多选题You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()AResource access policy on the MAG Series deviceBIPsec routing policy on the MAG Series deviceCGeneral traffic policy blocking access through the firewall enforcerDAuth table entry on the firewall enforcer
多选题
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
A
Resource access policy on the MAG Series device
B
IPsec routing policy on the MAG Series device
C
General traffic policy blocking access through the firewall enforcer
D
Auth table entry on the firewall enforcer
参考解析
解析:
暂无解析
相关考题:
You are the administrator of a Junos Pulse Access Control Service implementation. You must restrict authenticated users connected from the branch offices to a few specific resources within the data center. However, when the authenticated users are connected at the corporate office, they are allowed more access to the data center resources.You have created two roles with different levels of access and are trying to determine the best way of controlling when a user is mapped to a specific role. Having the user prompted to manually select their role is possible, but you want to automate the process.Which configuration solves this problem?()A. Implement a RADIUS request attribute policy to assist with realm selection and create different role-mapping rules for the user in each realm.B. Implement a directory/attribute server on the realm and set up this server to determine by group membership the proper role to which a user should be mapped.C. Reorder the role-mapping rules to allow for the more open role to be mapped first and then enable the stop processing rules when this rule matches function on this role.D. Implement a Host Checker policy on the realm that determines the geographic location of the device and restricts the user based on the results of the policy.
Your corporate security policy requires that a user performing attacks must have limited network access and activities until an administrator can investigate.In the admin GUI, which sensor event policy action must you configure in "Configuration" >"Sensors" >"Sensor Event Policies" >[rule name] to accomplish this?()A. IgnoreB. Replace users roleC. Terminate user sessionD. Disable user account
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A. CLIB. WebUIC. NSMD. Junos Pulse Access Control Service
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A. resource access policiesB. Host Enforcer policiesC. source IP enforcement policiesD. IPsec enforcement policies
Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?() A. Remote DebuggingB. System SnapshotC. User Access logsD. Policy Tracing
You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()A. The user will be instructed to call the network administrator.B. The user will fail authentication.C. The user will be prompted to install a new device certificate on the MAG Series device.D. The user will successfully authenticate and have full network access.
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A. show services unified-access-control authentication-tableB. show auth tableC. show services unified-access-control policiesD. show services unified-access-control captive-portal
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A. Connection RequestsB. System ErrorsC. Enforcer EventsD. Enforcer Command Trace
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer
Which two firewall user authentication objects can be referenced in a security policy?()A、access profileB、client groupC、clientD、default profile
Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()A、Remote DebuggingB、System SnapshotC、User Access logsD、Policy Tracing
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
Your corporate security policy requires that a user performing attacks must have limited network access and activities until an administrator can investigate.In the admin GUI, which sensor event policy action must you configure in "Configuration" "Sensors" "Sensor Event Policies" [rule name] to accomplish this?()A、IgnoreB、Replace users roleC、Terminate user sessionD、Disable user account
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A、show services unified-access-control authentication-tableB、show auth tableC、show services unified-access-control policiesD、show services unified-access-control captive-portal
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A、Connection RequestsB、System ErrorsC、Enforcer EventsD、Enforcer Command Trace
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer
What are three benefits of IF-MAP Federation?()A、Enables seamless access for remote access users to firewall enforcer protected resources.B、Scales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.C、Enables dynamic configuration synchronization across multiple MAG Series devices.D、Provides a substitute for WAN clustering among geographically separated MAG Series devices.E、Shares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A、CLIB、WebUIC、NSMD、Junos Pulse Access Control Service
You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A、resource access policiesB、Host Enforcer policiesC、source IP enforcement policiesD、IPsec enforcement policies
多选题You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()ACLIBWebUICNSMDJunos Pulse Access Control Service
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()AYou must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.BNo security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.CYou must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.DYou must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
多选题What are three benefits of IF-MAP Federation?()AEnables seamless access for remote access users to firewall enforcer protected resources.BScales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.CEnables dynamic configuration synchronization across multiple MAG Series devices.DProvides a substitute for WAN clustering among geographically separated MAG Series devices.EShares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.
多选题A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()AConnection RequestsBSystem ErrorsCEnforcer EventsDEnforcer Command Trace
单选题You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()Aresource access policiesBHost Enforcer policiesCsource IP enforcement policiesDIPsec enforcement policies
单选题You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()AThe user will be instructed to call the network administrator.BThe user will fail authentication.CThe user will be prompted to install a new device certificate on the MAG Series device.DThe user will successfully authenticate and have full network access.
多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()AThe endpoints can use agentless access.BEncrypted traffic flows between the endpoint and the enforcer.CEncrypted traffic flows between the endpoint and the protected resourceDThe endpoints can use the Odyssey Access Client.