网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()
- A、Pass
- B、Flow
- C、Allow
- D、Inspect
参考答案
更多 “Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()A、PassB、FlowC、AllowD、Inspect” 相关考题
考题
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)
A. [edit security idp]B. [edit security zones security-zone trust interfaces ge-0/0/0.0]C. [edit security zones security-zone trust]D. [edit security screen]
考题
Which two statements about static NAT translations are true?()
A. They are always present in the NAT table.B. They allow connection to be initiated from the outside.C. They can be configured with access lists, to allow two or more connections to be initiated from the outside.D. They require no inside or outside interface markings because addresses are statically defined.
考题
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? ()A.Port security needs to be globally enabled.B.Port security needs to be enabled on the interface.C.Port security needs to be configured to shut down the interface in the event of a violation.D.Port security needs to be configured to allow only one learned MAC address.E.Port security interface counters need to be cleared before using the show command.F.The port security configuration needs to be saved to NVRAM before it can become active.
考题
Whichtwoactionscanbeconfiguredtoallowtraffictotraverseaninterfacewhenzone-basedsecurityisbeingemployed?()
A.PassB.FlowC.AllowD.Inspect
考题
Which three statements are true when configuring Cisco IOS Firewall features using the SDM? ()A、A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.B、An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog box.C、Custom application policies for e-mail, instant messaging, HTTP, and peer-to-peer services can be created using the Intermediate Firewall wizard.D、Only the outside (untrusted) interface is specified in the Basic Firewall Interface Configuration dialog box.E、The outside interface that SDM can be launched from is configured in the Configuring Firewall for Remote Access dialog box.F、The SDM provides a basic, intermediate, and advanced firewall wizard.
考题
Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?()A、It is applied only on the input interface of a router.B、It is applied only on the output interface of a router.C、It can be configured either on the input or output interface of a router.D、It cannot be configured on a router interface.E、It is configured under any routing protocol process.
考题
Which two statements are true about voice VLANs?()A、Voice VLANs are only used when connecting an IP phone and a host to distinct switch portsB、Access ports that are configured with voice VLANs will always trust the CoS that is received from IP phonesC、Access ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phoneD、Voice VLANs are configured using the switchport voice vlan vlan-ID interface configuration commandE、Voice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the portF、Enabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings
考题
Which two options can be used as traffic descriptors when classifying and marking traffic? ()A、incoming interfaceB、Layer 2 differentiated services code point (DSCP)C、Layer 3 IP precedenceD、outgoing interface
考题
What is the main reason for using the "ip ips deny-action ips-interface" IOS command?()A、 To selectively apply drop actions to specific interfacesB、 To enable IOS to droptraffic for signatures configured with the Drop actionC、 To support load-balancing configurations in which traffic can arrive via multipleinterfaces D、 This is nota valid IOS command
考题
Which three practices are important to the implementation of a DiffServ QoS architecture?()A、 Because services are allocated throughout the network before the transmission of data begins, traffic classes can be guaranteed QoS services.B、 Traffic classes are marked with Layer 2 markings to allow for more granularity in identifying traffic classes.C、 Traffic classes are marked with Layer 3 markings to allow them to traverse different network types without loss of QoS information.D、 Traffic classes allow networks to provide proper QoS treatment of packets without applications having to request services.E、 Based upon the network capabilities, QoS markings are placed on packets as needed throughout the network to allow for proper QoS treatment of packets.F、 QoS markings are placed on packets as close to the network edge as possible to allow distribution and core devices to determine QoS actions as quickly as possible.
考题
You need to configure port security on switch R1. Which two statements are true about this technology? ()A、 Port security can be configured for ports supporting VoIP.B、 With port security configured, four MAC addresses are allowed by default.C、 The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.D、Withsecurity configured, only one MAC addresses is allowed by default. E、 Port security cannot be configured for ports supporting VoIP.
