单选题What is a Host Enforcer policy?（）A A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.B A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.C A policy that is sent to the pro

第1题：

A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated toall of the devices. The route is not now in any of the routing tables. The administrator determinesthat an access list is the cause of the problem. The administrator changes the access list to allowthis route， but the route still does not appear in any of the routing tables. What should be done topropagate this route？（）

• A、Clear the BGP session
• B、Change both the inbound and outbound policy related to this route
• C、Use the service-policy command to adjust the QOS policy to allow the route to propagate
• D、Use the release BGP routing command

第2题：

A Windows Azure application is activated for Windows Azure Connect A corporate policy blocks Internet traffic for local servers.  You need to recommend the firewall rule that will allow Windows Azure Connect traffic for local servers.  What should you recommend？（）

• A、 Allow TCP port 443 inbound.
• B、 Allow TCP port 3389 outbound.
• C、 Allow TCP port 3389 inbound.
• D、 Allow TCP port 443 outbound.

第3题：

Which statement describes the behavior of a security policy？（）

• A、The implicit default security policy permits all traffic.
• B、Traffic destined to the device itself always requires a security policy.
• C、Traffic destined to the device’s incoming interface does not require a security policy.
• D、The factory-default configuration permits all traffic from all interfaces.

第4题：

What are three elements the Junos Pulse Access Control Service uses to establish endpoint access to protected resources?（）

• A、sign-in policy
• B、authentication realms
• C、role restrictions
• D、policy realms
• E、routing policy

第5题：

You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem？（）

• A、Telnet is not being permitted by self policy.
• B、Telnet is not being permitted by security policy.
• C、Telnet is not allowed because it is not considered secure.
• D、Telnet is not enabled as a host-inbound service on the zone

第6题：

Your network contains an Active Directory domain. All client computers run Windows XP Service Pack 3 (SP3). The domain contains a member server named Server1 that runs Windows Server 2008 R2. On Server1, you create a connection security rule that requires authentication for inbound and outbound connections. You configure the connection security rule to use Kerberos authentication. You need to ensure that the client computers can connect to Server1. The solution must ensure that all connections to Server1 are encrypted. What should you do？（）

• A、From the Windows Firewall with Advanced Security console, create an inbound rule on Server1.
• B、From the Windows Firewall with Advanced Security console, create an outbound rule on Server1.
• C、From a Group Policy object (GPO), enable the Client (Respond Only) IPSec policy on all client computers.
• D、From a Group Policy object (GPO), configure the Network Security: LDAP client signing requirements policy setting for all client computers.

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

What is a Host Enforcer policy?（）

• A、A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.
• B、A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.
• C、A policy that is sent to the protected resource that permits or denies inbound or outbound traffic.
• D、A policy that is defined on the protected resource that permits or denies inbound or outbound traffic.

第14题：

You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）

• A、The intranet-auth authentication option
• B、The redirect-portal application service
• C、The uac-policy application service
• D、The ipsec-vpn tunnel

第15题：

Which two statements describe the purpose of a security policy？（）

• A、It enables traffic counting and logging.
• B、It enforces a set of rules for transit traffic.
• C、It controls host inbound services on a zone.
• D、It controls administrator rights to access the device.

第16题：

What is the function of Host Checker?（）

• A、To allow clientless access to the network
• B、To restrict access to protected resources on the network
• C、To scan an endpointfor compliance with security policies
• D、To push a firewall policy to the endpoint's local firewall application

第17题：

You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?（）

• A、The endpoints can use agentless access.
• B、Encrypted traffic flows between the endpoint and the enforcer.
• C、Encrypted traffic flows between the endpoint and the protected resource
• D、The endpoints can use the Odyssey Access Client.

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：