单选题In the Junos OS, which statement is true?（）A vlan.0 belongs to the untrust zone.B You must configure Web authentication to allow inbound traffic in the untrust zone.C The zone name untrust has no special meaning.D The untrust zone is not configurable.

第1题：

第2题：

第3题：

Which security or functional zone name has special significance to the Junos OS?（）

• A、self
• B、trust
• C、untrust
• D、junos-global

第4题：

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）

• A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
• D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

第5题：

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com（172.19.1.1） in the Untrust zone. How do you create this policy？（）

• A、Specify the IP address （172.19.1.1/32） as the destination address in the policy.
• B、Specify the DNS entry （hostb.example.com.） as the destination address in the policy.
• C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
• D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

第6题：

Which statement is true about interface-based static NAT? （）

• A、It also supports PAT.
• B、It requires you to configure address entries in the junos-nat zone.
• C、It requires you to configure address entries in the junos-global zone.
• D、The IP addresses being translated must be in the same subnet as the incoming interface.

第7题：

Regarding zone types， which statement is true？（）

• A、You cannot assign an interface to a functional zone.
• B、You can specifiy a functional zone in a security policy.
• C、Security zones must have a scheduler applied.
• D、You can use a security zone for traffic destined for the device itself.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?（）

• A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
• B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
• C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
• D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }

第15题：

Which statement is true about interface-based source NAT？（）

• A、PAT is a requirement.
• B、It requires you to configure address entries in the junos-nat zone.
• C、It requires you to configure address entries in the junos-global zone.
• D、The IP addresses being translated must be in the same subnet as the egress interface.

第16题：

In the Junos OS, which statement is true?（）

• A、vlan.0 belongs to the untrust zone.
• B、You must configure Web authentication to allow inbound traffic in the untrust zone.
• C、The zone name "untrust" has no special meaning.
• D、The untrust zone is not configurable.

第17题：

Which zone is a system-defined zone？（）

• A、null zone
• B、trust zone
• C、untrust zone
• D、management zone

第18题：

Which two statements are true regarding the system-default security policy [edit security policies default-policy]?（）(Choose two.)

• A、Traffic is permitted from the trust zone to the untrust zone.
• B、Intrazone traffic in the trust zone is permitted.
• C、All traffic through the device is denied.
• D、The policy is matched only when no other matching policies are found.

第19题：

You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?（）

• A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
• B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
• C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
• D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam

第20题：

第21题：

第22题：

第23题：

第24题：