考题
Which two statements are true about the primary address on an interface?()A、It is the address used by default as the local address for broadcast and multicast packets sourced locally and sent out of the interface.B、You use the primary address when you have multiple IP addresses belonging to the same subnet on the same interface.C、It can be useful for selecting the local address used for packets sent out of unnumbered interfaces when multiple non-127 addresses are configured on the loopback interface.D、By default, the primary address on an interface is selected as the numerically highest local address configured on the interface.
考题
Which two statements are true for a security policy? ()(Choose two.)A、It controls inter-zone traffic.B、It controls intra-zone traffic.C、It is named with a system-defined name.D、It controls traffic destined to the device's ingress interface.
考题
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A、[edit security idp]B、[edit security zones security-zone trust interfaces ge-0/0/0.0]C、[edit security zones security-zone trust]D、[edit security screen]
考题
Which two statements are true about the primary address on an interface? ()A、It is the address used by default as the local address for broadcast and multicast packets sourced locally and sent out of the interfaceB、You use the primary address when you have multiple IP addresses belonging to the same subnet on the same intefaceC、It can be useful for selecting the local address used for packets sent out of unnumbered interfaces when multiple non-127 addresses are configured on the loopback interfaceD、By default, the primary address on an interface is selected as the nmerically highest local address configured on the interface
考题
Users can define policy to control traffic flow between which two components? ()(Choose two.)A、from a zone to the router itselfB、from a zone to the same zoneC、from a zone to a different zoneD、from one interface to another interface
考题
Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
考题
单选题Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?()A
It is applied only on the input interface of a router.B
It is applied only on the output interface of a router.C
It can be configured either on the input or output interface of a router.D
It cannot be configured on a router interface.E
It is configured under any routing protocol process.
考题
多选题Which two statements are true for a security policy? ()(Choose two.)AIt controls inter-zone traffic.BIt controls intra-zone traffic.CIt is named with a system-defined name.DIt controls traffic destined to the device's ingress interface.
考题
单选题What is the main reason for using the "ip ips deny-action ips-interface" IOS command?()A
To selectively apply drop actions to specific interfacesB
To enable IOS to droptraffic for signatures configured with the Drop actionC
To support load-balancing configurations in which traffic can arrive via multipleinterfaces D
This is nota valid IOS command
考题
多选题Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()APassBFlowCAllowDInspect
考题
多选题Which two statements are true about voice VLANs?()AVoice VLANs are only used when connecting an IP phone and a host to distinct switch portsBAccess ports that are configured with voice VLANs will always trust the CoS that is received from IP phonesCAccess ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phoneDVoice VLANs are configured using the switchport voice vlan vlan-ID interface configuration commandEVoice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the portFEnabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings
考题
多选题You need to configure port security on switch R1. Which two statements are true about this technology? ()APort security can be configured for ports supporting VoIP.BWith port security configured, four MAC addresses are allowed by default.CThe network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.DWithsecurity configured, only one MAC addresses is allowed by default.EPort security cannot be configured for ports supporting VoIP.
考题
多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
考题
多选题Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? ()APort security needs to be globally enabled.BPort security needs to be enabled on the interface.CPort security needs to be configured to shut down the interface in the event of a violation.DPort security needs to be configured to allow only one learned MAC address.EPort security interface counters need to be cleared before using the show command.FThe port security configuration needs to be saved to NVRAM before it can become active.
考题
多选题Which two statements are true about the primary address on an interface?()AIt is the address used by default as the local address for broadcast and multicast packets sourced locally and sent out of the interface.BYou use the primary address when you have multiple IP addresses belonging to the same subnet on the same interface.CIt can be useful for selecting the local address used for packets sent out of unnumbered interfaces when multiple non-127 addresses are configured on the loopback interface.DBy default, the primary address on an interface is selected as the numerically highest local address configured on the interface.
考题
多选题Which two statements about static NAT translations are true?()AThey are always present in the NAT table.BThey allow connection to be initiated from the outside.CThey can be configured with access lists,to allow two or more connections to be initiated from the outside.DThey require no inside or outside interface markings because addresses are statically defined.
热门标签
最新试卷