网友您好, 请在下方输入框内输入要搜索的题目:

题目内容 (请给出正确答案)

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

  • A、resource access policies
  • B、Host Enforcer policies
  • C、source IP enforcement policies
  • D、IPsec enforcement policies

参考答案

更多 “You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A、resource access policiesB、Host Enforcer policiesC、source IP enforcement policiesD、IPsec enforcement policies” 相关考题
考题 You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?() A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy

考题 You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A. CLIB. WebUIC. NSMD. Junos Pulse Access Control Service

考题 You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A. resource access policiesB. Host Enforcer policiesC. source IP enforcement policiesD. IPsec enforcement policies

考题 You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A. show services unified-access-control authentication-tableB. show auth tableC. show services unified-access-control policiesD. show services unified-access-control captive-portal

考题 You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer

考题 Your network contains a wired network and a wireless network. Users report that they experience intermittent problems accessing network resources when they connect to the internal wireless network. You discover that an unsecured rogue wireless access point uses the same Service Set Identifier (SSID) as the internal wireless network. You need to ensure that the users only connect to the internal wireless network. What should you do?()A.Configure a Windows Connect Now Group Policy.B.Configure a Wireless Network (IEEE 802.11) Policy.C.Delete the rogue network from the Network and Sharing Center on each computer.D.Create a Connection Manager Administration Kit (CMAK) profile and deploy it to all users.

考题 Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend?()A、Enable Network Access Protection (NAP) on the network.B、Deploy the Root CA certificate to the external computers.C、Implement the Remote Desktop Connection Broker role service.D、Configure the firewall to allow inbound traffic on TCP Port 1723.

考题 Two routers configured to run BGP have been connected to a firewall, one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer, including the correct BGP session endpoint addresses and the correct BGP session hop-count limit (EBGP multihop). What is a good first test to see if BGP will work across the firewall?()A、Attempt to TELNET from the router connected to the inside of the firewall to the router connected to the outside of the firewall. If telnet works, BGP will work, since telnet and BGP both use TCP to transport data.B、Ping from the router connected to the inside interface of the firewall to the router connected to the outside interface of the firewall. If you can ping between them, BGP should work, since BGP uses IP to transport packets.C、There is no way to make BGP work across a firewall without special configuration, so there is no simple test that will show you if BGP will work or not, other than trying to start the peering session.D、There is no way to make BGP work across a firewall.

考题 You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy

考题 You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

考题 You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A、show services unified-access-control authentication-tableB、show auth tableC、show services unified-access-control policiesD、show services unified-access-control captive-portal

考题 You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer

考题 You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A、CLIB、WebUIC、NSMD、Junos Pulse Access Control Service

考题 You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.

考题 You work as a senior administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed.  You are running a training exercise for junior administrators. You are currently discussing the Windows Firewall with Advanced Security feature.  Which of the following is TRUE with regards to Windows Firewall with Advanced Security?()A、It provides host-based,two-way network traffic filtering for a computer.B、It provides host-based,one-way network traffic filtering for a computer.C、It blocks unauthorized network traffic flowing into or out of the local computer.D、It only blocks unauthorized network traffic flowing into the local computer.E、It only blocks unauthorized network traffic flowing out of the local computer.

考题 You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed?()A、VPN TrafficB、DNS TrafficC、LDAP TrafficD、HTTP TrafficE、HTTPS TrafficF、Traffic from the network address of 192.168.10/24

考题 Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).A firewall separates the internal network from the Internet.  The firewall blocks all outbound traffic except for HTTP and SMTP traffic.You install a DNS server. The DNS server is configured to use the default root hints. You need to ensure that the DNS server can resolve the host names on the Internet.  Which port should you open on the firewall?()A、53B、135C、500D、3389

考题 You are designing the IP address assignment strategy for the VPN users. Which two actions should you perform.()A、 Configure VPN1 as a DHCP Relay Agent.B、 Configure VPN1 to assign IP Address by using DHCP server.C、 Configure VPN1 to have a static pool of IP Address from the network address of 131.107.1.0/24.D、 Configure VPN1 to have a static pool of IP Address from the network address of 192.168.1.0/24.E、 Configure the perimeter firewall to allow inbound DHCP traffic to be passed to VPN1.F、 Configure the interval firewall to allow DHCP broadcasts to be forwarded from the external network to the internal network.

