网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
多选题
Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)
A
Up to three external authentication server types can be used simultaneously.
B
Only one external authentication server type can be used simultaneously.
C
If the local password database is not configured in the authentication order, and the configured authentication server bypassed.
D
If the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
参考答案
参考解析
解析:
暂无解析
更多 “多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.” 相关考题
考题
多选题Which three methods of source NAT does the Junos OS support?() (Choose three.)Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT
考题
单选题Which statement describes a security zone?()A
A security zone can contain one or more interfaces.B
A security zone can contain interfaces in multiple routing instances.C
A security zone must contain two or more interfaces.D
A security zone must contain bridge groups.
考题
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A
from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C
from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
考题
单选题A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()A
The host needs to open the telnet port.B
The host needs a route for the translated address.C
The administrator must use a proxy-arp policy for the translated address.D
The administrator must use a security policy, which will allow communication between the zones.
考题
单选题Which statement is true regarding the Junos OS for security platforms?()A
SRX Series devices can store sessions in a session table.B
SRX Series devices accept all traffic by default.C
SRX Series devices must operate only in packet-based mode.D
SRX Series devices must operate only in flow-based mode.
考题
多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
考题
多选题Which two statements are true about the relationship between static NAT and proxy ARP? ()(Choose two.)AIt is necessary to forward ARP requests to remote hosts.BIt is necessary when translated traffic belongs to the same subnet as the ingress interface.CIt is not automatic and you must configure it.DIt is enabled by default and you do not need to configure it.
考题
多选题Which two parameters are configured in IPsec policy? ()(Choose two.)AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy
考题
单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
考题
单选题Which zone is system-defined?()A
securityB
functionalC
junos-globalD
management
热门标签
最新试卷