The untrust zone does not have a management policy configured.
The trust zone does not have ping enabled as host-inbound-traffic service.
The security policy from the trust zone to the untrust zone does not permit ping.
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第1题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第2题:
Click the Exhibit button.In the exhibit, the Compression > Basic > Endpoints page shows an icon of a red "X" under the tunnel status "IN" column. The error message displays, "No Request Received".What does this indicate?()
A. There are no devices at the remote site.
B. The remote side does not have QoS enabled.
C. The remote side is not configured for compression to this endpoint.
D. The remote side is not configured for decompression to this endpoint.
第3题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
第4题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
第5题:
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.
第6题:
Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. DNS1 is configured as the DNS server for contoso.com. All client computers are configured to use DNS1 for name resolution.From a client computer, you run the Ping tool as shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can use the Ping tool to resolve the IP addresses of internal servers to fully qualified domain names (FQDNs).What should you do?()
第7题:
Your network contains a DNS server named DC1 that runs Windows Server 2008 R2.The network uses a network ID of 10.1.1.0/24.You open the DNS console on Server1 as shown in the exhibit.(Click the Exhibit button.)You need to ensure that all client computers can resolve the IPv4 addresses of computers on the network to fully qualified domain names (FQDNs).What should you do??()
第8题:
set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
第9题:
from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第10题:
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
Specify the DNS entry (hostb.example.com) as the destination address in the policy.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
第11题:
The untrust zone does not have a management policy configured.
The trust zone does not have ping enabled as host-inbound-traffic service.
The security policy from the trust zone to the untrust zone does not permit ping.
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第12题:
You cannot assign an interface to a functional zone.
You can specifiy a functional zone in a security policy.
Security zones must have a scheduler applied.
You can use a security zone for traffic destined for the device itself.
第13题:
A. The untrust zone does not have a management policy configured.
B. The trust zone does not have ping enabled as host-inbound-traffic service.
C. The security policy from the trust zone to the untrust zone does not permit ping.
D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
第14题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
第15题:
Which zone is a system-defined zone?()
第16题:
Regarding zone types, which statement is true?()
第17题:
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
第18题:
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.) You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone. What should you do()
第19题:
Delete the . (root) zone.
Create a zone named 10.1.in-addr.arpa.
Create a zone named 1.1.10.in-addr.arpa.
Convert the 10.1.1.in-addr.arpa zone to a standard primary zone.
第20题:
lsps
tprof
iostat
vmtune
第21题:
Create a GlobalNames zone.
Create a reverse lookup zone.
Create a forward lookup zone.
Enable zone transfers on the contoso.com zone.
第22题:
A
B
C
D
第23题:
Set the scavenging period of Server1 to 0 days.
Modify the Server Aging/Scavenging properties.
Configure the aging properties for the contoso.com zone.
Convert the contoso.com zone to an Active Directory-integrated zone.
第24题:
Telnet is not being permitted by self policy.
Telnet is not being permitted by security policy.
Telnet is not allowed because it is not considered secure.
Telnet is not enabled as a host-inbound service on the zone