IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.
IDP inspects traffic up to the Application layer.
IDP searches the data stream for specific attack patterns.
IDP inspects traffic up to the Presentation layer.
IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
第1题:
Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()
第2题:
Which two functions of JUNOS Software are handled by the data plane?()
第3题:
Which three JUNOS software features allow for increased security on your network?()
第4题:
Which two statements are true regarding IDP?()
第5题:
Which three advanced permit actions within security policies are valid?()
第6题:
Regarding zone types, which statement is true?()
第7题:
Mark permitted traffic for firewall user authentication.
Mark permitted traffic for SCREEN options.
Associate permitted traffic with an IPsec tunnel.
Associate permitted traffic with a NAT rule.
Mark permitted traffic for IDP processing.
第8题:
activating a JUNOS Software commit script
configuring an IDP groups statement
setting up a chassis cluster
downloading the IDP policy templates
installing the policy templates
第9题:
[edit security idp]
[edit security zones security-zone trust interfaces ge-0/0/0.0]
[edit security zones security-zone trust]
[edit security screen]
第10题:
IDP policy templates are automatically installed as the active IDP policy.
IDP policy templates are enabled using a commit script.
IDP policy templates can be downloaded without an IDP license.
IDP policy templates are included in the factory-default configuration.
第11题:
Mark permitted traffic for firewall user authentication.
Mark permitted traffic for SCREEN options.
Associate permitted traffic with an IPsec tunnel.
Associate permitted traffic with a NAT rule.
Mark permitted traffic for IDP processing.
第12题:
Traffic is permitted from the trust zone to the untrust zone.
Intrazone traffic in the trust zone is permitted.
All traffic through the device is denied.
The policy is matched only when no other matching policies are found.
第13题:
Which three statements are true regarding IDP?()
第14题:
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)
第15题:
Which three advanced permit actions within security policies are valid?() (Choose three.)
第16题:
Which two statements are true regarding proxy ARP?()
第17题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
第18题:
You can see the contents of the log file by entering the show log <filename> command.
Trace options will send information to your screen automatically.
Trace options are limited to one protocol at a time.
The file name and a set of flags may be specified when enabling traceoptions.
第19题:
firewall filters
data encryption
routing protocol authentication
support for BGP path mtu discovery
automatic discovery for IPSEC neighbors
第20题:
IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.
IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.
IDP inspects traffic up to the Presentation layer.
IDP inspects traffic up to the Application layer.
第21题:
JUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.
JUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default.
JUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding.
JUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet.
第22题:
You cannot assign an interface to a functional zone.
You can specifiy a functional zone in a security policy.
Security zones must have a scheduler applied.
You can use a security zone for traffic destined for the device itself.
第23题:
You can see the contents of the log file by entering the show log <filename> command
Trace options will send information to your screen automatically
Trace options are limited to one protocol at a time
The file name and set of flags may be specified when enabling trace options