当前分类: JN0-331
问题:单选题Which statement is true about source NAT?()A Source NAT works only with source pools.B Destination NAT is required to translate the reply traffic.C Source NAT does not require a security policy to function.D The egress interface IP address can be used ...
查看答案
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vL...
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Which two statements about the Diffie-Hellman (DH) key exchange process are correct?()AIn the DH key exchange process, the session key is never passed across the network.BIn the DH key exchange process, the public and private keys are mathematically re...
问题:单选题Regarding zone types, which statement is true?()A You cannot assign an interface to a functional zone.B You can specifiy a functional zone in a security policy.C Security zones must have a scheduler applied.D You can use a security zone for traffic des...
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address...
问题:单选题You must configure a SCREEN option that would protect your device from a session table flood.Which configuration meets this requirement?()A AB BC CD D...
问题:多选题What are three main phases of an attack?()ADoSBexploitCpropagationDport scanningEreconnaissance...
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
问题:单选题Which zone is a system-defined zone?()A null zoneB trust zoneC untrust zoneD management zone...
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options...
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.B...
问题:单选题You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()A Telnet is not being permitted by self policy.B Telnet is not being permitted by security policy.C Telnet is not allowed b...
问题:单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()A when one of the tunnel peers has a dynamic IP addressB when one of the tunnel peers wants to force main mode to be usedC when fragmentation of the IKE packet is required between t...
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep...
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...