单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()A The untrust zone does not have a management policy configured.B The trust zone does not have ping enabled as host-inbound-traffic service.C The security policy from the trust zone to the untrust zone does not permit ping.D No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
单选题
Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()
A
The untrust zone does not have a management policy configured.
B
The trust zone does not have ping enabled as host-inbound-traffic service.
C
The security policy from the trust zone to the untrust zone does not permit ping.
D
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
参考解析
解析:
暂无解析
相关考题:
Click the Exhibit button.A network administrator receives complaints that the application voicecube is timing out after being idle for 30 minutes.Referring to the exhibit, what is a resolution?() A. [edit] user@host# set applications application voicecube inactivity-timeout neverB. [edit] user@host# set applications application voicecube inactivity-timeout 2C. [edit] user@host# set applications application voicecube destination-port 5060D. [edit] user@host# set security policies from-zone trust to-zone trust policy intrazone then timeout never
Click the Exhibit button.Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? ()(Choose two.)A. DNS traffic is denied.B. HTTP traffic is denied.C. FTP traffic is permitted.D. SMTP traffic is permitted.
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
Click the Exhibit button.Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?() A. Telnet is not being permitted by self policy.B. Telnet is not being permitted by security policy.C. Telnet is not allowed because it is not considered secure.D. Telnet is not enabled as a host-inbound service on the zone
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?() A. The untrust zone does not have a management policy configured.B. The trust zone does not have ping enabled as host-inbound-traffic service.C. The security policy from the trust zone to the untrust zone does not permit ping.D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
Click the Exhibit button.In the exhibit, the Compression Basic Endpoints page shows an icon of a red X under the tunnel status IN column. The error message displays, No Request Received.What does this indicate?()A. There are no devices at the remote site.B. The remote side does not have QoS enabled.C. The remote side is not configured for compression to this endpoint.D. The remote side is not configured for decompression to this endpoint.
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamB、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamC、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyD、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. DNS1 is configured as the DNS server for contoso.com. All client computers are configured to use DNS1 for name resolution.From a client computer, you run the Ping tool as shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can use the Ping tool to resolve the IP addresses of internal servers to fully qualified domain names (FQDNs).What should you do?()A、Create a GlobalNames zone.B、Create a reverse lookup zone.C、Create a forward lookup zone.D、Enable zone transfers on the contoso.com zone.
You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.) You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone. What should you do()A、Set the scavenging period of Server1 to 0 days.B、Modify the Server Aging/Scavenging properties.C、Configure the aging properties for the contoso.com zone.D、Convert the contoso.com zone to an Active Directory-integrated zone.
Your network contains a DNS server named DC1 that runs Windows Server 2008 R2.The network uses a network ID of 10.1.1.0/24.You open the DNS console on Server1 as shown in the exhibit.(Click the Exhibit button.)You need to ensure that all client computers can resolve the IPv4 addresses of computers on the network to fully qualified domain names (FQDNs).What should you do??()A、Delete the . (root) zone.B、Create a zone named 10.1.in-addr.arpa.C、Create a zone named 1.1.10.in-addr.arpa.D、Convert the 10.1.1.in-addr.arpa zone to a standard primary zone.
单选题Your network contains a DNS server named DC1 that runs Windows Server 2008 R2.The network uses a network ID of 10.1.1.0/24.You open the DNS console on Server1 as shown in the exhibit.(Click the Exhibit button.)You need to ensure that all client computers can resolve the IPv4 addresses of computers on the network to fully qualified domain names (FQDNs).What should you do??()ADelete the . (root) zone.BCreate a zone named 10.1.in-addr.arpa.CCreate a zone named 1.1.10.in-addr.arpa.DConvert the 10.1.1.in-addr.arpa zone to a standard primary zone.
单选题You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()Aset security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamBset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamCset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyDset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
单选题To examine the Exhibit, press the Exhibit button. A user is compiling a C program. A performance problem occurs and "vmstat 120 10" is run to determine the cause. The vmstat output is provided in the exhibit. Which of the following commands should be run to obtain more information about the problem?()A lsps B tprof C iostat D vmtune
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
单选题Your network contains a DNS server named DNS1 that runs Windows Server 2008 R2. DNS1 is configured as the DNS server for contoso.com. All client computers are configured to use DNS1 for name resolution.From a client computer, you run the Ping tool as shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can use the Ping tool to resolve the IP addresses of internal servers to fully qualified domain names (FQDNs).What should you do?()ACreate a GlobalNames zone.BCreate a reverse lookup zone.CCreate a forward lookup zone.DEnable zone transfers on the contoso.com zone.
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
单选题You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.) You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone. What should you do()ASet the scavenging period of Server1 to 0 days.BModify the Server Aging/Scavenging properties.CConfigure the aging properties for the contoso.com zone.DConvert the contoso.com zone to an Active Directory-integrated zone.
单选题Regarding zone types, which statement is true?()AYou cannot assign an interface to a functional zone.BYou can specifiy a functional zone in a security policy.CSecurity zones must have a scheduler applied.DYou can use a security zone for traffic destined for the device itself.
单选题Click the Exhibit button. Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()A Telnet is not being permitted by self policy.B Telnet is not being permitted by security policy.C Telnet is not allowed because it is not considered secure.D Telnet is not enabled as a host-inbound service on the zone