单选题In the Junos OS, which statement is true?()Avlan.0 belongs to the untrust zone.BYou must configure Web authentication to allow inbound traffic in the untrust zone.CThe zone name untrust has no special meaning.DThe untrust zone is not configurable.

单选题
In the Junos OS, which statement is true?()
A

vlan.0 belongs to the untrust zone.

B

You must configure Web authentication to allow inbound traffic in the untrust zone.

C

The zone name untrust has no special meaning.

D

The untrust zone is not configurable.

参考解析

解析: 暂无解析

相关考题:

You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?() A. [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B. [edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C. [edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D. [edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
查看答案
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
查看答案
In the Junos OS, which statement is true?() A. vlan.0 belongs to the untrust zone.B. You must configure Web authentication to allow inbound traffic in the untrust zone.C. The zone name untrust has no special meaning.D. The untrust zone is not configurable.
查看答案
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
Which security or functional zone name has special significance to the Junos OS?() A. selfB. trustC. untrustD. junos-global
查看答案
Which statement is true about interface-based static NAT? () A. It also supports PAT.B. It requires you to configure address entries in the junos-nat zone.C. It requires you to configure address entries in the junos-global zone.D. The IP addresses being translated must be in the same subnet as the incoming interface.
查看答案
Click the Exhibit button.Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2.Which is a potential cause for this problem?() A. The untrust zone does not have a management policy configured.B. The trust zone does not have ping enabled as host-inbound-traffic service.C. The security policy from the trust zone to the untrust zone does not permit ping.D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
查看答案
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
查看答案
Which security or functional zone name has special significance to the Junos OS?()A、selfB、trustC、untrustD、junos-global
查看答案
Which statement is true about interface-based source NAT?()A、PAT is a requirement.B、It requires you to configure address entries in the junos-nat zone.C、It requires you to configure address entries in the junos-global zone.D、The IP addresses being translated must be in the same subnet as the egress interface.
查看答案
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
In the Junos OS, which statement is true?()A、vlan.0 belongs to the untrust zone.B、You must configure Web authentication to allow inbound traffic in the untrust zone.C、The zone name "untrust" has no special meaning.D、The untrust zone is not configurable.
查看答案
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
查看答案
Which zone is a system-defined zone?()A、null zoneB、trust zoneC、untrust zoneD、management zone
查看答案
Which statement is true about interface-based static NAT? ()A、It also supports PAT.B、It requires you to configure address entries in the junos-nat zone.C、It requires you to configure address entries in the junos-global zone.D、The IP addresses being translated must be in the same subnet as the incoming interface.
查看答案
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
查看答案
Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
查看答案
You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()A、set security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamB、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamC、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyD、set security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
查看答案
单选题You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails.Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?()Aset security policies from-zone dmz to-zone untrust policy anti-spam then permit application- services utm-policy Block-SpamBset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services utm-policy Block-SpamCset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services anti-spam-policyDset security policies from-zone untrust to-zone dmz policy anti-spam then permit application- services Block-Spam
查看答案
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
查看答案
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
查看答案
单选题Which security or functional zone name has special significance to the Junos OS?()AselfBtrustCuntrustDjunos-global
查看答案
单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()A The untrust zone does not have a management policy configured.B The trust zone does not have ping enabled as host-inbound-traffic service.C The security policy from the trust zone to the untrust zone does not permit ping.D No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
查看答案
单选题Which statement is true about interface-based source NAT?()APAT is a requirement.BIt requires you to configure address entries in the junos-nat zone.CIt requires you to configure address entries in the junos-global zone.DThe IP addresses being translated must be in the same subnet as the egress interface.
查看答案
单选题In the Junos OS, which statement is true?()Avlan.0 belongs to the untrust zone.BYou must configure Web authentication to allow inbound traffic in the untrust zone.CThe zone name untrust has no special meaning.DThe untrust zone is not configurable.
查看答案
单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
查看答案
多选题Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)ATraffic is permitted from the trust zone to the untrust zone.BIntrazone traffic in the trust zone is permitted.CAll traffic through the device is denied.DThe policy is matched only when no other matching policies are found.
查看答案
热门标签