多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
Saturday, February 10, 2024
多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options...
Sunday, March 17, 2024
多选题Which two commands can be used to monitor firewall user authentication?()Ashow access firewall-authenticationBshow security firewall-authentication usersCshow security audit logDshow security firewall-authentication history...
Monday, August 7, 2023
单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
Monday, January 15, 2024
单选题Which statement regarding the implementation of an IDP policy template is true?()A IDP policy templates are automatically installed as the active IDP policy.B IDP policy templates are enabled using a commit script.C IDP policy templates can be download...
单选题Which statement describes the behavior of a security policy?()A The implicit default security policy permits all traffic.B Traffic destined to the device itself always requires a security policy.C Traffic destined to the device’s incoming interface doe...
Saturday, August 12, 2023
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny act...
Tuesday, March 12, 2024
单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vL...
Tuesday, August 22, 2023
多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
Sunday, January 14, 2024
多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.B...
多选题Which two statements are true regarding proxy ARP?()AProxy ARP is enabled by default.BProxy ARP is not enabled by default.CJUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.DJUNOS security devices can reply to...
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication...
Tuesday, October 10, 2023
多选题Which two statements about the Diffie-Hellman (DH) key exchange process are correct?()AIn the DH key exchange process, the session key is never passed across the network.BIn the DH key exchange process, the public and private keys are mathematically re...
单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode...
单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...
多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address...
Saturday, February 25, 2023
单选题Which type of zone is used by traffic transiting the device?()A transit zoneB default zoneC security zoneD functional zone...
单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep...