多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone
多选题
Which two steps are performed when configuring a zone?()
A
Define a default policy for the zone.
B
Assign logical interfaces to the zone.
C
Assign physical interfaces to the zone.
D
Define the zone as a security or functional zone
参考解析
解析:
暂无解析
相关考题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?() A. set security zones management interfaces ge-0/0/0.0B. set zones functional-zone management interfaces ge-0/0/0.0C. set security zones functional-zone management interfaces ge-0/0/0.0D. set security zones functional-zone out-of-band interfaces ge-0/0/0.0
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.) A. [edit security idp]B. [edit security zones security-zone trust interfaces ge-0/0/0.0]C. [edit security zones security-zone trust]D. [edit security screen]
Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?() A. The untrust zone does not have a management policy configured.B. The trust zone does not have ping enabled as host-inbound-traffic service.C. The security policy from the trust zone to the untrust zone does not permit ping.D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
Which statement best describes Cisco IOS Zone-Based Policy Firewall?()A、A router interface can belong to multiple zones.B、Policy maps are used to classify traffic into different traffic classes, and class maps are used to assignaction to the traffic classes.C、The pass action works in only one directionD、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.
Which type of zone is used by traffic transiting the device?()A、transit zoneB、default zoneC、security zoneD、functional zone
Which two steps are performed when configuring a zone?()A、Define a default policy for the zone.B、Assign logical interfaces to the zone.C、Assign physical interfaces to the zone.D、Define the zone as a security or functional zone
Which two statements are true for a security policy? ()(Choose two.)A、It controls inter-zone traffic.B、It controls intra-zone traffic.C、It is named with a system-defined name.D、It controls traffic destined to the device's ingress interface.
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A、[edit security idp]B、[edit security zones security-zone trust interfaces ge-0/0/0.0]C、[edit security zones security-zone trust]D、[edit security screen]
Users can define policy to control traffic flow between which two components?()A、from a zone to the device itselfB、from a zone to the same zoneC、from a zone to a different zoneD、from one interface to another interface
Which statement describes a security zone?()A、A security zone can contain one or more interfaces.B、A security zone can contain interfaces in multiple routing instances.C、A security zone must contain two or more interfaces.D、A security zone must contain bridge groups.
Regarding secure tunnel (st) interfaces, which statement is true?()A、You cannot assign st interfaces to a security zone.B、You cannot apply static NAT on an st interface logical unit.C、st interfaces are optional when configuring a route-based VPND、A static route can reference the st interface logical unit as the next-hop
You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()A、set security zones management interfaces ge-0/0/0.0B、set zones functional-zone management interfaces ge-0/0/0.0C、set security zones functional-zone management interfaces ge-0/0/0.0D、set security zones functional-zone out-of-band interfaces ge-0/0/0.0
Users can define policy to control traffic flow between which two components? ()(Choose two.)A、from a zone to the router itselfB、from a zone to the same zoneC、from a zone to a different zoneD、from one interface to another interface
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamB、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamC、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyD、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
多选题Which two statements are true for a security policy? ()(Choose two.)AIt controls inter-zone traffic.BIt controls intra-zone traffic.CIt is named with a system-defined name.DIt controls traffic destined to the device's ingress interface.
单选题Which statement describes a security zone?()AA security zone can contain one or more interfaces.BA security zone can contain interfaces in multiple routing instances.CA security zone must contain two or more interfaces.DA security zone must contain bridge groups.
多选题Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()APassBFlowCAllowDInspect
多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
多选题Users can define policy to control traffic flow between which two components?()Afrom a zone to the device itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface
单选题Regarding zone types, which statement is true?()AYou cannot assign an interface to a functional zone.BYou can specifiy a functional zone in a security policy.CSecurity zones must have a scheduler applied.DYou can use a security zone for traffic destined for the device itself.
多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone
多选题Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)ATraffic is permitted from the trust zone to the untrust zone.BIntrazone traffic in the trust zone is permitted.CAll traffic through the device is denied.DThe policy is matched only when no other matching policies are found.
多选题Users can define policy to control traffic flow between which two components? ()(Choose two.)Afrom a zone to the router itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.