out-of-band interfaces ge-0/0/0.0

第19题：

Regarding zone types， which statement is true？（）

• A、You cannot assign an interface to a functional zone.
• B、You can specifiy a functional zone in a security policy.
• C、Security zones must have a scheduler applied.
• D、You can use a security zone for traffic destined for the device itself.

第20题：

Your  company，  A.  Datum  Corporation，  has  a  single  Active  Directory  domain  named  intranet.adatum.com. The domain has two domain controllers that run Windows Server 2008 R2  operating system. The domain controllers also run DNS servers.  The intranet.adatum.com DNS zone is configured as an Active Directoryintegrated zone with the  Dynamic updates setting configured to Secure only.  A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by  domain controllers or member servers.  You need to configure the intranet.adatum.com zone to meet the new security policy requirement.  Which two actions should you perform（）

• A、Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone  properties.
• B、Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com  DNS zone properties.
• C、Assign the server computer accounts the Allow on Write All Properties permission on the Security tab  of the intranet.adatum.com DNS zone properties.
• D、Assign the server computer accounts the Allow on Create All Child Objects permission on the Security  tab of the intranet.adatum.com DNS zone properties.

第21题：

第22题：

第23题：