站内搜索
JN0-331 问题列表
问题
单选题In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()A
The existing FTP and BGP sessions will continue.B
The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.C
The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.D
The existing FTP sessions will continue and only the existing BGP sessions will be dropped.
问题
多选题Which two statements regarding firewall user authentication client groups are true?()AIndividual clients are configured under client groups in the configuration hierarchy.BClient groups are configured under individual clients in the configuration hierarchy.CClient groups are referenced in security policy in the same manner in which individual clients are referenced.DClient groups are used to simplify configuration by enabling firewall user authentication without security policy.
问题
单选题Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;A
The policy will always permit transit packets and use the IPsec VPN myTunnel.B
The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.C
The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.D
The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
问题
单选题What is the functionality of redundant interfaces (reth) in a chassis cluster?()A
reth interfaces are used only for VRRP.B
reth interfaces are the same as physical interfaces.C
reth interfaces are pseudo-interfaces that are considered the parent interface for two physical interfaces.D
Each cluster member has a reth interface that can be used to share session state information with the other cluster members.
问题
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A
AB
BC
CD
D
问题
单选题A traditional router is better suited than a firewall device for which function?()A
VPN establishmentB
packet-based forwardingC
stateful packet processingD
Network Address Translation
问题
多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
问题
单选题Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.A
DNS traffic is denied.B
Telnet traffic is denied.C
SMTP traffic is denied.D
Ping traffic is permitted
问题
多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks
问题
多选题What are two components of the JUNOS Software architecture?()ALinux kernelBrouting protocol daemonCsession-based forwarding moduleDseparate routing and security planes
问题
多选题Which two traffic types trigger pass-through firewall user authentication?()ASSHBTelnetCICMPDOSPFEHTTP
问题
多选题Which three advanced permit actions within security policies are valid?()AMark permitted traffic for firewall user authentication.BMark permitted traffic for SCREEN options.CAssociate permitted traffic with an IPsec tunnel.DAssociate permitted traffic with a NAT rule.EMark permitted traffic for IDP processing.
问题
多选题Which two statements are true regarding proxy ARP?()AProxy ARP is enabled by default.BProxy ARP is not enabled by default.CJUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.DJUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled