单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()AThe untrust zone does not have a management policy configured.BThe trust zone does not have ping enabled as host

题目
单选题
Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()
A

The untrust zone does not have a management policy configured.

B

The trust zone does not have ping enabled as host-inbound-traffic service.

C

The security policy from the trust zone to the untrust zone does not permit ping.

D

No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.

相似考题

1.Click the Exhibit button.A network administrator receives complaints that the application voicecube is timing out after being idle for 30 minutes.Referring to the exhibit, what is a resolution?()A. [edit] user@host# set applications application voicecube inactivity-timeout neverB. [edit] user@host# set applications application voicecube inactivity-timeout 2C. [edit] user@host# set applications application voicecube destination-port 5060D. [edit] user@host# set security policies from-zone trust to-zone trust policy intrazone then timeout never

2.Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.

3.Click the Exhibit button.Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()A. Telnet is not being permitted by self policy.B. Telnet is not being permitted by security policy.C. Telnet is not allowed because it is not considered secure.D. Telnet is not enabled as a host-inbound service on the zone

4.Click the Exhibit button.Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? ()(Choose two.)A. DNS traffic is denied.B. HTTP traffic is denied.C. FTP traffic is permitted.D. SMTP traffic is permitted.

更多“单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()A The untrust zone does not have a management policy configured.B The trust zone does not have ping enabled as ”相关问题

  • 第1题:

    A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()

    A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

    B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

    C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }

    D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }


    参考答案:B

  • 第2题:

    Click the Exhibit button.In the exhibit, the Compression > Basic > Endpoints page shows an icon of a red "X" under the tunnel status "IN" column. The error message displays, "No Request Received".What does this indicate?()

    A. There are no devices at the remote site.

    B. The remote side does not have QoS enabled.

    C. The remote side is not configured for compression to this endpoint.

    D. The remote side is not configured for decompression to this endpoint.


    参考答案:C

  • 第3题:

    You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()

    • A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.
    • B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
    • C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
    • D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy

    正确答案:D

  • 第4题:

    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

    • A、Traffic is permitted from the trust zone to the untrust zone.
    • B、Intrazone traffic in the trust zone is permitted.
    • C、All traffic through the device is denied.
    • D、The policy is matched only when no other matching policies are found.

    正确答案:C,D

  • 第5题:

    Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.

    • A、DNS traffic is denied.
    • B、Telnet traffic is denied.
    • C、SMTP traffic is denied.
    • D、Ping traffic is permitted

    正确答案:B

  • 第6题:

    Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. DNS1 is configured as the DNS server for contoso.com. All client computers are configured to use DNS1 for name resolution.From a client computer, you run the Ping tool as shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can use the Ping tool to resolve the IP addresses of internal servers to fully qualified domain names (FQDNs).What should you do?()

    • A、Create a GlobalNames zone.
    • B、Create a reverse lookup zone.
    • C、Create a forward lookup zone.
    • D、Enable zone transfers on the contoso.com zone.

    正确答案:B

  • 第7题:

    Your network contains a DNS server named DC1 that runs Windows Server 2008 R2.The network uses a network ID of 10.1.1.0/24.You open the DNS console on Server1 as shown in the exhibit.(Click the Exhibit button.)You need to ensure that all client computers can resolve the IPv4 addresses of computers on the network to fully qualified domain names (FQDNs).What should you do??()

    • A、Delete the . (root) zone.
    • B、Create a zone named 10.1.in-addr.arpa.
    • C、Create a zone named 1.1.10.in-addr.arpa.
    • D、Convert the 10.1.1.in-addr.arpa zone to a standard primary zone.

    正确答案:C

  • 第8题:

    单选题
    You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
    A

    set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam

    B

    set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam

    C

    set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy

    D

    set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam


    正确答案: B
    解析: 暂无解析

  • 第9题:

    单选题
    A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
    A

    from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

    B

    from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

    C

    from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }

    D

    from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }


    正确答案: C
    解析: 暂无解析

  • 第10题:

    单选题
    You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()
    A

    Specify the IP address (172.19.1.1/32) as the destination address in the policy.

    B

    Specify the DNS entry (hostb.example.com) as the destination address in the policy.

    C

    Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

    D

    Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.


    正确答案: D
    解析: 暂无解析

  • 第11题:

    单选题
    You have an Active Directory domain named contoso.com. You have a domain controller named  Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.)  You discover that stale resource records are not automatically removed from the contoso.com  zone. You need to ensure that the stale resource records are automatically removed from the  contoso.com zone.     What should you do()
    A

    Set the scavenging period of Server1 to 0 days.

