网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
单选题
You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()
A
guest-vlan
B
auth-fail-vlan
C
server-reject-vlan
D
server-fail-vlan
参考答案
参考解析
解析:
暂无解析
更多 “单选题You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()A guest-vlanB auth-fail-vlanC server-reject-vlanD server-fail-vlan” 相关考题
考题
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()
A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy
考题
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A. show services unified-access-control authentication-tableB. show auth tableC. show services unified-access-control policiesD. show services unified-access-control captive-portal
考题
You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()A. guest-vlanB. auth-fail-vlanC. server-reject-vlanD. server-fail-vlan
考题
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer
考题
You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()
A. Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B. A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C. Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D. A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
考题
You navigate to "UAC" > "Infranet Enforcer" > "Auth Table Mapping" in the admin GUI. You see one policy, which is the unmodified, original default policy.Which statement is true?()
A. Dynamic auth table mapping is not enabled.B. A successful authentication attempt will result in a new authentication table entry, which will be delivered only to the Junos enforcer protecting the network from which the user has authenticated.C. To create a static auth table mapping, you must delete the default policy.D. The default policy applies only to the factory-default role User.
考题
Which deployed VoWLAN client security option is recommended by Cisco?()A、Layer 3 with Layer 3 Security set to None and Web Policy set to AuthenticationB、Layer 3 with Layer 3 Security set to None and Web Policy set to VPN Pass-ThroughC、Layer 3 with Layer 3 Security set to VPN Pass-ThroughD、Layer 2 with Layer 2 Security set to 802.1X
考题
You have a share on your local computer. This share contains some sensitive applications in theform of .exe files. You want to audit the users who are trying to execute these programs. What should you do?()A、Turn on auditing for objects in the Local Security Policy and Select 'Process Tracking'.B、Turn on auditing for objects in the Local Security Policy and Select 'Object Access'.C、Use Windows Explorer to turn on auditing for the specific files. D、Have the administrator for domains log you on as an administrator and enable auditing for a specific file.E、Turn on auditing for objects in the Local Security Policy and Select 'Account Management'.F、Allow only one account at a time to log on to your shared folder. Check the event viewer to see who logged on.
考题
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy
考题
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
考题
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A、show services unified-access-control authentication-tableB、show auth tableC、show services unified-access-control policiesD、show services unified-access-control captive-portal
考题
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer
考题
You navigate to "UAC" "Infranet Enforcer" "Auth Table Mapping" in the admin GUI. You see one policy, which is the unmodified, original default policy.Which statement is true?()A、Dynamic auth table mapping is not enabled.B、A successful authentication attempt will result in a new authentication table entry, which will be delivered only to the Junos enforcer protecting the network from which the user has authenticated.C、To create a static auth table mapping, you must delete the default policy.D、The default policy applies only to the factory-default role User.
考题
You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.
考题
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()A、The MAG Series device has multiple ports associated with the certificate.B、The MAG Series device's serial number needs to be configured on the SRX Series device.C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.D、The MAG Series device and SRX Series device are not synchronized to an NTP server.
考题
Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security (EAP-TLS). The Network Policy Server has a certificate installed. Client computers are unable to connect to the wireless access points. You need to enable client computers to connect to the wireless network. What should you do?()A、Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).B、Configure client computers to use Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS).C、Install a certificate in the Trusted Root Certification Authorities certificate store.D、Install a certificate in the Third-Party Root Certification Authorities certificate store.
考题
You deploy mobile devices that run Microsoft Windows Mobile 5.0. Company security policy requires an authentication process that is stronger than a user name and password combination. You need to ensure that Microsoft ActiveSync sessions use an authentication process that meets the company security policy. What should you do?()A、Deploy a two-factor authentication process.B、Deploy a single-factor authentication process.C、Deploy a simple PIN policy for the Windows Mobilebased devices.D、Deploy a complex PIN policy for the Windows Mobilebased devices.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method. What should you do? ()A、 Use the authentication method of the default IPSec policies.B、 Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.C、 Create a custom IPSec policy and use certificate-based authentication.D、 Create a custom IPSec policy and use preshared key authentication.E、 Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.
考题
单选题Which deployed VoWLAN client security option is recommended by Cisco?()A
Layer 3 with Layer 3 Security set to None and Web Policy set to AuthenticationB
Layer 3 with Layer 3 Security set to None and Web Policy set to VPN Pass-ThroughC
Layer 3 with Layer 3 Security set to VPN Pass-ThroughD
Layer 2 with Layer 2 Security set to 802.1X
考题
单选题You have a share on your local computer. This share contains some sensitive applications in theform of .exe files. You want to audit the users who are trying to execute these programs. What should you do?()A
Turn on auditing for objects in the Local Security Policy and Select 'Process Tracking'.B
Turn on auditing for objects in the Local Security Policy and Select 'Object Access'.C
Use Windows Explorer to turn on auditing for the specific files. D
Have the administrator for domains log you on as an administrator and enable auditing for a specific file.E
Turn on auditing for objects in the Local Security Policy and Select 'Account Management'.F
Allow only one account at a time to log on to your shared folder. Check the event viewer to see who logged on.
考题
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A
You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B
No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C
You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D
You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
考题
单选题You navigate to "UAC" "Infranet Enforcer" "Auth Table Mapping" in the admin GUI. You see one policy, which is the unmodified, original default policy.Which statement is true?()A
Dynamic auth table mapping is not enabled.B
A successful authentication attempt will result in a new authentication table entry, which will be delivered only to the Junos enforcer protecting the network from which the user has authenticated.C
To create a static auth table mapping, you must delete the default policy.D
The default policy applies only to the factory-default role User.
考题
单选题You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A
show services unified-access-control authentication-tableB
show auth tableC
show services unified-access-control policiesD
show services unified-access-control captive-portal
考题
单选题Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security (EAP-TLS). The Network Policy Server has a certificate installed. Client computers are unable to connect to the wireless access points. You need to enable client computers to connect to the wireless network. What should you do?()A
Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).B
Configure client computers to use Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS).C
Install a certificate in the Trusted Root Certification Authorities certificate store.D
Install a certificate in the Third-Party Root Certification Authorities certificate store.
考题
单选题You deploy mobile devices that run Microsoft Windows Mobile 5.0. Company security policy requires an authentication process that is stronger than a user name and password combination. You need to ensure that Microsoft ActiveSync sessions use an authentication process that meets the company security policy. What should you do?()A
Deploy a two-factor authentication process.B
Deploy a single-factor authentication process.C
Deploy a simple PIN policy for the Windows Mobilebased devices.D
Deploy a complex PIN policy for the Windows Mobilebased devices.
考题
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The company has remote users in the sales department who work from home. The remote users’ client computers run Windows XP Professional, and they are not members of the domain. The remote users’ client computers have local Internet access through an ISP. The company is deploying a Windows Server 2003 computer named Server1 that has Routing and Remote Access installed. Server1 will function as a VPN server, and the remote users will use it to connect to the company network. Confidential research data will be transmitted from the remote users’ client computers. Security is critical to the company and Server1 must protect the remote users’ data transmissions to the main office. The remote client computers will use L2TP/IPSec to connect to the VPN server. You need to choose a secure authentication method. What should you do? ()A
Use the authentication method of the default IPSec policies.B
Create a custom IPSec policy and use the Kerberos version 5 authentication protocol.C
Create a custom IPSec policy and use certificate-based authentication.D
Create a custom IPSec policy and use preshared key authentication.E
Use the authentication method of the Routing and Remote Access custom IPSec policy for L2TP connection.
考题
单选题You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()A
Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B
A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C
Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D
A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
热门标签
最新试卷