单选题Regarding fast path processing, when does the system perform the policy check?()AThe policy is determined after the SCREEN options check.BThe policy is determined only during the first packet path, not during fast path.CThe policy is determined after the zone check.DThe policy is determined after the SYN TCP flag.

单选题
Regarding fast path processing, when does the system perform the policy check?()
A

The policy is determined after the SCREEN options check.

B

The policy is determined only during the first packet path, not during fast path.

C

The policy is determined after the zone check.

D

The policy is determined after the SYN TCP flag.


参考解析

解析: 暂无解析

相关考题:

多选题Which three advanced permit actions within security policies are valid?() (Choose three.)AMark permitted traffic for firewall user authentication.BMark permitted traffic for SCREEN options.CAssociate permitted traffic with an IPsec tunnel.DAssociate permitted traffic with a NAT rule.EMark permitted traffic for IDP processing.

多选题Which three methods of source NAT does the Junos OS support?() (Choose three.)Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT

单选题Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?()Apolicy-rematchBpolicy-evaluateCrematch-policyDevaluate-policy

多选题Which two statements are true with regard to policy ordering? ()(Choose two.)AThe last policy is the default policy, which allows all traffic.BThe order of policies is not important.CNew policies are placed at the end of the policy list.DThe insert command can be used to change the order.

单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

单选题A user wants to establish an HTTP session to a server behind an SRX device but is being pointed to Web page on the SRX device for additional authentication.Which type of user authentication is configured?()Apass-through with Web redirectBWebAuth with HTTP redirectCWebAuthDpass-through

单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

多选题Which three methods of source NAT does the Junos OS support?() (Choose three.)Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT

单选题What is the default session timeout for TCP sessions?()A1 minuteB15 minutesC30 minutesD90 minutes

单选题Which command do you use to display the status of an antivirus database update?()Ashow security utm anti-virus statusBshow security anti-virus database statusCshow security utm anti-virus databaseDshow security utm anti-virus update