单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
单选题
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()
A
A
B
B
C
C
D
D
参考解析
解析:
暂无解析
相关考题:
The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch's Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)A.Configure port Fa0/1 to accept connections only from the static IP address of the serverB.Configure the MAC address of the server as a static entry associated with port Fa0/1C.Employ a proprietary connector type on Fa0/1 that is incomputable with other host connectorsD.Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the serverE.Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? () A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()A. Configure port Fa0/1 to accept connections only from the static IP address of the server.B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.C. Configure the MAC address of the server as a static entry associated with port Fa0/1.D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
Which statement is correct regarding the operation of DHCP?()A、A DHCP client uses a ping to detect address conflicts.(ARP)B、A DHCP server uses a gratuitous ARP to detect DHCP clients.C、A DHCP client uses a gratuitous ARP to detect a DHCP server.D、If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.E、If an address conflict is detected, the address removed from the pool for an amount of time configurable by the administrator.F、If an address conflict is detected, the address is removed from the pool and will not be reused until server is rebooted.
An administrator mistakenly shutdown production after a fallover because the service IP address Was shifted from the normal production node to the standby node. What can be done to avoid this type of mistake in the future?() A、 Include the service IP address in the administrator’s PS1 promptB、 Alias the service IP address to the hostname in the /etc/host fileC、 Define a persistent IP address with HACMP and make it a practice to use the persistent address for administration workD、 Add a DNS entry to map the standby node name to the service IP address so telnet connections will be to the correct node
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()A、DHCP serverB、DNS serverC、Host fileD、Route statements
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()A、The host needs to open the telnet port.B、The host needs a route for the translated address.C、The administrator must use a proxy-arp policy for the translated address.D、The administrator must use a security policy, which will allow communication between the zones.
A network administrator receives complaints from the engineering group that an application on one server is not working properly. After further investigation, the administrator determines that source NAT translation is using a different source address after a random number of flows. Which two actions can the administrator take to force the server to use one address?() (Choose two.)A、Use the custom application feature.B、Configure static NAT for the host.C、Use port address translation (PAT).D、Use the address-persistent option.
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamB、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamC、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyD、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
You are the administrator of a Windows 2000 network. The network consists of a Windows 2000 domain named Company.com. You install Windows 2000 Professional on a new computer named ES1 and configure the TCP/IP settings to have a static IP address. You plan to join ES1 to the Company.com domain. You configure two DNS server addresses in the TCP/IP properties. The first DNS server address is for a DNS server hosted by your ISP, the second DNS server address is for a DNS server authoritative for the Company.com domain. When you attempt to join ES1 to the domain, you are unable to do so. You can successfully PING the IP address of each DNS server from ES1. You want ES1 to be able to join the Company.com domain. What should you do?()A、Delete the second DNS server entry.B、Delete the first DNS server entry.C、Add an A (host) record for the computer to the appropriate DNS zone.D、Configure the computer to Obtain an IP address automatically.
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do?()A、Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.B、Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.C、Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.D、Create a Pattern Match capture trigger for the 131.107.0.1 IP address.
单选题You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()Aset security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamBset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamCset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyDset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
多选题A network administrator has configured access list 172 to prevent Telnet and ICMP traffic from reaching a server with the address if 192.168.13.26. Which command can the administrator issue to verify that the access list is working properly?()ARouter# ping 192.168.13.26BRouter# debug access-list 172CRouter# show open ports 192.168.13.26DRouter# show access-listERouter# show ip interface
单选题A system administrator needs to specify a set of FQDN to IP address mappings for a legacyserver; the administrator does not want the legacy server to be referenced by other servers. Which of the following should the administrator use to set this?()ADHCP serverBDNS serverCHost fileDRoute statements
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers.The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company’s intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1.You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address.In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do?()ACreate an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address.BCreate a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address.CCreate an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address.DCreate a Pattern Match capture trigger for the 131.107.0.1 IP address.
单选题An administrator mistakenly shutdown production after a fallover because the service IP address Was shifted from the normal production node to the standby node. What can be done to avoid this type of mistake in the future?()A Include the service IP address in the administrator’s PS1 promptB Alias the service IP address to the hostname in the /etc/host fileC Define a persistent IP address with HACMP and make it a practice to use the persistent address for administration workD Add a DNS entry to map the standby node name to the service IP address so telnet connections will be to the correct node
单选题A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()AThe host needs to open the telnet port.BThe host needs a route for the translated address.CThe administrator must use a proxy-arp policy for the translated address.DThe administrator must use a security policy, which will allow communication between the zones.
单选题Which statement is correct regarding the operation of DHCP?()AA DHCP client uses a ping to detect address conflicts.BA DHCP server uses a gratuitous ARP to detect DHCP clients.CA DHCP client uses a gratuitous ARP to detect a DHCP server.DIf an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.EIf an address conflict is detected, the address removed from the pool for an amount of time configurable by the administrator.FIf an address conflict is detected, the address is removed from the pool and will not be reused until server is rebooted.
单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题You are the administrator of a Windows 2000 network. The network consists of a Windows 2000 domain named Company.com. You install Windows 2000 Professional on a new computer named ES1 and configure the TCP/IP settings to have a static IP address. You plan to join ES1 to the Company.com domain. You configure two DNS server addresses in the TCP/IP properties. The first DNS server address is for a DNS server hosted by your ISP, the second DNS server address is for a DNS server authoritative for the Company.com domain. When you attempt to join ES1 to the domain, you are unable to do so. You can successfully PING the IP address of each DNS server from ES1. You want ES1 to be able to join the Company.com domain. What should you do?()ADelete the second DNS server entry.BDelete the first DNS server entry.CAdd an A (host) record for the computer to the appropriate DNS zone.DConfigure the computer to Obtain an IP address automatically.
多选题A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()AConfigure port Fa0/1 to accept connections only from the static IP address of the server.BEmploy a proprietary connector type on Fa0/1 that is incompatible with other host connectors.CConfigure the MAC address of the server as a static entry associated with port Fa0/1.DBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.EConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.FConfigure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }