网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
Your corporate security policy requires that a user performing attacks must have limited network access and activities until an administrator can investigate.In the admin GUI, which sensor event policy action must you configure in "Configuration" >"Sensors" >"Sensor Event Policies" >[rule name] to accomplish this?()
A. Ignore
B. Replace users role
C. Terminate user session
D. Disable user account
参考答案
更多 “ Your corporate security policy requires that a user performing attacks must have limited network access and activities until an administrator can investigate.In the admin GUI, which sensor event policy action must you configure in "Configuration" >"Sensors" >"Sensor Event Policies" >[rule name] to accomplish this?()A. IgnoreB. Replace users roleC. Terminate user sessionD. Disable user account ” 相关考题
考题
9. _______you _______ stay at home today?A. Do ; have toB. Must; have toC. Have; toD. Do ; must
考题
Click the Exhibit button.Referring to the exhibit, which statement contains the correct gateway parameters?()
A. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }B. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }C. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }D. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
考题
You are required to configure a SCREEN option that enables IP source route option detection.Which twoconfigurations meet this requirement?() (Choose two.)
A. [edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }B. [edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }C. [edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }D. [edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }
考题
Which statement contains the correct parameters for a route-based IPsec VPN?()
A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
考题
Whichofthefollowinglocalfilesisusedtorunthedatecommandontheremotemachine"Earth"usingthefollowingrexeccommandwithoutrequestforapassword?rexecEarthdate()。
A.~/.rhostsB.$HOME/.netrcC./etc/hosts.equivD./etc/security/user
考题
An administrator created a .env file in a user‘s home directory to configure a number of custom environment variables for a local application. However, after the user logs out and then logs back into the system, the custom variables are not being set.What is the most likely reason that the custom .env file is being ignored?()A.A shell other than ksh is being used by the user.B.The line ‘export ENV=$HOME/.env‘ is missing from /etc/profile.C.The line ‘export ENV=$HOME/.env‘ is missing from the user‘s .profile.D.The env_profile attribute is not defined for the user within /etc/security/user.
考题
ASystempadministratorneedstosetthedefaultpasswordlengthforalluserstosixcharacters.Whichofthefollowingfilesneedstobeeditedtoaccomplishthis()
A./etc/security/limitsB./etc/security/mkuser.sysC./etc/security/privD./etc/security/user
考题
Anadministratorcreateda.envfileinauser’shomedirectorytoconfigureanumberofcustomenvironmentvariablesforalocalapplication.However,aftertheuserlogsoutandthenlogsbackintothesystem,thecustomvariablesarenotbeingsetWhatisthemostlikelyreasonthatthecustom.envfileisbeingignored?()A.Ashellotherthankshisbeingusedbytheuser.B.Theline’exportENV=$HOME/.env’ismissingfrom/etc/profile.C.Theline’exportENV=$HOME/.env’ismissingfromtheuser’s.profile.D.Theenv_profileattributeisnotdefinedfortheuserwithin/etc/security/user.
考题
某全国连锁企业的总部和分布在全国各地的30家分公司之间经常需要传输各种内部数据,因此公司决定在总部和各分公司之间建立VPN技术。具体拓扑如下:配置部分只显示了与总部与分公司1的配置。根据拓扑完成问题1-问题3。
[问题1](3分):在总部与分公司之间相连的VPN方式是(1),在IPsec工作模式中有传输模式和隧道模式,其中将源IP数据包整体封装后再进行传输的模式是(2).1备选答案:A.站点到站点 B.端到端C.端到站点[问题2](13分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。 (3)[FIREWALL1] interface(4)[FIREWALL1-GigabitEthernet1/0/2] ip address (5)[FIREWALL1-GigabitEthernet1/0/2] quit[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ip address 202.1.3.1 24[FIREWALL1-GigabitEthernet1/0/1] quit# 配置接口加入相应的安全区域。[FIREWALL1] firewall zone trust [FIREWALL1-zone-trust] add interface (6)[FIREWALL1-zone-trust] quit[FIREWALL1](7)[FIREWALL1-zone-untrust] add interface GigabitEthernet 1/0/1[FIREWALL1-zone-untrust] quit2. 配置安全策略,允许私网指定网段进行报文交互。# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1](8)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone (9)[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (10)[FIREWALL1-policy-security-rule-1] destination-address 192.168.200.0 24[FIREWALL1-policy-security-rule-1] action (11)[FIREWALL1-policy-security-rule-1] quit…..# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FIREWALL1。[FIREWALL1-policy-security] rule name 3[FIREWALL1-policy-security-rule-3] source-zone local[FIREWALL1-policy-security-rule-3] destination-zone untrust[FIREWALL1-policy-security-rule-3] source-address 202.1.3.1 32[FIREWALL1-policy-security-rule-3] destination-address 202.1.5.1 32[FIREWALL1-policy-security-rule-3] action permit[FIREWALL1-policy-security-rule-3] quit…3. 配置IPSec隧道。# 配置访问控制列表,定义需要保护的数据流。[FIREWALL1] (12)[FIREWALL1-acl-adv-3000] rule permit (13)[FIREWALL1-acl-adv-3000] quit# 配置名称为tran1的IPSec安全提议。[FIREWALL1] ipsec proposal tran1[FIREWALL1-ipsec-proposal-tran1] encapsulation-mode (14)[FIREWALL1-ipsec-proposal-tran1] transform esp[FIREWALL1-ipsec-proposal-tran1] esp authentication-algorithm sha2-256[FIREWALL1-ipsec-proposal-tran1] esp encryption-algorithm aes[FIREWALL1-ipsec-proposal-tran1] quit# 配置序号为10的IKE安全提议。[FIREWALL1] (15)[FIREWALL1-ike-proposal-10] authentication-method pre-share[FIREWALL1-ike-proposal-10] authentication-algorithm sha2-256[FIREWALL1-ike-proposal-10] quit# 配置IKE用户信息表。[FIREWALL1] ike user-table 1[FIREWALL1-ike-user-table-1] user id-type ip 202.1.5.1 pre-shared-key Admin@gkys[FIREWALL1-ike-user-table-1] quit# 配置IKE Peer。[FIREWALL1] ike peer b[FIREWALL1-ike-peer-b] ike-proposal 10[FIREWALL1-ike-peer-b] user-table 1[FIREWALL1-ike-peer-b] quit# 配置名称为map_temp序号为1的IPSec安全策略模板。[FIREWALL1] ipsec policy-template map_temp 1[FIREWALL1-ipsec-policy-template-map_temp-1] security acl 3000[FIREWALL1-ipsec-policy-template-map_temp-1] proposal tran1[FIREWALL1-ipsec-policy-template-map_temp-1] ike-peer b[FIREWALL1-ipsec-policy-template-map_temp-1] reverse-route enable[FIREWALL1-ipsec-policy-template-map_temp-1] quit# 在IPSec安全策略map1中引用安全策略模板map_temp。[FIREWALL1] ipsec policy map1 10 isakmp template map_temp# 在接口GigabitEthernet 1/0/1上应用安全策略map1。[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ipsec policy map1[FIREWALL1-GigabitEthernet1/0/1] quit [问题3]IPsec中,通过一些协议的处理,可以有效的保护分组安全传输。其中能够确保数据完整性,但是不能确保数据机密性的是(17),而技能报数数据传输的机密性又能保证数据完整性的是(18)
考题
某公司在外地新开了一家分公司,现管理员希望在总部与分公司之间通过vpn建立连接。根据拓扑图,完成下列问题。
[问题1](3分)该公司所选用的VPn技术为IPSec。它工作在TCP/IP协议栈的(1)层,能为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。其中能够确保数据完整性,但是不确保数据机密性的协议是(2),既能报数数据传输的机密性又能保证数据完整性的是协议是(3)。
[问题2](4分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。…# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1] (5)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone trust[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (6)[FIREWALL1-policy-security-rule-1] destination-address(7)[FIREWALL1-policy-security-rule-1] quit[FIREWALL1] acl 3000[FIREWALL1-acl-adv-3000] rule (8)ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[FIREWALL1-acl-adv-3000] quit…
热门标签
最新试卷
