多选题Which two statements describe the purpose of a security policy？（）AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic

第1题：

Which two statements regarding JUNOS architecture are correct?（）

• A、The Routing Engine handles all exception traffic.
• B、The Routing Engine synchronizes the route table with the PFE
• C、The Routing Engine is hot-pluggable.
• D、The Routing Engine controls the PFE

第2题：

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?（）

• A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
• C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
• D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

第3题：

Which two statements describe the purpose of a security policy？（）

• A、It enables traffic counting and logging.
• B、It enforces a set of rules for transit traffic.
• C、It controls host inbound services on a zone.
• D、It controls administrator rights to access the device.

第4题：

At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? （）(Choose two.)

• A、[edit security idp]
• B、[edit security zones security-zone trust interfaces ge-0/0/0.0]
• C、[edit security zones security-zone trust]
• D、[edit security screen]

第5题：

Which two statements in a source NAT configuration are true regarding addresses, rule-sets, or rules that overlap?（）(Choose two.)

• A、Addresses used for NAT pools should never overlap.
• B、If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.
• C、If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.
• D、Dynamic source NAT rules take precedence over static source NAT rules.

第6题：

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Which two configuration options must be present for IPv4 transit traffic to pass between the ge-0/0/0.0 andge-0/0/2.0 interfaces？（）

• A、family inet
• B、a security zone
• C、a routing instance
• D、host-inbound-traffic

第14题：

Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?（）

• A、Source IP and browser
• B、Source IP and certificate
• C、Certificate and Host Checker
• D、Host Checker and source IP

第15题：

Which two statements are true for a security policy? （）(Choose two.)

• A、It controls inter-zone traffic.
• B、It controls intra-zone traffic.
• C、It is named with a system-defined name.
• D、It controls traffic destined to the device's ingress interface.

第16题：

Which two statements are true regarding the system-default security policy [edit security policies default-policy]?（）(Choose two.)

• A、Traffic is permitted from the trust zone to the untrust zone.
• B、Intrazone traffic in the trust zone is permitted.
• C、All traffic through the device is denied.
• D、The policy is matched only when no other matching policies are found.

第17题：

Which two configuration elements are required for a route-based VPN？（）

• A、secure tunnel interface
• B、security policy to permit the IKE traffic
• C、a route for the tunneled transit traffic
• D、tunnel policy for transit traffic referencing the IPsec VPN

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：