考题 You need to configure a computer to encrypt all inbound connections by using IPSec. What should you do?()A、From Network and Sharing Center, click Connect to a network.B、From Network and Sharing Center, click Set up a new connection or network.C、From Windows Firewall with Advanced Security, click Inbound Rules and then click New Rule.D、From Windows Firewall with Advanced Security, click Connection Security Rules and then click NewRule.

考题 Your network contains an internal network and a perimeter network. You have one Exchange Server 2010 server on the internal network. You install Windows Server 2008 R2 on a new server in the perimeter network. You need to ensure that you can install the Edge Transport server role on the new server.  What should you do()?  A、Join the new server to an Active Directory domain.B、Install Active?Directory Lightweight Directory Services on the new server.C、Run ImportEdgeConfig.ps1 on the existing Exchange Server 2010 server.D、Open TCP port 88 and TCP port 3268 on the firewall between the perimeter network and the internal network.

考题 You are designing a strategy to allow users to gain VPN access to the internal network.  What should you do?()A、 Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.B、 Allow all inbound VPN traffic to pass through the perimeter firewall only.C、 Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.D、 Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.

考题 Your computer has Microsoft Windows Firewall enabled.  Your child plays an online game that uses connectionless traffic over port 5678 for inbound and outbound traffic.  You need to prevent your child from playing this game.  What should you do? ()A、Enable the User Account Control feature.B、Configure the user account of your child as a standard user.C、Create an outbound rule in Windows Firewall to block UDP port 5678.D、Create an outbound rule in Windows Firewall to block TCP port 5678.

考题 You are the administrator of a Windows Server 2003 computer named Server1. The network contains another Windows Server 2003 computer named Server2 that has the DNS and WINS services installed. Two hundred Windows 2000 Professional computers regularly connect to Server1 to access file and print resourcesAdministrators report that network traffic has increased and that response times for requests for network resources on Server1 have increased.   You need to identify whether Server1 is receiving requests for resources through NetBIOS broadcasts. What should you do?()A、Use Network Monitor to capture traffic between Server1 and all client computers.B、Use Network Monitor to capture traffic between Server1 and Server2.C、Monitor Event Viewer for Net Logon error or warning events.D、Run the tracert command on Server1.

考题 You work as a network administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com.  All servers on the ABC.com network have Windows Server 2012 R2 installed and all client computers have Windows 8 installed. The ABC.com network contains a domain controller named ABC_DC01. You want to run the ping ABC_dc01.ABC.com command from a client computer named ABC_WS27.How would you accomplish this?()A、You should configure the firewall on ABC_DC01 to allow inbound ICMP traffic.B、You should run the dcdiag /v command on ABC_DC01.C、You should run the netdiag /v command on ABC_WS27.D、You should configure the firewall on ABC_Ws27 to allow inbound ICMP traffic.

考题 You need to design access to e-mail by Internet users. What should you do?()A、Configure front-end servers to use HTTP to communicate with back-end serversB、Configure the internal firewall to allow IPSec traffic between front-end and back-end Exchange serversC、Require all users to encrypt all outbound e-mail messagesD、Issue digital certificates to all remote users. Require the certificates to be used when authenticating to Outlook Web Access

考题 多选题You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed?()AVPN TrafficBDNS TrafficCLDAP TrafficDHTTP TrafficEHTTPS TrafficFTraffic from the network address of 192.168.10/24

考题 单选题You are designing a strategy to allow users to gain VPN access to the internal network.  What should you do?()A  Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.B  Allow all inbound VPN traffic to pass through the perimeter firewall only.C  Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.D  Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.