单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()
A
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B
Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
C
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
参考解析
解析:
暂无解析
相关考题:
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone.How do you create this policy?() A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.B. Specify the DNS entry (hostb.example.com) as the destination address in the policy.C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service.What must you add to complete the security policy configuration?()A. The intranet-auth authentication optionB. The redirect-portal application serviceC. The uac-policy application serviceD. The ipsec-vpn tunnel
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? () A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()A、The intranet-auth authentication optionB、The redirect-portal application serviceC、The uac-policy application serviceD、The ipsec-vpn tunnel
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()A、Telnet is not being permitted by self policy.B、Telnet is not being permitted by security policy.C、Telnet is not allowed because it is not considered secure.D、Telnet is not enabled as a host-inbound service on the zone
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted
Your company infrastructure includes a Windows Server 2008 R2 file server and 1,000 Windows 7 Enterprise client computers. The company wants to require a secure connection between client computers and the file server. You need to create and deploy a Group Policy object (GPO) that includes a rule for Windows Firewall with Advanced Security. What should you do?()A、Create a Tunnel rule and specify Gateway-to-client as the tunnel type.B、Create a Server-to-server rule and specify the endpoints as Any IP address and the file server IP address.C、Create an Isolation rule and specify Request authentication for inbound and outbound connections.D、Create an Authentication exemption rule and add the file server IP address to the Exempt Computers list.
You have an Exchange Server 2010 organization named contoso.com.Your company acquires a company named Fabrikam, Inc. You plan to create new mailboxes for each user from Fabrikam.You need to ensure that each new mailbox can receive e-mail messages sent to fabrikam.com.The solution must not prevent the organization from receiving e-mails sent to contoso.com. What should you do?()A、Create an accepted domain and then create a new e-mail address policy.B、Create a remote domain and then modify the default e-mail address policy.C、Create a Receive connector and then create a managed folder mailbox policy.D、Modify the default accepted domain and then modify the default e-mail address policy.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do?()A、Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.B、Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.C、Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.D、Create a Pattern Match capture trigger for the 131.107.0.1 IP address.
单选题Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.ADNS traffic is denied.BTelnet traffic is denied.CSMTP traffic is denied.DPing traffic is permitted
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题Which configuration shows the correct application of a security policy scheduler?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
单选题You have an Exchange Server 2010 organization named contoso.com.Your company acquires a company named Fabrikam, Inc. You plan to create new mailboxes for each user from Fabrikam.You need to ensure that each new mailbox can receive e-mail messages sent to fabrikam.com.The solution must not prevent the organization from receiving e-mails sent to contoso.com. What should you do?()ACreate an accepted domain and then create a new e-mail address policy.BCreate a remote domain and then modify the default e-mail address policy.CCreate a Receive connector and then create a managed folder mailbox policy.DModify the default accepted domain and then modify the default e-mail address policy.
单选题You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()AThe intranet-auth authentication optionBThe redirect-portal application serviceCThe uac-policy application serviceDThe ipsec-vpn tunnel
单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }