The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network admi

题目

The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)

A.SWEzonexam1(config-if)# switchport port-security maximum 1

B.SWEzonexam1(config)# mac-address-table secure

C.SWEzonexam1(config)# access-list 10 permit ip host

D.SWEzonexam1(config-if)# switchport port-security violation shutdown

E.SWEzonexam1(config-if)# ip access-group 10

相似考题

1.a firewall is both policy and the implementation of that policy in terms of (),(),and (), as well as other security measuresA、network configurationB、host systemsC、routersD、softwares

2.A firewall is an approach to security; it helps implement a larger security policy that defines the services and access to be permitted.

3.Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()A. Source IP and browserB. Source IP and certificateC. Certificate and Host CheckerD. Host Checker and source IP

4.A () is an approach to security; it helps implement a larger security policy that defines the services and access to be permitted.A、firewallB、patentC、ERPD、intranet

更多“The network security policy for Ezonexam requires that only one host be permitted to attac ”相关问题

  • 第1题:

    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

    A. Traffic is permitted from the trust zone to the untrust zone.

    B. Intrazone traffic in the trust zone is permitted.

    C. All traffic through the device is denied.

    D. The policy is matched only when no other matching policies are found.


    参考答案:C, D

  • 第2题:

    You are not able to telnet to the interface IP of your JUNOS software with enhanced services devicefrom a PC on the same subnet. What is causing the problem? ()

    A. Telnet is not being permitted by self policy.

    B. Telnet is not being permitted by security policy.

    C. Telnet is not allowed because it is not considered secure.

    D. Telnet is not enabled as a host-inbound service on the zone.


    参考答案:D

  • 第3题:

    A network vulnerability scanner is part of which critical element of network and system security?()

    A. host security

    B. perimeter security

    C. security monitoring

    D. policy management


    参考答案:C

  • 第4题:

    Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }

    • A、DNS traffic is denied.
    • B、HTTP traffic is denied.
    • C、FTP traffic is permitted.
    • D、SMTP traffic is permitted.

    正确答案:A,C

  • 第5题:

    The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy (Choose two.)()。

    • A、Switch1(config-if)# switchport port-security maximum 1
    • B、Switch1(config)# mac-address-table secure
    • C、Switch1(config)# access-list 10 permit ip host
    • D、Switch1(config-if)# switchport port-security violation shutdown
    • E、Switch1(config-if)# ip access-group 10

    正确答案:A,D

  • 第6题:

    The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?()

    • A、TestKing1(config-if)# switchport port-security maximum 1
    • B、TestKing1(config)# mac-address-table secure
    • C、TestKing1(config)# access-list 10 permit ip host
    • D、TestKing1(config-if)# switchport port-security violation shutdown
    • E、TestKing1(config-if)# ip access-group 10

    正确答案:A,D

  • 第7题:

    You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()

    • A、Telnet is not being permitted by self policy.
    • B、Telnet is not being permitted by security policy.
    • C、Telnet is not allowed because it is not considered secure.
    • D、Telnet is not enabled as a host-inbound service on the zone

    正确答案:D

  • 第8题:

    Network Access Protection (NAP) is configured for the corporate network.Users connect to the corporate network by using portable computers.The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.You need to ensure that users can access network resources only from computers that comply with the company policy.What should you do?()

    • A、Create an IPsec Enforcement Network policy.
    • B、Create an 802.1X Enforcement Network policy.
    • C、Create a Wired Network (IEEE 802.3) Group policy.
    • D、Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

    正确答案:A

  • 第9题:

    多选题
    You work as a senior administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed.  You are running a training exercise for junior administrators. You are currently discussing the Windows Firewall with Advanced Security feature.  Which of the following is TRUE with regards to Windows Firewall with Advanced Security?()
    A

    It provides host-based,two-way network traffic filtering for a computer.

    B

    It provides host-based,one-way network traffic filtering for a computer.

    C

    It blocks unauthorized network traffic flowing into or out of the local computer.

    D

    It only blocks unauthorized network traffic flowing into the local computer.

    E

    It only blocks unauthorized network traffic flowing out of the local computer.


    正确答案: C,D
    解析: 暂无解析

  • 第10题:

    单选题
    A network vulnerability scanner is part of which critical element of network and system security?()
    A

     host security

    B

     perimeter security

    C

     security monitoring

    D

     policy management


    正确答案: B
    解析: 暂无解析

  • 第11题:

    单选题
    Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()
    A

    Source IP and browser

    B

    Source IP and certificate

    C

    Certificate and Host Checker

    D

    Host Checker and source IP


    正确答案: B
    解析: 暂无解析

  • 第12题:

    单选题
    Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections. How many sessions exist between Host A and Host B?()
    A

    1

    B

    2

    C

    3

    D

    4


    正确答案: D
    解析: 暂无解析

  • 第13题:

    Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections.How many sessions exist between Host A and Host B?()

    A.1

    B.2

    C.3

    D.4


    参考答案:B

  • 第14题:

    You are the domain administrator for Ezonexam.com. The network contains a Windows 2000 domain and two Windows NT domains. The Windows 2000 domain trusts each of the Windows NT domains, and the Windows NT domains trust the Windows 2000 domain.

    You are required to configure one of the Windows 2000 domain controllers named Ezonexam4 to support several legacy applications that are not Windows 2000 certified.

    What should you do? (Select two. Each answer specifies a complete solution).

    A. On Ezonexam4, type secedit /configure /db secedit.sdb /cfg

    C:\winnt\security\templates\hisecdc.inf /overwrite.

    B. On Ezonexam4, type secedit /configure /db secedit.sdb /cfg

    C:\winnt\security\templatescompatws.inf /overwrite.

    C. On Ezonexam4, use the Security Configuration and Analysis snap-in to apply the Compatws.inf security template.

    D. On Ezonexam4, use the Security Configuration and Analysis snap-in to apply the Hisecdc.inf

    E. On Ezonexam4, use the Security Templates snap-in to open the Compatws.inf security template.

    F. On Ezonexam4, use the Security Templates snap-in to open the Hisecdc.inf security template.


    正确答案:BC
    B,C 解析:Explanation: The Compatws template removes all users from the Power Users group and relaxes the default permissions for members of the Users group. This setting allows members of the Users group to run certain applications that aren't properly designed for Windows security, without granting them the additional administrative privileges (such as the ability to create user accounts) granted to Power Users. Options B and C will support several non-Windows 2000 certified legacy applications.

    Incorrect answers:
    A: The hisecdc.inf template is applied in this fashion, but it is too restrictive.

    D: The hisecdc.inf template is too restrictive.

    E: This option only suggests that you open the template and not apply it.

    F: Firstly, the hisecdc.inf template will not allow the applications to run and secondly it has to be applied.

  • 第15题:

    Which OSPF network type is ideal for partially meshed NBMA networks because it is easy to configure(requires no configuration of neighbor commands), consumes only one IP subnet, and requires no designated router election?


    正确答案:Point-to-multipoint.

  • 第16题:

    You are developing a Windows Communication Foundation (WCF) service. One of the parameters used with the service operations is a security token. The security token is not sensitive. The monitoring software tracks security tokens and can read tokens in clear text only.The company security policy requires that you validate all clear text data passed over the corporate network.You need to ensure that the service verifies that the security token is not changed during transit. What should you do?()

    • A、For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to EncryptAndSign.
    • B、Implement IEndpointldentityProvider in the message contract class.
    • C、Implement ISecureConversationSession in the message contract class.
    • D、For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to Sign.

    正确答案:D

  • 第17题:

    A network vulnerability scanner is part of which critical element of network and system security?()

    • A、host security
    • B、perimeter security
    • C、security monitoring
    • D、policy management

    正确答案:C

  • 第18题:

    Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()

    • A、Source IP and browser
    • B、Source IP and certificate
    • C、Certificate and Host Checker
    • D、Host Checker and source IP

    正确答案:D

  • 第19题:

    Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)

    • A、Traffic is permitted from the trust zone to the untrust zone.
    • B、Intrazone traffic in the trust zone is permitted.
    • C、All traffic through the device is denied.
    • D、The policy is matched only when no other matching policies are found.

    正确答案:C,D

  • 第20题:

    多选题
    Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
    A

    DNS traffic is denied.

    B

    HTTP traffic is denied.

    C

    FTP traffic is permitted.

    D

    SMTP traffic is permitted.


    正确答案: C,B
    解析: 暂无解析

  • 第21题:

    问答题
    Which OSPF network type is ideal for partially meshed NBMA networks because it is easy to configure(requires no configuration of neighbor commands), consumes only one IP subnet, and requires no designated router election?

    正确答案: Point-to-multipoint.
    解析: 暂无解析

  • 第22题:

    单选题
    You are not able to telnet to the interface IP of your JUNOS software with enhanced services devicefrom a PC on the same subnet. What is causing the problem? ()
    A

    Telnet is not being permitted by self policy.

    B

    Telnet is not being permitted by security policy.

    C

    Telnet is not allowed because it is not considered secure.

    D

    Telnet is not enabled as a host-inbound service on the zone.


    正确答案: D
    解析: 暂无解析

  • 第23题:

    单选题
    You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.   You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages.  The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design.   You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.   What should you do?  ()
    A

     Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).

    B

     Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.

    C

     Create a task on each application server that runs the secedit command with Baseline1.inf every day.

    D

     Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.


    正确答案: C
    解析: 暂无解析

相关内容