单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to in
题目
from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
相似考题
更多“单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to in”相关问题
-
第1题:
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
参考答案:C, E
-
第2题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
- A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
- D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
正确答案:B -
第3题:
A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()
- A、DHCP server
- B、DNS server
- C、Host file
- D、Route statements
正确答案:C -
第4题:
A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()
- A、The host needs to open the telnet port.
- B、The host needs a route for the translated address.
- C、The administrator must use a proxy-arp policy for the translated address.
- D、The administrator must use a security policy, which will allow communication between the zones.
正确答案:C -
第5题:
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()
- A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
- B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
- C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
- D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
正确答案:B -
第6题:
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do?()
- A、Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.
- B、Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.
- C、Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.
- D、Create a Pattern Match capture trigger for the 131.107.0.1 IP address.
正确答案:C -
第7题:
单选题A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()ADHCP server
BDNS server
CHost file
DRoute statements
正确答案: D解析: 暂无解析 -
第8题:
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpn
Bset policy tunnel-traffic then permit tunnel remote-vpn
Cset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
Dset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案: A解析: 暂无解析 -
第9题:
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do?()ACreate an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.
BCreate a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.
CCreate an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.
DCreate a Pattern Match capture trigger for the 131.107.0.1 IP address.
正确答案: B解析: 暂无解析 -
第10题:
单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.
BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.
CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
正确答案: D解析: 暂无解析 -
第11题:
多选题A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()AConfigure port Fa0/1 to accept connections only from the static IP address of the server.
BEmploy a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
CConfigure the MAC address of the server as a static entry associated with port Fa0/1.
DBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
EConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
FConfigure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
正确答案: A,C解析: 暂无解析 -
第12题:
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
正确答案: B解析: 暂无解析 -
第13题:
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
- A、set policy tunnel-traffic then tunnel remote-vpn
- B、set policy tunnel-traffic then permit tunnel remote-vpn
- C、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
- D、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案:D -
第14题:
You are the administrator of a Windows 2000 network. You install Windows 2000 Professional on a new computer and configure the TCP/IP settings to have a static IP address. While testing network connectivity from the new computer, you discover an error in the DNS server address that is configured in the TCP/IP settings. You configure the correct DNS server address, which is 10.1.1.5. However, you are still unable to successfully connect to network resources by name. You run the IPconfig/all command. The results indicate that the DNS server address is now configured as 0.0.0.0 You need to ensure that the computer can connect to network resources by name. What should you do?()
- A、Stop and restart the DNS Client service.
- B、Add 10.1.1.5 to the DNS server list on the TCP/IP Advanced Properties tab.
- C、Add an A (host) record for the computer to the DNS server’s zone file.
- D、Configure your DHCP server to have a DNS server address of 10.1.1.5.
正确答案:A -
第15题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
- A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.
- B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
- C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
- D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
正确答案:D -
第16题:
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.
- A、DNS traffic is denied.
- B、Telnet traffic is denied.
- C、SMTP traffic is denied.
- D、Ping traffic is permitted
正确答案:B -
第17题:
You are the administrator of a Windows 2000 network. The network consists of a Windows 2000 domain named Company.com. You install Windows 2000 Professional on a new computer named ES1 and configure the TCP/IP settings to have a static IP address. You plan to join ES1 to the Company.com domain. You configure two DNS server addresses in the TCP/IP properties. The first DNS server address is for a DNS server hosted by your ISP, the second DNS server address is for a DNS server authoritative for the Company.com domain. When you attempt to join ES1 to the domain, you are unable to do so. You can successfully PING the IP address of each DNS server from ES1. You want ES1 to be able to join the Company.com domain. What should you do?()
- A、Delete the second DNS server entry.
- B、Delete the first DNS server entry.
- C、Add an A (host) record for the computer to the appropriate DNS zone.
- D、Configure the computer to Obtain an IP address automatically.
正确答案:B -
第18题:
单选题You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()Aset security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
Bset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
Cset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
Dset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
正确答案: B解析: 暂无解析 -
第19题:
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.
BSpecify the DNS entry (hostb.example.com) as the destination address in the policy.
CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
正确答案: D解析: 暂无解析 -
第20题:
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()AA
BB
CC
DD
正确答案: B解析: 暂无解析 -
第21题:
单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()AThe untrust zone does not have a management policy configured.
BThe trust zone does not have ping enabled as host-inbound-traffic service.
CThe security policy from the trust zone to the untrust zone does not permit ping.
DNo security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
正确答案: D解析: 暂无解析 -
第22题:
单选题You are the administrator of a Windows 2000 network. The network consists of a Windows 2000 domain named Company.com. You install Windows 2000 Professional on a new computer named ES1 and configure the TCP/IP settings to have a static IP address. You plan to join ES1 to the Company.com domain. You configure two DNS server addresses in the TCP/IP properties. The first DNS server address is for a DNS server hosted by your ISP, the second DNS server address is for a DNS server authoritative for the Company.com domain. When you attempt to join ES1 to the domain, you are unable to do so. You can successfully PING the IP address of each DNS server from ES1. You want ES1 to be able to join the Company.com domain. What should you do?()ADelete the second DNS server entry.
BDelete the first DNS server entry.
CAdd an A (host) record for the computer to the appropriate DNS zone.
DConfigure the computer to Obtain an IP address automatically.
正确答案: A解析: 暂无解析 -
第23题:
单选题You are the administrator of a Windows 2000 network. You install Windows 2000 Professional on a new computer and configure the TCP/IP settings to have a static IP address. While testing network connectivity from the new computer, you discover an error in the DNS server address that is configured in the TCP/IP settings. You configure the correct DNS server address, which is 10.1.1.5. However, you are still unable to successfully connect to network resources by name. You run the IPconfig/all command. The results indicate that the DNS server address is now configured as 0.0.0.0 You need to ensure that the computer can connect to network resources by name. What should you do?()AStop and restart the DNS Client service.
BAdd 10.1.1.5 to the DNS server list on the TCP/IP Advanced Properties tab.
CAdd an A (host) record for the computer to the DNS server’s zone file.
DConfigure your DHCP server to have a DNS server address of 10.1.1.5.
正确答案: B解析: 暂无解析