How many IDP policies can be active at one time on an SRX Series device by means of the set security idp active-policy configuration statemen?()
A.1
B.2
C.4
D.8
A.1
B.2
C.4
D.8
第1题
A. A client group is a list of clients associated with a group.
B. A client group is a list of groups associated with a client.
C. Client groups are referenced in security policy in the same manner in which individual clients are referenced.
D. Client groups are used to simplify configuration by enabling firewall user authentication without security policy.
第2题
cy?()[editschedulers]user@hostshowschedulernow{mondayall-day;tuesdayexclude;wednesday{start-time07:00:00stop-time18:00:00;}thursday{start-time07:00:00stop-time18:00:00;}}[editsecuritypoliciesfrom-zonePrivateto-zoneExternal]user@hostshowpolicyallowTransit{match{source-addressPrivateHosts;destination-addressExtServers;applicationExtApps;}then{permit{tunnel{ipsec-vpnmyTunnel;}}}scheduler-namenow;}
A.ThetrafficispermittedthroughthemyTunnelIPsectunnelonlyonTuesdays.
B.ThetrafficispermittedthroughthemyTunnelIPsectunneldaily,withtheexceptionofMondays.
C.ThetrafficispermittedthroughthemyTunnelIPsectunnelalldayonMondaysandWednesdays between7:00amand6:00pm,andThursdaysbetween7:00amand6:00pm.
D.ThetrafficispermittedthroughthemyTunnelIPsectunnelalldayonMondaysandWednesdays between6:01pmand6:59am,andThursdaysbetween6:01pmand6:59am
第3题
rivate zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()
A. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
B. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
C. [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
D. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
第4题
icate to a Web page on the SRX device for additional authentication.Which type of user authentication is configured?()
A. pass-through
B. WebAuth
C. WebAuth with Web redirect
D. pass-through with Web redirect
第5题
u want to use Host Checker to require that endpoints are running the custom software image.Which two Host Checker policy rules would be used to enforce this requirement?()
A. Isolate a file name unique to the custom image and create a custom rule-type of "File" which matches on the file. Select the "Required" option under the custom rule.
B. Identify the MAC address unique to network cards installed in PCs with the custom image and create a custom rule-type of "MAC Address" which matches on the appropriate MAC address.
Select the "Required" option under the custom rule C. Identify the IP address unique to the network cards installed in PCs with the custom image and create a custom rule-type of "IP Address" which matches on the appropriate IP address. Select the "Required" option under the custom rule.
D. Isolate or create a unique Windows registry key for the custom image and create a custom rule- type of "Registry Setting" which matches on the name of the registry key.
第6题
nePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;Whatwillhappentothenewsessionsmatchingthepolicyandin-progresssessionsthathadalreadymatchedthepolicy?()
A.Newsessionswillbeevaluated.In-progresssessionswillbere-evaluated.
B.Newsessionswillbeevaluated.Allin-progresssessionswillcontinue.
C.Newsessionswillbeevaluated.Allin-progresssessionswillbedropped.
D.Newsessionswillhaltuntilallin-progresssessionsarere-evaluated.In-progresssessionswillbere-evaluatedandpossiblydropped.
第7题
A. 30 seconds
B. 1 minute
C. 5 minutes
D. 30 minutes
第8题
added to the Active Directory and placed into the Domain Users group and the SW_DEV group. The Domain Users group has access to the company‘s intranet website and time card system. The SW_DEV group has access to the source code library server. You have created roles that correspond to each Active Directory group. The user calls the help desk stating that they cannot access the source code library server.Which two troubleshooting tools would you use on the Junos Pulse Access Control Service to resolve the issue?()
A. Perform a policy trace for the specific user and review the output to isolate the problem.
B. Review the Events log.
C. Review the Admin Access log to verify that the user has the correct permissions to access the SVVJDEV resource.
D. Review the User Access log to verify that the user is getting mapped to both the Domain User role and the SW_DEV role.
第9题
A. In the DH key exchange process, the session key is never passed across the network.
B. In the DH key exchange process, the public and private keys are mathematically related using the DH algorithm.
C. In the DH key exchange process, the session key is passed across the network to the peer for confirmation.
D. In the DH key exchange process, the public and private keys are not mathematically related, ensuring higher security
第10题
ilding of your campus has been configured for a different VLAN. During implementation of the Junos Pulse Access Control Service, you must configure a RADIUS return attribute policy to apply a role representing a group of authenticated users that frequently transport their laptops from building to building and floor to floor.In the admin GUI, which policy element would you enable to accommodate these users?()
A. Add Session-Timeout attribute with value equal to the session lifetime
B. Add Termination-Action attribute with value equal 1
C. VLAN
D. Open port
为了保护您的账号安全,请在“上学吧”公众号进行验证,点击“官网服务”-“账号验证”后输入验证码“”完成验证,验证成功后方可继续查看答案!