Traffic is permitted from the trust zone to the untrust zone.
Intrazone traffic in the trust zone is permitted.
All traffic through the device is denied.
The policy is matched only when no other matching policies are found.
第1题:
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
A. [edit security policies from-zone HR to-zone HR]
B. [edit security zones functional-zone management protocols]
C. [edit security zones protocol-zone HR host-inbound-traffic]
D. [edit security zones security-zone HR host-inbound-traffic protocols]
第2题:
A. The untrust zone does not have a management policy configured.
B. The trust zone does not have ping enabled as host-inbound-traffic service.
C. The security policy from the trust zone to the untrust zone does not permit ping.
D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第3题:
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
第4题:
You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
第5题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
第6题:
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)
第7题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
第8题:
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.
第9题:
DNS traffic is denied.
HTTP traffic is denied.
FTP traffic is permitted.
SMTP traffic is permitted.
第10题:
It controls inter-zone traffic.
It controls intra-zone traffic.
It is named with a system-defined name.
It controls traffic destined to the device's ingress interface.
第11题:
[edit security idp]
[edit security zones security-zone trust interfaces ge-0/0/0.0]
[edit security zones security-zone trust]
[edit security screen]
第12题:
Traffic is permitted from the trust zone to the untrust zone.
Intrazone traffic in the trust zone is permitted.
All traffic through the device is denied.
The policy is matched only when no other matching policies are found.
第13题:
A. from a zone to the router itself
B. from a zone to the same zone
C. from a zone to a different zone
D. from one interface to another interface
第14题:
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
第15题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
第16题:
Which configuration shows the correct application of a security policy scheduler?()
第17题:
Which two statements are true for a security policy? ()(Choose two.)
第18题:
Users can define policy to control traffic flow between which two components? ()(Choose two.)
第19题:
Regarding zone types, which statement is true?()
第20题:
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
第21题:
from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第22题:
set policy tunnel-traffic then tunnel remote-vpn
set policy tunnel-traffic then permit tunnel remote-vpn
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
第23题:
You cannot assign an interface to a functional zone.
You can specifiy a functional zone in a security policy.
Security zones must have a scheduler applied.
You can use a security zone for traffic destined for the device itself.
第24题:
DNS traffic is denied.
HTTP traffic is denied.
FTP traffic is permitted.
SMTP traffic is permitted.