单选题You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）A The intranet-auth authentication optionB The redirect-portal application serviceC The uac-policy application serviceD The ipsec-vpn tunnel

考题 Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）A. Source IP and browserB. Source IP and certificateC. Certificate and Host CheckerD. Host Checker and source IP

查看答案

考题 In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?() A. to specify the destination addresses to which access is permittedB. to specify the source address permitted to access the resourceC. to specify the services to which access is permittedD. to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

查看答案

考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?（）A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

查看答案

考题 You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service.What must you add to complete the security policy configuration?（）A. The intranet-auth authentication optionB. The redirect-portal application serviceC. The uac-policy application serviceD. The ipsec-vpn tunnel

查看答案

考题 After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?（）A. The Junos OS drops any flow that does not match the source address or destination address.B. All traffic is dropped.C. All existing sessions continue.D. The Junos OS does a policy re-evaluation.

查看答案

考题 After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?（）A、The Junos OS drops any flow that does not match the source address or destination address.B、All traffic is dropped.C、All existing sessions continue.D、The Junos OS does a policy re-evaluation.

查看答案

考题 Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.

查看答案

考题 Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

查看答案

考题 You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）A、The intranet-auth authentication optionB、The redirect-portal application serviceC、The uac-policy application serviceD、The ipsec-vpn tunnel

查看答案

考题 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

查看答案

考题 You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?（）A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy

查看答案

考题 In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?（）A、to specify the destination addresses to which access is permittedB、to specify the source address permitted to access the resourceC、to specify the services to which access is permittedD、to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

查看答案

考题 Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）A、Source IP and browserB、Source IP and certificateC、Certificate and Host CheckerD、Host Checker and source IP

查看答案

考题 You want to create a security policy on an SRX240 that redirects unauthenticated users back to the Junos Pulse Access Control Service.Which two steps must you take to accomplish this task?（）A、Configure a captive-portal service that redirects all traffic back to the Junos Pulse Access Control Service.B、Configure a security policy that references the unified-access-control captive-portal service.C、Configure a captive-portal service that redirects unauthenticated traffic back to the Junos Pulse Access Control Service.D、Configure a security policy that references the unified-access-control intranet-controller service.

查看答案

考题 You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）A、CLIB、WebUIC、NSMD、Junos Pulse Access Control Service

查看答案

考题 You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?（）A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.

查看答案

考题 Given the configuration shown in the exhibit， which statement is true about traffic from host_ato host_b？（） [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a； destination-address host_b； application [ junos-telnet junos-ping ]； } then { reject； } } policy one { match { source-address host_a； destination-address subnet_b； application any； } then { permit； } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted

查看答案

考题单选题You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）A The intranet-auth authentication optionB The redirect-portal application serviceC The uac-policy application serviceD The ipsec-vpn tunnel

查看答案

考题单选题Given the configuration shown in the exhibit， which statement is true about traffic from host_ato host_b？（） [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a； destination-address host_b； application [ junos-telnet junos-ping ]； } then { reject； } } policy one { match { source-address host_a； destination-address subnet_b； application any； } then { permit； } } host_a is in subnet_a and host_b is in subnet_b.A DNS traffic is denied.B Telnet traffic is denied.C SMTP traffic is denied.D Ping traffic is permitted

查看答案

考题多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.

查看答案

考题单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）A from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

查看答案

考题单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }A set policy tunnel-traffic then tunnel remote-vpnB set policy tunnel-traffic then permit tunnel remote-vpnC set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

查看答案

考题单选题You have a Windows 7 computer that is a member of a workgroup. You need to prevent members of a localgroup from starting a specific application. You must achieve this goal by using the minimum amount ofadministrative effort. What should you create?（）A administrative template.B application control policy.C IPSec policy.D software restriction policy.

查看答案

考题单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }A set policy tunnel-traffic then tunnel remote-vpnB set policy tunnel-traffic then permit tunnel remote-vpnC set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

查看答案

考题单选题After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?（）A The Junos OS drops any flow that does not match the source address or destination address.B All traffic is dropped.C All existing sessions continue.D The Junos OS does a policy re-evaluation.

查看答案

考题单选题Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）A Source IP and browserB Source IP and certificateC Certificate and Host CheckerD Host Checker and source IP

查看答案

考题单选题In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?（）A to specify the destination addresses to which access is permittedB to specify the source address permitted to access the resourceC to specify the services to which access is permittedD to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

查看答案

网友您好， 请在下方输入框内输入要搜索的题目：

网友您好，请在下方输入框内输入要搜索的题目：