If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will
If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will
If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based packet.
If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based of inner header, it will decrypt the packet.
第1题:
A.Rewrite Marker
B.Multifield Classifier
C.Policing
D.BA Classifier
第2题:
You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()
第3题:
Which three components can be leveraged when defining a local whitelist or blacklist for antispam on a branch SRX Series device? (Choose three.)()
第4题:
The same Web site is visited for the second time using a branch SRX Series Services Gateway configured with SurfControl integrated Web filtering.Which statement is true?()
第5题:
When an SRX series device receives an ESP packet, what happens?()
第6题:
The SRX Series device has been configured correctly, the Junos Pulse Access Control Service is reachable on the network, and the SRX Series device is waiting to receive the initial connection from the Junos Pulse Access Control Service.
The SRX Series device has confirmed that the Junos Pulse Access Control Service is configured and is reachable on the network, the SRX Series device is waiting to receive the connection from the Junos Pulse Access Control Service, and all that remains to be accomplished is to configure the SRX Series device.
The SRX Series device is configured correctly and connected to the Junos Pulse Access Control Service. All that remains to be done to complete the configuration is to configure the SRX Series device on the Junos Pulse Access Control Service.
Both the Junos Pulse Access Control Service and the SRX Series device are configured correctly and communicating with each other.
第7题:
The server sending the e-mail to the SRX Series device is a known open SMTP relay.
The server sending the e-mail to the SRX Series device is running unknown SMTP server software.
The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.
The e-mail that the server is sending to the SRX Series device has a virus in its attachment.
The server sending the e-mail to the SRX Series device is a known spammer IP address.
第8题:
Use the pool-utilization-alarm raise-threshold under the security nat source stanza.
Use a trap-group with a category of services under the SNMP stanza.
Use an external script that will run a show command on the SRX Series device to see when the pool is close to exhaustion.
Configure a syslog message to trigger a notification when the pool is close to exhaustion.
第9题:
The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.
The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.
The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.
The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.
第10题:
rulebase-ips
rulebase-ignore
rulebase-idp
rulebase-exempt
第11题:
an antispam license
DNS servers configured on the SRX Series device
SMTP services on SRX
a UTM profile with an antispam configuration in the appropriate security policy
antivirus (full or express)
第12题:
The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server provides the SRX.
The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server asks the SRX device previously visited.
The SRX device looks at its local cache to find the category of the URL.
The SRX device does not perform any Web filtering operation as the Web site has already been visited.
第13题:
What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()
第14题:
What are two rulebase types within an IPS policy on an SRX Series device?() (Choose two.)
第15题:
Which two statements are true about the Websense redirect Web filter solution? ()(Choose two.)
第16题:
Which three are necessary for antispam to function properly on a branch SRX Series device? ()(Choose three.)
第17题:
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
第18题:
Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.
A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.
Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.
A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
第19题:
spam assassin filtering score
sender country
sender IP address
sender domain
sender e-mail address
第20题:
source NAT
destination NAT
route lookup
zone lookup
第21题:
The MAG Series device has multiple ports associated with the certificate.
The MAG Series device's serial number needs to be configured on the SRX Series device.
The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
The MAG Series device and SRX Series device are not synchronized to an NTP server.
第22题:
Rewrite Marker
Multifield Classifier
Policing
BA Classifier
第23题:
You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.