Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All tr
题目
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)
A. Traffic is permitted from the trust zone to the untrust zone.
B. Intrazone traffic in the trust zone is permitted.
C. All traffic through the device is denied.
D. The policy is matched only when no other matching policies are found.
相似考题
参考答案和解析
参考答案:C, D
更多“Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) ”相关问题
-
第1题:
ASystempadministratorneedstosetthedefaultpasswordlengthforalluserstosixcharacters.Whichofthefollowingfilesneedstobeeditedtoaccomplishthis()A./etc/security/limits
B./etc/security/mkuser.sys
C./etc/security/priv
D./etc/security/user
参考答案:D
-
第2题:
WhichactionchangethedefaulteditorforALLusersonthesystemfromvitoedit()A.Issuethecommand:exportEDITOR=/usr/bin/editediteachuser.profiletochangetheEDITORvalueto/usr/bin/edit
B.Modify/.profileandchangetheEDITORvariableto/usr/bin/edit
C.Modify/etc/environmentandaddEDITOR=/usr/bin/editexportEDITOR
D.Modify/etc/security/defaultsandchangetheEDITORvalueto/usr/bin/edit
参考答案:C
-
第3题:
某公司在外地新开了一家分公司,现管理员希望在总部与分公司之间通过vpn建立连接。根据拓扑图,完成下列问题。
[问题1](3分)该公司所选用的VPn技术为IPSec。它工作在TCP/IP协议栈的(1)层,能为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。其中能够确保数据完整性,但是不确保数据机密性的协议是(2),既能报数数据传输的机密性又能保证数据完整性的是协议是(3)。
[问题2](4分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。…# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1] (5)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone trust[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (6)[FIREWALL1-policy-security-rule-1] destination-address(7)[FIREWALL1-policy-security-rule-1] quit[FIREWALL1] acl 3000[FIREWALL1-acl-adv-3000] rule (8)ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[FIREWALL1-acl-adv-3000] quit…答案:解析:(1)网络 (2)AH (3)ESP
(5) security-policy (6) 192.168.1.0 24(7) 192.168.2.0 24 (8) permit
【解析】
[问题1]分析:IPSec工作在TCP/IP协议栈的网络层,为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。(1)AH。认证头(Authentication Header,AH)是IPSec体系结构中的一种主要协议,它为IP数据报提供完整性检查与数据源认证,并防止重放攻击。AH不支持数据加密。AH常用摘要算法(单向Hash函数)MD5和SHA1实现摘要和认证,确保数据完整。(2)ESP。封装安全载荷(Encapsulating Security Payload,ESP)可以同时提供数据完整性确认和数据加密等服务。ESP通常使用DES、3DES、AES等加密算法实现数据加密,使用MD5或SHA-1来实现摘要和认证,确保数据完整。问题2试题分析:system-view[FIREWALL1] interface GigabitEthernet 1/0/2[FIREWALL1-GigabitEthernet1/0/2] ip address 192.168.1.1 24[FIREWALL1-GigabitEthernet1/0/2] quit[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ip address 202.1.3.1 24[FIREWALL1-GigabitEthernet1/0/1] quit# 配置接口加入相应的安全区域。[FIREWALL1] firewall zone trust[FIREWALL1-zone-trust] add interface GigabitEthernet 1/0/2[FIREWALL1-zone-trust] quit[FIREWALL1] firewall zone untrust[FIREWALL1-zone-untrust] add interface GigabitEthernet 1/0/1[FIREWALL1-zone-untrust] quit2. 配置安全策略,允许私网指定网段进行报文交互。# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1] security-policy[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone trust[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address 192.168.1.1 24[FIREWALL1-policy-security-rule-1] destination-address 192.168.2.1 24[FIREWALL1-policy-security-rule-1] action permit[FIREWALL1-policy-security-rule-1] quit…..# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FIREWALL1。[FIREWALL1-policy-security] rule name 3[FIREWALL1-policy-security-rule-3] source-zone local[FIREWALL1-policy-security-rule-3] destination-zone untrust[FIREWALL1-policy-security-rule-3] source-address 202.1.3.1 32[FIREWALL1-policy-security-rule-3] destination-address 202.1.5.1 32[FIREWALL1-policy-security-rule-3] action permit[FIREWALL1-policy-security-rule-3] quit[FIREWALL1-policy-security] rule name 4[FIREWALL1-policy-security-rule-4] source-zone untrust[FIREWALL1-policy-security-rule-4] destination-zone local[FIREWALL1-policy-security-rule-4] source-address 202.1.5.1 32[FIREWALL1-policy-security-rule-4] destination-address 202.1.3.1 32[FIREWALL1-policy-security-rule-4] action permit[FIREWALL1-policy-security-rule-4] quit[FIREWALL1-policy-security] quit3. 配置IPSec隧道。# 配置访问控制列表,定义需要保护的数据流。[FIREWALL1] acl 3000[FIREWALL1-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[FIREWALL1-acl-adv-3000] quit# 配置名称为tran1的IPSec安全提议。[FIREWALL1] ipsec proposal tran1[FIREWALL1-ipsec-proposal-tran1] encapsulation-mode tunnel[FIREWALL1-ipsec-proposal-tran1] transform esp[FIREWALL1-ipsec-proposal-tran1] esp authentication-algorithm sha2-256[FIREWALL1-ipsec-proposal-tran1] esp encryption-algorithm aes[FIREWALL1-ipsec-proposal-tran1] quit
-
第4题:
ASystempadministratorisinvestigatingapossiblesecuritybreechandwantstoreviewinformationaboutfailedloginattemptstothesystem.Whichofthefollowingcommandswillshowthis()A.fwtmp</etc/security/failedlogin
B.cat/etc/security/failedlogin
C.who
D.alog-f/etc/security/failedlogin-o
参考答案:A
-
第5题:
Auserwantstobepermanentlyaddedtothedbagroup.Whichofthefollowingcommandsorprocessescanbeusedtoaccomplishthis()A.chgrp
B.chuser
C.edit/etc/user
D.edit/etc/security/group
参考答案:B
-
第6题:
According to Para.7,which of the following is not the way that passage suggests to improve cyber-security?( )A.Be quick to predict and respond when there is insecurity.
B.Make sure everyone is equipped with fundamental knowledge of cyber-security.
C.Be cooperative with counterparts on cyber-security.
D.Be cautious using Internet.答案:D解析: