网友您好, 请在下方输入框内输入要搜索的题目:

题目内容 (请给出正确答案)

Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }

  • A、DNS traffic is denied.
  • B、HTTP traffic is denied.
  • C、FTP traffic is permitted.
  • D、SMTP traffic is permitted.

参考答案

更多 “ Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.” 相关考题
考题 Click the Exhibit button.A network administrator receives complaints that the application voicecube is timing out after being idle for 30 minutes.Referring to the exhibit, what is a resolution?() A. [edit] user@host# set applications application voicecube inactivity-timeout neverB. [edit] user@host# set applications application voicecube inactivity-timeout 2C. [edit] user@host# set applications application voicecube destination-port 5060D. [edit] user@host# set security policies from-zone trust to-zone trust policy intrazone then timeout never
查看答案
考题 Click the Exhibit button.Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? ()(Choose two.)A. DNS traffic is denied.B. HTTP traffic is denied.C. FTP traffic is permitted.D. SMTP traffic is permitted.
查看答案
考题 Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
查看答案
考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
考题 At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.) A. [edit security idp]B. [edit security zones security-zone trust interfaces ge-0/0/0.0]C. [edit security zones security-zone trust]D. [edit security screen]
查看答案
考题 You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A. [edit security policies from-zone HR to-zone HR]B. [edit security zones functional-zone management protocols]C. [edit security zones protocol-zone HR host-inbound-traffic]D. [edit security zones security-zone HR host-inbound-traffic protocols]
查看答案
考题 Click the Exhibit button.host_a is in subnet_a and host_b is in subnet_b.Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?() A. DNS traffic is denied.B. Telnet traffic is denied.C. SMTP traffic is denied.D. Ping traffic is permitted.
查看答案
考题 Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?() A. The untrust zone does not have a management policy configured.B. The trust zone does not have ping enabled as host-inbound-traffic service.C. The security policy from the trust zone to the untrust zone does not permit ping.D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
查看答案
考题 Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
查看答案
考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
考题 You need to determine where the trust boundaries will be in a new Company VOIP design.  Which  two statements are true about these trust boundaries?()A、Trust boundaries are configured in the core of the network to provide the most efficient  forwarding based upon QoS markings,B、Setting trust boundaries at the edge of the network allows intermediate hop devices to  administer QoS policies without detailed packet identification.C、Trust boundaries are used to determine which QoS mechanism will be applied to the traffic.  D、At the trust boundaries, the untrusted traffic will be marked with a new QoS value appropriate  for the policy in place at the point where the traffic entered the campus network.  E、Trust boundaries define the firewall rules for QoS admission into a network.
查看答案
考题 You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A、[edit security policies from-zone HR to-zone HR]B、[edit security zones functional-zone management protocols]C、[edit security zones protocol-zone HR host-inbound-traffic]D、[edit security zones security-zone HR host-inbound-traffic protocols]
查看答案
考题 Which configuration shows the correct application of a security policy scheduler?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
查看答案
考题 Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
查看答案
考题 Which two statements are true for a security policy? ()(Choose two.)A、It controls inter-zone traffic.B、It controls intra-zone traffic.C、It is named with a system-defined name.D、It controls traffic destined to the device's ingress interface.
查看答案
考题 At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A、[edit security idp]B、[edit security zones security-zone trust interfaces ge-0/0/0.0]C、[edit security zones security-zone trust]D、[edit security screen]
查看答案
考题 Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
查看答案
考题 Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted
查看答案
考题 You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamB、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamC、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyD、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
查看答案
考题 多选题Click the Exhibit button. host_a is in subnet_a and host_b is in subnet_b. Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?()ADNS traffic is denied.BTelnet traffic is denied.CSMTP traffic is denied.DPing traffic is permitted.
查看答案
考题 单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
考题 多选题Which two statements are true for a security policy? ()(Choose two.)AIt controls inter-zone traffic.BIt controls intra-zone traffic.CIt is named with a system-defined name.DIt controls traffic destined to the device's ingress interface.
查看答案
考题 单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
查看答案
考题 多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
查看答案
考题 单选题In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()A The existing FTP and BGP sessions will continue.B The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.C The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.D The existing FTP sessions will continue and only the existing BGP sessions will be dropped.
查看答案
考题 多选题You need to determine where the trust boundaries will be in a new Company VOIP design.  Which  two statements are true about these trust boundaries?()ATrust boundaries are configured in the core of the network to provide the most efficient  forwarding based upon QoS markings,BSetting trust boundaries at the edge of the network allows intermediate hop devices to  administer QoS policies without detailed packet identification.CTrust boundaries are used to determine which QoS mechanism will be applied to the traffic.DAt the trust boundaries, the untrusted traffic will be marked with a new QoS value appropriate  for the policy in place at the point where the traffic entered the campus network.ETrust boundaries define the firewall rules for QoS admission into a network.
查看答案
考题 多选题Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)ATraffic is permitted from the trust zone to the untrust zone.BIntrazone traffic in the trust zone is permitted.CAll traffic through the device is denied.DThe policy is matched only when no other matching policies are found.
查看答案
热门标签
最新试卷