单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? （）A Specify the IP address (172.19.1.1/32) as the destination address in the policy.B Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

考题 You are having problems with connections from a specific host (192.168.1.15) not closing down correctly.You want to find the state of the threads from that host check for long-running queries. Which statement will accomplish this?（）A.AB.BC.CD.D

查看答案

考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?（）A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

查看答案

考题 You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?（）A. You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B. No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C. You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D. You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

查看答案

考题 You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?（）A. Enhanced Endpoint SecurityB. DP signaturesC. Antivirus licensingD. Endpoint Security Assessment Plug-in

查看答案

考题 You‘re the systems administrator at Testing, and you create the following access control lists.You then enter the command ip access-group 101 in to apply access control list 101 to router TK1s e0 interface.Which of the following Telnet sessions will be blocked as a result of your access lists?（）A. Telnet sessions from host A to host 5.1.1.10B. Telnet sessions from host A to host 5.1.3.10C. Telnet sessions from host B to host 5.1.2.10D. Telnet sessions from host B to host 5.1.3.8E. Telnet sessions from host C to host 5.1.3.10F. Telnet sessions from host F to host 5.1.1.10

查看答案

考题 How will the above access lists affect traffic?() A.FTP traffic from 192.169.1.22 will be deniedB.No traffic, except for FTP traffic will be allowed to exit E0C.FTP traffic from 192.169.1.9 to any host will be deniedD.All traffic exiting E0 will be deniedE.All FTP traffic to network 192.169.1.9/29 will be denied

查看答案

考题 I don't want you to make any trouble,（）, I urge you to solve the problem.A、thusB、consequentlyC、on the contraryD、just as

查看答案

考题 You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? （）A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

查看答案

考题 Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.

查看答案

考题 You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）A、The intranet-auth authentication optionB、The redirect-portal application serviceC、The uac-policy application serviceD、The ipsec-vpn tunnel

查看答案

考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

查看答案

考题 The following access list was applied outbound on he E0 interface connected to the 192.168.1.8/29 LAN: access-list 123 deny tcp 192.168.1.8 0.0.0.7 eq 20 any access-list 123 deny tcp 192.168.1.9 0.0.0.7 eq 21 any What effect will this access list have?（）A、All traffic will be allowed to exit E0 except FTP traffic.B、FTP traffic from 192.168.1.22 to any host will be denied.C、FTP traffic from 192.168.1.9 to any host will be denied.D、All traffic exiting E0 will be denied.E、All FTP traffic to network 192.168.1.8/29 from any host will be denied.

查看答案

考题 How will the above access lists affect traffic?（）A、FTP traffic from 192.169.1.22 will be deniedB、No traffic, except for FTP traffic will be allowed to exit E0C、FTP traffic from 192.169.1.9 to any host will be deniedD、All traffic exiting E0 will be deniedE、All FTP traffic to network 192.169.1.9/29 will be denied

查看答案

考题 Given the configuration shown in the exhibit， which statement is true about traffic from host_ato host_b？（） [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a； destination-address host_b； application [ junos-telnet junos-ping ]； } then { reject； } } policy one { match { source-address host_a； destination-address subnet_b； application any； } then { permit； } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted

查看答案

考题 In your Certkiller .com production database， you find that the database users are able to create and read files with unstructured data， available in any location on the host machine from an application. You want to restrict the database users to access files in a specific location on the host machine. What could do to achieve this？（）A、Modify the value for the UTL_FILE_DIR parameter in the parameter fileB、Grant read and write privilege on the operating system path to the database usersC、Modify the value for the LDAP_DIRECTORY_ACCESS parameter in the parameter fileD、Modify the value for the PLSQL_NATIVE_LIBRARY_DIR parameter in the parameter fileE、Create a directory object referring to the operating system path， and grant read and write privilege on the directory object to the database users

查看答案

考题 You need to design a method to ensure that only scripts that are approved by the IT department can run on company computers. Your solution must meet business requirements. What should you do？（）A、Create a new software restriction policy in the Default Domain Policy GPO that removes the Microsoft Visual Basic Scripting Edition and the Windows Script Component file types from the File Types listB、Create a new software restriction policy in the Default Domain Policy GPO that disables the use of Wscript.exe and Cscript.exeC、Configure Windows Script Host to not execute Windows Script Component file typesD、Configure Windows Script Host to execute only scripts that are signed by a certificate issued by an approved certification authority （CA）

查看答案

考题 You administer a Windows 2000 Professional computer that is shared by multiple users. You receive a phone call from one of the users of the shared computer that tells you that the computer is reporting a kernel stop error. You notice that a user has tried to install video drivers that have caused the computer to become unstable. You want to ensure that users can install only the drivers that are approved by the manufacturer. What should you do? （）A、Configure File signature verification to block driver installation， and set driver signing as a system default.B、Remove all users from the Power User group.C、Create a Local Computer Policy to prevent users from installing drivers.D、Create a Local Computer Policy to enable Windows File Protection.

查看答案

考题多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.

查看答案

考题单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }A set policy tunnel-traffic then tunnel remote-vpnB set policy tunnel-traffic then permit tunnel remote-vpnC set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

查看答案

考题单选题On your newly installed router, you apply the access list illustrated below to interface Ethernet 0 on a Cisco router. The interface is connected to the 192.168.1.8/29 LAN. access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 20 any access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 21 any How will the above access lists affect traffic?（）A All traffic will be allowed to exit E0 except FTP traffic.B FTP traffic from 192.168.166.19 to any host will be denied.C FTP traffic from 192.168.166.22 to any host will be denied.D All traffic exiting E0 will be denied.E All FTP traffic to network 192.168.166.18/29 from any host will be denied.

查看答案

考题单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }A set policy tunnel-traffic then tunnel remote-vpnB set policy tunnel-traffic then permit tunnel remote-vpnC set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

查看答案

考题单选题I don't want you to make any trouble,（）, I urge you to solve the problem.A thusB consequentlyC on the contraryD just as

查看答案

考题多选题You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?（）ASelect Require and Enforce for the Host Checker Policy in the realm authentication policy.BSelect Evaluate Policies for the Host Checker policy in the realm authentication policy.CConfigure the Host Checker policy as a role restriction for the Employee role.DConfigure the Host Checker policy as a resource access policy for the Employee role.

查看答案

考题单选题You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）A The intranet-auth authentication optionB The redirect-portal application serviceC The uac-policy application serviceD The ipsec-vpn tunnel

查看答案

考题单选题You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?（）A Enhanced Endpoint SecurityB DP signaturesC Antivirus licensingD Endpoint Security Assessment Plug-in

查看答案

考题单选题You are the network administrator at TestKing. You apply the following access list on the E0 outbound interface connected to the 192.168.1.8/29 LAN: access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 20 any access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 21 any What will the effect of this access list be?（）A All traffic will be allowed to out of E0 except FTP traffic.B FTP traffic from 192.168.1.22 to any host will be blocked.C FTP traffic from 192.168.1.9 to any host will be blocked.D All traffic will be prevented from leaving E0.E All FTP traffic to network 192.168.1.9/29 from any host will be blocked.

查看答案

考题单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com（172.19.1.1） in the Untrust zone. How do you create this policy？（）A Specify the IP address （172.19.1.1/32） as the destination address in the policy.B Specify the DNS entry （hostb.example.com.） as the destination address in the policy.C Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

查看答案

考题单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?（）A You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

查看答案

网友您好， 请在下方输入框内输入要搜索的题目：

网友您好，请在下方输入框内输入要搜索的题目：