[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
第1题:
A. [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
B. [edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
C. [edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
D. [edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
第2题:
A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
第3题:
A.The last default - network statement will always be preferred.
B.A route to the 140.140.0.0 network does not exist in the routing table.
C.Default - network selection will always prefer the statement with the lowest IP address.
D.A router will load balance across multiple default - networks; repeatedly issuing the show ip route command would show the gateway of last resort changing between the two networks.
第4题:
To examine the Exhibit, press the Exhibit button. The system administrator notices a system with routing cannot communicate with a system with an ip address 192.24.34.6. Using the information provided in the exhibit, what is the most likely reason?()
第5题:
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()
第6题:
data link layer
application layer
access layer
session layer
network layer
第7题:
DNS traffic is denied.
HTTP traffic is denied.
FTP traffic is permitted.
SMTP traffic is permitted.
第8题:
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
第9题:
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
第10题:
static destination NAT
static source NAT
pool-based destination NAT without PAT
pool-based destination NAT with PAT
第11题:
Three physical interfaces are redundant.
You must define an additional Redundancy Group.
node 0 will immediately become primary in the cluster.
You must issue an operational command and reboot the system for the above configuration to take effect.
第12题:
Telnet is not being permitted by self policy.
Telnet is not being permitted by security policy.
Telnet is not allowed because it is not considered secure.
Telnet is not enabled as a host-inbound service on the zone
第13题:
A. Telnet is not being permitted by self policy.
B. Telnet is not being permitted by security policy.
C. Telnet is not allowed because it is not considered secure.
D. Telnet is not enabled as a host-inbound service on the zone
第14题:
A. Define the virtual router IP address on both WXC devices.
B. Add a static route for the virtual router IP address on both WXC devices.
C. Define the physical IP address of each router on each respective WXC device.
D. Leave the default gateway field in the WXC device blank; it will automatically detect the active gateway address.
第15题:
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()
第16题:
Which configuration shows the correct application of a security policy scheduler?()
第17题:
FTP
SSH
Telnet
J-Web
第18题:
The named is not running
The default gateway is not set
The NIS master server is down
Ipforwarding is not turned on
第19题:
over-subscribed
under-subscribed
dedicated circuits
nondedicated circuits
第20题:
The untrust zone does not have a management policy configured.
The trust zone does not have ping enabled as host-inbound-traffic service.
The security policy from the trust zone to the untrust zone does not permit ping.
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第21题:
The packets have exceeded the time-to-live value
There is a loop
The asterisks indicate a response time out
The asterisks indicate that the traceroute is completed.
第22题:
[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
第23题:
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }