vlan.0 belongs to the untrust zone.
You must configure Web authentication to allow inbound traffic in the untrust zone.
The zone name untrust has no special meaning.
The untrust zone is not configurable.
第1题:
A. self
B. trust
C. untrust
D. junos-global
第2题:
A. The untrust zone does not have a management policy configured.
B. The trust zone does not have ping enabled as host-inbound-traffic service.
C. The security policy from the trust zone to the untrust zone does not permit ping.
D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第3题:
Which security or functional zone name has special significance to the Junos OS?()
第4题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
第5题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
第6题:
Which statement is true about interface-based static NAT? ()
第7题:
Regarding zone types, which statement is true?()
第8题:
set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
第9题:
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
Specify the DNS entry (hostb.example.com) as the destination address in the policy.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
第10题:
self
trust
untrust
junos-global
第11题:
PAT is a requirement.
It requires you to configure address entries in the junos-nat zone.
It requires you to configure address entries in the junos-global zone.
The IP addresses being translated must be in the same subnet as the egress interface.
第12题:
[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
第13题:
A. It also supports PAT.
B. It requires you to configure address entries in the junos-nat zone.
C. It requires you to configure address entries in the junos-global zone.
D. The IP addresses being translated must be in the same subnet as the incoming interface.
第14题:
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()
第15题:
Which statement is true about interface-based source NAT?()
第16题:
In the Junos OS, which statement is true?()
第17题:
Which zone is a system-defined zone?()
第18题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
第19题:
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
第20题:
from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第21题:
A
B
C
D
第22题:
The untrust zone does not have a management policy configured.
The trust zone does not have ping enabled as host-inbound-traffic service.
The security policy from the trust zone to the untrust zone does not permit ping.
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第23题:
vlan.0 belongs to the untrust zone.
You must configure Web authentication to allow inbound traffic in the untrust zone.
The zone name untrust has no special meaning.
The untrust zone is not configurable.
第24题:
Traffic is permitted from the trust zone to the untrust zone.
Intrazone traffic in the trust zone is permitted.
All traffic through the device is denied.
The policy is matched only when no other matching policies are found.