Juniper JNCIA jn0-540 认证考题

1.What are two differences between Action and IP Action? (Choose two.)

 

A:Action responds to matching traffic by dropping, or closing current attacking packets or connection.

B:IP Action responds to matching traffic by dropping, or closing current attacking packets or connection.

C:Action responds to future traffic based on a previous match by blocking or dropping future connections.

D:IP Action responds to future traffic based on a previous match by blocking or closing future connections.

 

2.How can you see a "view all ESP events" for Violation Objects?

 

A: Violation Objects are not used in ESP.

B: You select the Violation view in the Profiler.

C: You select Violation Objects in the Log Viewer screen.

D: You must define a custom filter to view only Violation Objects.

 

3.What two statements are true about the Attack Object update process? (Choose two.)

 

A:The administrator is given the choice of which Dynamic Groups to update.

B:A list of new, updated and removed attacks objects are displayed to the administrator.

C:Attacks objects are downloaded from the Juniper site over TCP/443 (SSL) from the IDP User Interface.

D:The Attack Update must be manually downloaded by the administrator from the Juniper site and installed on each IDP S ensor.

 

4.How do Ignore and None actions in the Main Rulebase differ?

 

A: None actions cause IDP NOT to perform any Attack Matching on this rule.

B: Ignore actions cause IDP NOT to perform any Attack Matching on this rule.

C: Ignore actions cause IDP to ignore and subsequently drop all traffic matching this rule.

D: Ignore action will cause IDP to disregard further attack matching when an attack object is matched.

 

5.What three statements about logging are true? (Choose three.)

 

A:Log messages are forwarded from IDP Sensor to IDP Management Server in real time.

B:If the communication between the IDP Sensor and IDP Management Server is down, the IDP S ensor will cache logs locally.

C:When the communication is restored between the IDP Sensor and IDP Management Server, the administrator must manually download the logs.

D:When the communication is restored between the IDP Sensor and IDP Management Server, the IDP Sensor automatically reports any cached log messages to the Management Server.

 

6.You implement all HTTP Signatures for your Web Server and notice an alert is generated each time a web user accesses the SQL database with the default passwords. Your webmaster does not want to reprogram the page to use valid SQL passwords. How do you disable alerting on this False Positive?

 

A: create an Exempt rule for any traffic destined to your Web Server, include all HTTP:LOW level attacks

B: create an Exempt rule for any traffic destined to your Web Server, include all HTTP:LOW level attacks; make this a Terminal rule

C: create an Exempt rule for any traffic destined to your Web Server, include only the specific HTTP SQL default password signature

D: create an Exempt rule for any traffic generated by your Webserver, include only the specific HTTP SQL default password signature

 

7.Which three types of charts can be used in reports? (Choose three.)

 

A:pie chart

B:histogram

C:line chart

D:vertical bar chart

 

8.On which three fields can ESP filter data? (Choose three.)

 

A:Time

B:Service

C:Access Type

D:IP Address (Source IP or Destination IP)

 

9.What are two drawbacks of an IDS system blocking an IP address? (Choose two.)

 

A:works only on TCP traffic

B:might not block the attacker until the attack has already taken place

C:need to know the sequence number of the attacker's IP Header to successfully block the IP address

D:might lead to denial-of-service situation where attacker can intentionally block valid users from accessing a network

 

10.On which two operating systems can the IDP User Interface be installed? (Choose two.)

 

A:Linux

B:Solaris

C:Windows

D:any Java capable operating system