单选题Click the Exhibit button. Referring to the exhibit, which statement contains the correct gateway parameters?()A[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20;
题目
[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
相似考题
参考答案和解析
更多“单选题Click the Exhibit button. Referring to the exhibit, which statement contains the correct gateway parameters?()A [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20”相关问题
-
第1题:
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A. [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
B. [edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
C. [edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
D. [edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
参考答案:B
-
第2题:
Which statement contains the correct parameters for a route-based IPsec VPN?()A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
参考答案:D
-
第3题:
Refer to the above exhibit. Why is the 140.140.0.0 network not used as the gateway of last resort even though it is configured first?()
A.The last default - network statement will always be preferred.
B.A route to the 140.140.0.0 network does not exist in the routing table.
C.Default - network selection will always prefer the statement with the lowest IP address.
D.A router will load balance across multiple default - networks; repeatedly issuing the show ip route command would show the gateway of last resort changing between the two networks.
参考答案:B
-
第4题:
To examine the Exhibit, press the Exhibit button. The system administrator notices a system with routing cannot communicate with a system with an ip address 192.24.34.6. Using the information provided in the exhibit, what is the most likely reason?()
- A、The named is not running
- B、The default gateway is not set
- C、The NIS master server is down
- D、Ipforwarding is not turned on
正确答案:B -
第5题:
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()
- A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
- B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
- C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
- D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
正确答案:C -
第6题:
单选题Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?()Adata link layer
Bapplication layer
Caccess layer
Dsession layer
Enetwork layer
正确答案: E解析: 暂无解析 -
第7题:
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.
BHTTP traffic is denied.
CFTP traffic is permitted.
DSMTP traffic is permitted.
正确答案: C,B解析: 暂无解析 -
第8题:
单选题Which configuration shows the correct application of a security policy scheduler?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
C[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
正确答案: C解析: 暂无解析 -
第9题:
单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
正确答案: C解析: 暂无解析 -
第10题:
单选题Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }Astatic destination NAT
Bstatic source NAT
Cpool-based destination NAT without PAT
Dpool-based destination NAT with PAT
正确答案: A解析: 暂无解析 -
第11题:
单选题Click the Exhibit button. In the exhibit, which statement is correct? ()AThree physical interfaces are redundant.
BYou must define an additional Redundancy Group.
Cnode 0 will immediately become primary in the cluster.
DYou must issue an operational command and reboot the system for the above configuration to take effect.
正确答案: B解析: 暂无解析 -
第12题:
单选题Click the Exhibit button. Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()ATelnet is not being permitted by self policy.
BTelnet is not being permitted by security policy.
CTelnet is not allowed because it is not considered secure.
DTelnet is not enabled as a host-inbound service on the zone
正确答案: C解析: 暂无解析 -
第13题:
Click the Exhibit button.Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()
A. Telnet is not being permitted by self policy.
B. Telnet is not being permitted by security policy.
C. Telnet is not allowed because it is not considered secure.
D. Telnet is not enabled as a host-inbound service on the zone
参考答案:D
-
第14题:
Click the Exhibit button.In the exhibit, two physical routers are configured for VRRP in the network with WXC devices.How should you define the default gateway address on each WXC device?()
A. Define the virtual router IP address on both WXC devices.
B. Add a static route for the virtual router IP address on both WXC devices.
C. Define the physical IP address of each router on each respective WXC device.
D. Leave the default gateway field in the WXC device blank; it will automatically detect the active gateway address.
参考答案:C
-
第15题:
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()
- A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
- B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
- C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
- D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
正确答案:B -
第16题:
Which configuration shows the correct application of a security policy scheduler?()
- A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
- B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
- C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
- D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
正确答案:B -
第17题:
多选题Click the Exhibit button. In the exhibit,the protect-re filter is applied as an input filter on the lo0.0 interface and all possible services are enabled under [edit system services]. Which two methods can you use to access the router?()AFTP
BSSH
CTelnet
DJ-Web
正确答案: B,D解析: 暂无解析 -
第18题:
单选题To examine the Exhibit, press the Exhibit button. The system administrator notices a system with routing cannot communicate with a system with an ip address 192.24.34.6. Using the information provided in the exhibit, what is the most likely reason?()AThe named is not running
BThe default gateway is not set
CThe NIS master server is down
DIpforwarding is not turned on
正确答案: B解析: 暂无解析 -
第19题:
单选题Click the Exhibit button. When configuring WXC A's local WAN parameters, which QoS network parameter would you choose?()Aover-subscribed
Bunder-subscribed
Cdedicated circuits
Dnondedicated circuits
正确答案: A解析: 暂无解析 -
第20题:
单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()AThe untrust zone does not have a management policy configured.
BThe trust zone does not have ping enabled as host-inbound-traffic service.
CThe security policy from the trust zone to the untrust zone does not permit ping.
DNo security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
正确答案: D解析: 暂无解析 -
第21题:
单选题Referring to the exhibit, which statement is correct?()AThe packets have exceeded the time-to-live value
BThere is a loop
CThe asterisks indicate a response time out
DThe asterisks indicate that the traceroute is completed.
正确答案: D解析: 暂无解析 -
第22题:
单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
B[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
C[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
D[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
正确答案: B解析: 暂无解析 -
第23题:
单选题Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
C[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
正确答案: A解析: 暂无解析