多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
多选题
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
A
DNS traffic is denied.
B
HTTP traffic is denied.
C
FTP traffic is permitted.
D
SMTP traffic is permitted.
参考解析
解析:
暂无解析
相关考题:
单选题Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of yourdevice. You must use NAT to make the webserver reachable from the Internet using port translation.Which type of NAT must you configure?()Asource NAT with address shiftingBpool-based source NATCstatic destination NATDpool-based destination NAT
单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()Awhen one of the tunnel peers has a dynamic IP addressBwhen one of the tunnel peers wants to force main mode to be usedCwhen fragmentation of the IKE packet is required between the two peersDwhen one of the tunnel peers wants to specify a different phase 1 proposal
单选题In the exhibit, you decided to change myHosts addresses. [edit security policies] user@host# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers;application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the new sessions matching the policy and in-progress sessions that hadalready matched the policy?()ANew sessions will be evaluated. In-progress sessions will be re-evaluated.BNew sessions will be evaluated. All in-progress sessions will continue.CNew sessions will be evaluated. All in-progress sessions will be dropped.DNew sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.
单选题You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()ATelnet is not being permitted by self policy.BTelnet is not being permitted by security policy.CTelnet is not allowed because it is not considered secure.DTelnet is not enabled as a host-inbound service on the zone
多选题Which two statements are true regarding proxy ARP?()AProxy ARP is enabled by default.BProxy ARP is not enabled by default.CJUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.DJUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled
多选题Which two external authentication server types are supported by JUNOS Software for firewall user authentication?()ARADIUSBTACACS+CLDAPDIIS
多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.