单选题Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this se

第1题：

第2题：

A user calls the help desk and explains that they just purchased a Macintosh computer. When they log into the network, the Odyssey Access Client is not automatically downloaded as it was when the user used their Windows PC.How do you resolve this issue?（）

• A、Download the Macintosh installer from the Junos Pulse Access Control Service and manually install the Odyssey Access Client.
• B、Provide the user with the sign-in URL you set up for Macintosh users; this will push the Odyssey Access Client to the user's machine.
• C、Assist the user to configure the Macintosh native supplicant and provide the AppleScnptto expose the EAP-JUAC inner authentication protocol.
• D、Configure the user's role to install the Java agent, which is a requirement to allow the Junos Pulse Access Control Service to deploy the Odyssey Access Client.

第3题：

In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?（）

• A、to specify the destination addresses to which access is permitted
• B、to specify the source address permitted to access the resource
• C、to specify the services to which access is permitted
• D、to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

第4题：

Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）

• A、Source IP and browser
• B、Source IP and certificate
• C、Certificate and Host Checker
• D、Host Checker and source IP

第5题：

Which three types of policies must you configure to allow remote users transparent access to protected resources using IF-MAP Federation between a Junos Pulse Secure Access Service and a Junos Pulse Access Control Service?（）

• A、Session-Export policies on the Junos Pulse Secure Access Service
• B、Session-Export policies on the Junos Pulse Access Control Service
• C、Session-Import policies on the Junos Pulse Secure Access Service
• D、Session-Import policies on the Junos Pulse Access Control Service
• E、Resource access policies on the Junos Pulse Access Control Service

第6题：

You have three classes of users on your network: employee, contractor, and IT administrator. You configure the Junos Pulse Access Control Service to assign roles to each user class and require that a specific wireless SSID be preconfigured for the Odyssey Access Client based on the role. Which configuration method should you use to satisfy this scenario?（）

• A、Create a "Settings Update file" in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".
• B、Configure a wired adapter and assign the required SSID under "User Roles" > "Agent" > "Odyssey Settings".
• C、Create a script in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".
• D、Create a "Preconfiguration file" in the Odyssey Access Client Administrator and upload it to the Junos Pulse Access Control Service under "User Roles" > "Agent" > "Odyssey Settings" > "Preconfigured Installer".

第7题：

What are three elements the Junos Pulse Access Control Service uses to establish endpoint access to protected resources?（）

• A、sign-in policy
• B、authentication realms
• C、role restrictions
• D、policy realms
• E、routing policy

第8题：

You are deploying a Junos Pulse Access Control Service cluster in active/passive mode. How do you configure the IP address on the SRX Series devices?（）

• A、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP as the IP address the instance.
• B、Configure multiple Junos Pulse Access Control Service instances on the enforcer, specifying the specific IP address each device in a separate instance.
• C、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and active node address in the instance.
• D、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and passive node address in the instance.

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

When using RADIUS as an external authentication method for 802.1X authentication for the Junos Pulse Access Control Service, what must you do to ensure that the RADIUS authentication works properly?（）

• A、Configure IP helper to forward the authentication requests from the clients to the external RADIUS server
• B、Configure the supplicant as anexternal authentication server
• C、Configure RADIUS proxy on the realm
• D、Specify the correct RADIUS port 389 on the Junos Pulse Access Control Service

第15题：

You have multiple realms configured on a MAG Series device. A user is authenticating with a non- Junos Pulse Access Control Service client. The username does not contain a realm suffix.Which behavior will the user experience?（）

• A、The user will not be able to log-in, as the Junos Pulse Access Control Service device cannot map the user to a realm when the realm value is empty.
• B、The user will be mapped to all realms available to the user.
• C、The Junos Pulse Access Control Service device displays a page where the user must choose from a list of realms.
• D、The endpoint is assigned to the first realm in the list whose authentication server is a match with the endpoints software.

第16题：

You want to create a security policy on an SRX240 that redirects unauthenticated users back to the Junos Pulse Access Control Service.Which two steps must you take to accomplish this task?（）

• A、Configure a captive-portal service that redirects all traffic back to the Junos Pulse Access Control Service.
• B、Configure a security policy that references the unified-access-control captive-portal service.
• C、Configure a captive-portal service that redirects unauthenticated traffic back to the Junos Pulse Access Control Service.
• D、Configure a security policy that references the unified-access-control intranet-controller service.

第17题：

You want to provide all users in your corporation with a single agent that provides access to multiple connection types conditionally. For example, you connect to the Junos Pulse Access Control Service if you are connected to the intranet, but you connect to the Junos Pulse Secure Access Service if you are on a remote network. Which agent should you use for this type of connection requirement?（）

• A、Junos Pulse should be configured with location awareness rules configured.
• B、Odyssey Access Client should be installed with Host Checker configured to check the client's location.
• C、Junos Pulse should be configured with all components installed.
• D、Agentless access should be enabled so that clients can connect to any service without concern for installing an agent.

第18题：

What are two use cases enabled by IF-MAP Federation?（）

• A、Users authenticated to one Junos Pulse Access Control Service can transparently access resources protected by another Junos Pulse Access Control Service.
• B、Users authenticated to a Junos Pulse Access Control Service can transparently access resources protected by a Junos Pulse Secure Access Service.
• C、Remote access users authenticated to a Junos Pulse Secure Access Service can transparently access resources protected by a Junos Pulse Access Control Service.
• D、Remote access users authenticated to one Junos Pulse Secure Access Service can transparently access resources protected by another Junos Pulse Secure Access Service.

第19题：

You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?（）

• A、CLI
• B、WebUI
• C、NSM
• D、Junos Pulse Access Control Service

第20题：

Your corporate network has a member server named RAS1 that runs Windows Server 2008. You configure RAS1 to use the Routing and Remote Access Service （RRAS） The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do？（）

• A、 Install the Network Policy Server （NPS） on the RAS1 server
• B、 Create a remote access policy that requires users to authenticate by using SPAP
• C、 Create a remote access policy that requires users to authenticate by using EAP-TLS
• D、 Create a remote access policy that requires users to authenticate by using MS-CHAP v2

第21题：

第22题：

第23题：

第24题：