    B

    Modify the Server Aging/Scavenging properties.

    C

    Configure the aging properties for the contoso.com zone.

    D

    Convert the contoso.com zone to an Active Directory-integrated zone.


    正确答案: A
    解析: 暂无解析

  • 第12题:

    单选题
    Click the Exhibit button. Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()
    A

    Telnet is not being permitted by self policy.

    B

    Telnet is not being permitted by security policy.

    C

    Telnet is not allowed because it is not considered secure.

    D

    Telnet is not enabled as a host-inbound service on the zone


    正确答案: C
    解析: 暂无解析

  • 第13题:

    Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?()

    A. The untrust zone does not have a management policy configured.

    B. The trust zone does not have ping enabled as host-inbound-traffic service.

    C. The security policy from the trust zone to the untrust zone does not permit ping.

    D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.


    参考答案:C

  • 第14题:

    A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()

    • A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
    • B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
    • C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
    • D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

    正确答案:B

  • 第15题:

    Which zone is a system-defined zone?()

    • A、null zone
    • B、trust zone
    • C、untrust zone
    • D、management zone

    正确答案:A

  • 第16题:

    Regarding zone types, which statement is true?()

    • A、You cannot assign an interface to a functional zone.
    • B、You can specifiy a functional zone in a security policy.
    • C、Security zones must have a scheduler applied.
    • D、You can use a security zone for traffic destined for the device itself.

    正确答案:D

  • 第17题:

    You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()

    • A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
    • B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
    • C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
    • D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam

    正确答案:B

  • 第18题:

    You have an Active Directory domain named contoso.com.   You have a domain controller named Server1 that is configured as a DNS server.   Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in  the exhibit. (Click the Exhibit button.)   You discover that stale resource records are not automatically removed from the contoso.com zone.   You need to ensure that the stale resource records are automatically removed from the contoso.com  zone.   What should you do()

    • A、Set the scavenging period of Server1 to 0 days.
    • B、Modify the Server Aging/Scavenging properties.
    • C、Configure the aging properties for the contoso.com zone.
    • D、Convert the contoso.com zone to an Active Directory-integrated zone.

    正确答案:C

  • 第19题:

    单选题
    Your network contains a DNS server named DC1 that runs Windows Server 2008 R2.The network uses a network ID of 10.1.1.0/24.You open the DNS console on Server1 as shown in the exhibit.(Click the Exhibit button.)You need to ensure that all client computers can resolve the IPv4 addresses of computers on the network to fully qualified domain names (FQDNs).What should you do??()
    A

    Delete the . (root) zone.

    B

    Create a zone named 10.1.in-addr.arpa.

    C

    Create a zone named 1.1.10.in-addr.arpa.

    D

    Convert the 10.1.1.in-addr.arpa zone to a standard primary zone.


    正确答案: A
    解析: 暂无解析

  • 第20题:

    单选题
    To examine the Exhibit, press the Exhibit button. A user is compiling a C program.  A performance problem occurs and "vmstat 120 10" is run to determine the cause.  The vmstat output is provided in the exhibit.  Which of the following commands should be run to obtain more information about the problem?()
    A

     lsps 

    B

     tprof 

    C

     iostat 

    D

     vmtune


    正确答案: C
    解析: 暂无解析

  • 第21题:

    单选题
    Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. DNS1 is configured as the DNS server for contoso.com. All client computers are configured to use DNS1 for name resolution.From a client computer, you run the Ping tool as shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can use the Ping tool to resolve the IP addresses of internal servers to fully qualified domain names (FQDNs).What should you do?()
    A

    Create a GlobalNames zone.

    B

    Create a reverse lookup zone.

    C

    Create a forward lookup zone.

    D

    Enable zone transfers on the contoso.com zone.


    正确答案: C
    解析: 暂无解析

  • 第22题:

    单选题
    A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()
    A

    A

    B

    B

    C

    C

    D

    D


    正确答案: B
    解析: 暂无解析

  • 第23题:

    单选题
    Regarding zone types, which statement is true?()
    A

    You cannot assign an interface to a functional zone.

    B

    You can specifiy a functional zone in a security policy.

    C

    Security zones must have a scheduler applied.

    D

    You can use a security zone for traffic destined for the device itself.


    正确答案: D
    解析: 暂无解析

相关内容