站内搜索
JN0-331 问题列表
问题
单选题Which statement is true about source NAT?()A
Source NAT works only with source pools.B
Destination NAT is required to translate the reply traffic.C
Source NAT does not require a security policy to function.D
The egress interface IP address can be used for source NAT
问题
多选题Which two firewall user authentication objects can be referenced in a security policy?()Aaccess profileBclient groupCclientDdefault profile
问题
多选题Which two statements about the use of SCREEN options are correct?()ASCREEN options are deployed at the ingress and egress sides of a packet flow.BAlthough SCREEN options are very useful, their use can result in more session creation.CSCREEN options offer protection against various attacks at the ingress zone of a packet flow.DSCREEN options examine traffic prior to policy processing, thereby resulting in fewer resouces used formalicious packet processing.
问题
单选题A route-based VPN is required for which scenario?()A
when the remote VPN peer is behind a NAT deviceB
when multiple networks need to be reached across the tunnel and GRE cannot be usedC
when the remote VPN peer is a dialup or remote access clientD
when a dynamic routing protocol is required across the VPN and GRE cannot be used
问题
单选题You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()A
Telnet is not being permitted by self policy.B
Telnet is not being permitted by security policy.C
Telnet is not allowed because it is not considered secure.D
Telnet is not enabled as a host-inbound service on the zone
问题
单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connectionto Host B. These connections are the only communication between Host A and Host B. Thesecurity policy configuration permits both connections.How many flows exist between Host A and Host B?()A
1B
2C
3D
4
问题
多选题Which two commands can be used to monitor firewall user authentication?()Ashow access firewall-authenticationBshow security firewall-authentication usersCshow security audit logDshow security firewall-authentication history
问题
多选题You have been tasked with performing an update to the IDP attack database. Which three requirements areincluded as part of this task?()AThe IDP security package must be installed after it is downloaded.BThe device must be rebooted to complete the update.CThe device must be connected to a network.DAn IDP license must be installed on your device.EYou must be logged in as the root user
问题
单选题A policy-based IPsec VPN is ideal for which scenario?()A
when you want to conserve tunnel resourcesB
when the remote peer is a dialup or remote access clientC
when you want to configure a tunnel policy with an action of denyD
when a dynamic routing protocol such as OSPF must be sent across the VPN
问题
单选题Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }A
static destination NATB
static source NATC
pool-based destination NAT without PATD
pool-based destination NAT with PAT
问题
多选题Which two statements are true regarding redundancy groups?()AWhen priority settings are equal and the members participating in a cluster are initialized at the same time, the primary role for redundancy group 0 is assigned to node 0.BThe preempt option determines the primary and secondary roles for redundancy group 0 during a failure and recovery scenario.CRedundancy group 0 manages the control plane failover between the nodes of a cluster.DThe primary role can be shared for redundancy group 0 when the active-active option is enabled
问题
多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
问题
单选题[edit groups] user@host# show node0 { system { host-name NODE0; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.1/24; } } } } } node1 { system { host-name NODE1; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.2/24; } } } } } In the exhibit, what is the function of the configuration statements?()A
This section is where you define all chassis clustering configuration.B
This configuration is required for members of a chassis cluster to talk to each other.C
You can apply this configuration in the chassis cluster to make configuration easier.D
This section is where unique node configuration is applied.
问题
单选题Where do you configure SCREEN options?()A
zones on which an attack might arriveB
zones you want to protect from attackC
interfaces on which an attack might arriveD
interfaces you want to protect from attack
问题
多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone