多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone

题目
多选题
Which two steps are performed when configuring a zone?()
A

Define a default policy for the zone.

B

Assign logical interfaces to the zone.

C

Assign physical interfaces to the zone.

D

Define the zone as a security or functional zone

相似考题

1.Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.

2.At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A. [edit security idp]B. [edit security zones security-zone trust interfaces ge-0/0/0.0]C. [edit security zones security-zone trust]D. [edit security screen]

3.Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?()A. The untrust zone does not have a management policy configured.B. The trust zone does not have ping enabled as host-inbound-traffic service.C. The security policy from the trust zone to the untrust zone does not permit ping.D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.

4.You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()A. set security zones management interfaces ge-0/0/0.0B. set zones functional-zone management interfaces ge-0/0/0.0C. set security zones functional-zone management interfaces ge-0/0/0.0D. set security zones functional-zone out-of-band interfaces ge-0/0/0.0

更多“多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone”相关问题

  • 第1题:

    Which statement best describes Cisco IOS Zone-Based Policy Firewall?()

    • A、A router interface can belong to multiple zones.
    • B、Policy maps are used to classify traffic into different traffic classes, and class maps are used to assignaction to the traffic classes.
    • C、The pass action works in only one direction
    • D、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.

    正确答案:C

  • 第2题:

    Which two steps are performed when configuring a zone?()

    • A、Define a default policy for the zone.
    • B、Assign logical interfaces to the zone.
    • C、Assign physical interfaces to the zone.
    • D、Define the zone as a security or functional zone

    正确答案:B,D

  • 第3题:

    At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)

    • A、[edit security idp]
    • B、[edit security zones security-zone trust interfaces ge-0/0/0.0]
    • C、[edit security zones security-zone trust]
    • D、[edit security screen]

    正确答案:B,C

  • 第4题:

    Which statement describes a security zone?()

    • A、A security zone can contain one or more interfaces.
    • B、A security zone can contain interfaces in multiple routing instances.
    • C、A security zone must contain two or more interfaces.
    • D、A security zone must contain bridge groups.

    正确答案:A

  • 第5题:

    You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()

    • A、set security zones management interfaces ge-0/0/0.0
    • B、set zones functional-zone management interfaces ge-0/0/0.0
    • C、set security zones functional-zone management interfaces ge-0/0/0.0
    • D、set security zones functional-zone out-of-band interfaces ge-0/0/0.0

    正确答案:C

  • 第6题:

    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

    • A、Traffic is permitted from the trust zone to the untrust zone.
    • B、Intrazone traffic in the trust zone is permitted.
    • C、All traffic through the device is denied.
    • D、The policy is matched only when no other matching policies are found.

    正确答案:C,D

  • 第7题:

    You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()

    • A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-Spam
    • B、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-Spam
    • C、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policy
    • D、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam

    正确答案:B

  • 第8题:

    多选题
    Which two statements are true for a security policy? ()(Choose two.)
    A

    It controls inter-zone traffic.

    B

    It controls intra-zone traffic.

    C

    It is named with a system-defined name.

    D

    It controls traffic destined to the device's ingress interface.


    正确答案: D,A
    解析: 暂无解析

  • 第9题:

    多选题
    Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()
    A

    Pass

    B

    Flow

    C

    Allow

    D

    Inspect


    正确答案: B,D
    解析: 暂无解析

  • 第10题:

    多选题
    Users can define policy to control traffic flow between which two components?()
    A

    from a zone to the device itself

    B

    from a zone to the same zone

    C

    from a zone to a different zone

    D

    from one interface to another interface


    正确答案: C,D
    解析: 暂无解析

  • 第11题:

    多选题
    Which two steps are performed when configuring a zone?()
    A

    Define a default policy for the zone.

    B

    Assign logical interfaces to the zone.

    C

    Assign physical interfaces to the zone.

    D

    Define the zone as a security or functional zone


    正确答案: D,B
    解析: 暂无解析

  • 第12题:

    多选题
    Users can define policy to control traffic flow between which two components? ()(Choose two.)
    A

    from a zone to the router itself

    B

    from a zone to the same zone

    C

    from a zone to a different zone

    D

    from one interface to another interface


    正确答案: D,C
    解析: 暂无解析

  • 第13题:

    Which type of zone is used by traffic transiting the device?()

    • A、transit zone
    • B、default zone
    • C、security zone
    • D、functional zone

    正确答案:C

  • 第14题:

    Which two statements are true for a security policy? ()(Choose two.)

    • A、It controls inter-zone traffic.
    • B、It controls intra-zone traffic.
    • C、It is named with a system-defined name.
    • D、It controls traffic destined to the device's ingress interface.

    正确答案:A,B

  • 第15题:

    Users can define policy to control traffic flow between which two components?()

    • A、from a zone to the device itself
    • B、from a zone to the same zone
    • C、from a zone to a different zone
    • D、from one interface to another interface

    正确答案:B,C

  • 第16题:

    Regarding secure tunnel (st) interfaces, which statement is true?()

    • A、You cannot assign st interfaces to a security zone.
    • B、You cannot apply static NAT on an st interface logical unit.
    • C、st interfaces are optional when configuring a route-based VPN
    • D、A static route can reference the st interface logical unit as the next-hop

    正确答案:D

  • 第17题:

    Users can define policy to control traffic flow between which two components? ()(Choose two.)

    • A、from a zone to the router itself
    • B、from a zone to the same zone
    • C、from a zone to a different zone
    • D、from one interface to another interface

    正确答案:B,C

  • 第18题:

    Regarding zone types, which statement is true?()

    • A、You cannot assign an interface to a functional zone.
    • B、You can specifiy a functional zone in a security policy.
    • C、Security zones must have a scheduler applied.
    • D、You can use a security zone for traffic destined for the device itself.

    正确答案:D

  • 第19题:

    多选题
    Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
    A

    DNS traffic is denied.

    B

    HTTP traffic is denied.

    C

    FTP traffic is permitted.

    D

    SMTP traffic is permitted.


    正确答案: C,B
    解析: 暂无解析

  • 第20题:

    单选题
    Which statement describes a security zone?()
    A

    A security zone can contain one or more interfaces.

    B

    A security zone can contain interfaces in multiple routing instances.

    C

    A security zone must contain two or more interfaces.

    D

    A security zone must contain bridge groups.


    正确答案: C
    解析: 暂无解析

  • 第21题:

    多选题
    At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)
    A

    [edit security idp]

    B

    [edit security zones security-zone trust interfaces ge-0/0/0.0]

    C

    [edit security zones security-zone trust]

    D

    [edit security screen]


    正确答案: B,D
    解析: 暂无解析

  • 第22题:

    单选题
    Regarding zone types, which statement is true?()
    A

    You cannot assign an interface to a functional zone.

    B

    You can specifiy a functional zone in a security policy.

    C

    Security zones must have a scheduler applied.

    D

    You can use a security zone for traffic destined for the device itself.


    正确答案: D
    解析: 暂无解析

  • 第23题:

    多选题
    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
    A

    Traffic is permitted from the trust zone to the untrust zone.

    B

    Intrazone traffic in the trust zone is permitted.

    C

    All traffic through the device is denied.

    D

    The policy is matched only when no other matching policies are found.


    正确答案: C,A
    解析: 暂无解析

  • 第24题:

    多选题
    Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
    A

    DNS traffic is denied.

    B

    HTTP traffic is denied.

    C

    FTP traffic is permitted.

    D

    SMTP traffic is permitted.


    正确答案: D,A
    解析: 暂无解析

相关内容