多选题You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its bui

第1题：

第2题：

第3题：

Which three statements are true when configuring Cisco IOS Firewall features using the SDM？ （）

• A、A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.
• B、An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog box.
• C、Custom application policies for e-mail， instant messaging， HTTP， and peer-to-peer services can be created using the Intermediate Firewall wizard.
• D、Only the outside （untrusted） interface is specified in the Basic Firewall Interface Configuration dialog box.
• E、The outside interface that SDM can be launched from is configured in the Configuring Firewall for Remote Access dialog box.
• F、The SDM provides a basic， intermediate， and advanced firewall wizard.

第4题：

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?（）

• A、access profile
• B、IKE parameters
• C、tunneled interface
• D、redirect policy

第5题：

In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?（）

• A、to specify the destination addresses to which access is permitted
• B、to specify the source address permitted to access the resource
• C、to specify the services to which access is permitted
• D、to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

第6题：

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?（）

• A、Resource access policy on the MAG Series device
• B、IPsec routing policy on the MAG Series device
• C、General traffic policy blocking access through the firewall enforcer
• D、Auth table entry on the firewall enforcer

第7题：

Which three types of policies must you configure to allow remote users transparent access to protected resources using IF-MAP Federation between a Junos Pulse Secure Access Service and a Junos Pulse Access Control Service?（）

• A、Session-Export policies on the Junos Pulse Secure Access Service
• B、Session-Export policies on the Junos Pulse Access Control Service
• C、Session-Import policies on the Junos Pulse Secure Access Service
• D、Session-Import policies on the Junos Pulse Access Control Service
• E、Resource access policies on the Junos Pulse Access Control Service

第8题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第9题：

You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos Pulse Secure Access Service provisions a remote access session for that user.What happens next?（）

• A、The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access Service for authentication
• B、The Junos Pulse Access Control Service provisions enforcement points to enable resource access for that user.
• C、The Junos Pulse Secure Access Service publishes user session and role information to the IF- MAP Federation server,
• D、The Junos Pulse Secure Access Service provisions enforcement points to enable resource access for that user.

第10题：

第11题：

第12题：

第13题：

第14题：

第15题：

A customer is deploying a new Junos Pulse Access Control Service and has completed the initial boot configuration as prompted using a serial connection. The customer now wants to complete the rest of the configuration using the admin GUI.Into which port on the Junos Pulse Access Control Service should the customer plug the network cable to enable access to the admin GUI?（）

• A、the internal interface
• B、the external interface
• C、the management interface
• D、the console interface

第16题：

You notice that during peak hours, some firewall enforcers contain a high number of auth table entries. As you investigate the issue, you discover that all users are getting auth table mappings to all firewalls, which is not acceptable. What should you do on the Junos Pulse Access Control Service to resolve this problem?（）

• A、Delete the default auth table mapping policy
• B、Create auth table mapping policies that route users to specific resources
• C、Create Resource Access policies that permit access to specific resources
• D、Create Source Interface policies that route users to specific resources

第17题：

You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?（）

• A、show services unified-access-control authentication-table
• B、show auth table
• C、show services unified-access-control policies
• D、show services unified-access-control captive-portal

第18题：

A customer has purchased a third-party switch to use for Layer 2 access with their Junos Pulse Access Controe Service. When configuring the switch on the Junos Pulse Access Control Service, the customer does not find a make/model entry for it . Which two actions should the customer take to make the switch work with the Junos Pulse Access Control Service?（）

• A、Add the switch to the Junos Pulse Access Control Service as a standard RADIUS.
• B、Add the switch to the Junos Pulse Access Control Service using the "Any" make/model.
• C、Add the switch as a firewall enforcer.
• D、Obtain and configure the RADIUS dictionary for the switch and use that vendor listing for the make/model.

第19题：

You want to provide all users in your corporation with a single agent that provides access to multiple connection types conditionally. For example, you connect to the Junos Pulse Access Control Service if you are connected to the intranet, but you connect to the Junos Pulse Secure Access Service if you are on a remote network. Which agent should you use for this type of connection requirement?（）

• A、Junos Pulse should be configured with location awareness rules configured.
• B、Odyssey Access Client should be installed with Host Checker configured to check the client's location.
• C、Junos Pulse should be configured with all components installed.
• D、Agentless access should be enabled so that clients can connect to any service without concern for installing an agent.

第20题：

You are deploying a Junos Pulse Access Control Service cluster in active/passive mode. How do you configure the IP address on the SRX Series devices?（）

• A、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP as the IP address the instance.
• B、Configure multiple Junos Pulse Access Control Service instances on the enforcer, specifying the specific IP address each device in a separate instance.
• C、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and active node address in the instance.
• D、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and passive node address in the instance.

第21题：

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?（）

• A、resource access policies
• B、Host Enforcer policies
• C、source IP enforcement policies
• D、IPsec enforcement policies

第22题：

第23题：

第24题：