网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
单选题
Which statement describes the behavior of a security policy?()
A
The implicit default security policy permits all traffic.
B
Traffic destined to the device itself always requires a security policy.
C
Traffic destined to the device’s incoming interface does not require a security policy.
D
The factory-default configuration permits all traffic from all interfaces.
参考答案
参考解析
解析:
暂无解析
更多 “单选题Which statement describes the behavior of a security policy?()A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface does not require a security policy.D The factory-default configuration permits all traffic from all interfaces.” 相关考题
考题
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
考题
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A. [edit security policies from-zone HR to-zone HR]B. [edit security zones functional-zone management protocols]C. [edit security zones protocol-zone HR host-inbound-traffic]D. [edit security zones security-zone HR host-inbound-traffic protocols]
考题
Which statement about IDS/IPS design is correct?()A、An IPS should be deployed if the security policy does not support the denial of traffic.B、An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.C、An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.D、Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.
考题
What is a Host Enforcer policy?()A、A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.B、A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.C、A policy that is sent to the protected resource that permits or denies inbound or outbound traffic.D、A policy that is defined on the protected resource that permits or denies inbound or outbound traffic.
考题
Which type of zone is used by traffic transiting the device?()A、transit zoneB、default zoneC、security zoneD、functional zone
考题
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A、[edit security policies from-zone HR to-zone HR]B、[edit security zones functional-zone management protocols]C、[edit security zones protocol-zone HR host-inbound-traffic]D、[edit security zones security-zone HR host-inbound-traffic protocols]
考题
Which statement describes the behavior of a security policy?()A、The implicit default security policy permits all traffic.B、Traffic destined to the device itself always requires a security policy.C、Traffic destined to the device’s incoming interface does not require a security policy.D、The factory-default configuration permits all traffic from all interfaces.
考题
You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A、[edit security policies from-zone HR to-zone HR]B、[edit security zones functional-zone management protocols]C、[edit security zones protocol-zone HR host-inbound-traffic]D、[edit security zones security-zone HR host-inbound-traffic protocols]
考题
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
考题
Which two statements describe the purpose of a security policy?()A、It enables traffic counting and logging.B、It enforces a set of rules for transit traffic.C、It controls host inbound services on a zone.D、It controls administrator rights to access the device.
考题
Which two statements are true for a security policy? ()(Choose two.)A、It controls inter-zone traffic.B、It controls intra-zone traffic.C、It is named with a system-defined name.D、It controls traffic destined to the device's ingress interface.
考题
Which two statements are true regarding IDP?()A、IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.B、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.C、IDP inspects traffic up to the Presentation layer.D、IDP inspects traffic up to the Application layer.
考题
You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()A、Telnet is not being permitted by self policy.B、Telnet is not being permitted by security policy.C、Telnet is not allowed because it is not considered secure.D、Telnet is not enabled as a host-inbound service on the zone
考题
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
考题
Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
考题
You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A、 Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B、 Configure the network adapter on the test network to disable IEEE 802.1x authentication.C、 Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D、 Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E、 Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
考题
多选题Which two statements are true for a security policy? ()(Choose two.)AIt controls inter-zone traffic.BIt controls intra-zone traffic.CIt is named with a system-defined name.DIt controls traffic destined to the device's ingress interface.
考题
单选题Which statement is true about source NAT?()A
Source NAT works only with source pools.B
Destination NAT is required to translate the reply traffic.C
Source NAT does not require a security policy to function.D
The egress interface IP address can be used for source NAT
考题
单选题You are a security administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All servers run Windows Server 2003. All computers on the network are members of the domain. Traffic on the network is encrypted by IPSec. The domain contains a custom IPSec policy named Lan Security that applies to all computers in the domain. The Lan Security policy does not allow unsecured communication with non-lPSec-aware computers. The company’s written security policy states that the configuration of the domain and the configuration of the Lan Security policy must not be changed. The domain contains a multihomed server named Server1. Server1 isconnected to the company network, and Server1 is also connected to a test network. Currently, the Lan Security IPSec policy applies to network traffic on both network adapters in Server1. You need to configure Server1 so that it communicates on the test network without IPSec security. Server1 must still use the Lan Security policy when it communicates on the company network. How should you configure Server1?()A
Configure a packet filter for the network adapter on the test network to block the Internet Key Exchange (IKE) port.B
Configure the network adapter on the test network to disable IEEE 802.1x authentication.C
Configure the network adapter on the test network to enable TCP/IP filtering, and then permit all traffic.D
Use the netsh command to assign a persistent IPSec policy that permits all traffic on the network adapter on the test.E
Assign an IPSec policy in the local computer policy that permits all traffic on the network adapter on the test.
考题
多选题Which two statements are true regarding IDP?()AIDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.BIDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.CIDP inspects traffic up to the Presentation layer.DIDP inspects traffic up to the Application layer.
考题
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A
[edit security policies from-zone HR to-zone HR]B
[edit security zones functional-zone management protocols]C
[edit security zones protocol-zone HR host-inbound-traffic]D
[edit security zones security-zone HR host-inbound-traffic protocols]
考题
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A
You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B
No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C
You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D
You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
考题
多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
考题
单选题Regarding zone types, which statement is true?()A
You cannot assign an interface to a functional zone.B
You can specifiy a functional zone in a security policy.C
Security zones must have a scheduler applied.D
You can use a security zone for traffic destined for the device itself.
考题
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A
[edit security policies from-zone HR to-zone HR]B
[edit security zones functional-zone management protocols]C
[edit security zones protocol-zone HR host-inbound-traffic]D
[edit security zones security-zone HR host-inbound-traffic protocols]
考题
单选题Which statement about IDS/IPS design is correct?()A
An IPS should be deployed if the security policy does not support the denial of traffic.B
An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.C
An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.D
Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.
考题
多选题Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)ATraffic is permitted from the trust zone to the untrust zone.BIntrazone traffic in the trust zone is permitted.CAll traffic through the device is denied.DThe policy is matched only when no other matching policies are found.
热门标签
最新试卷
