单选题You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()Aresource access policiesBHost Enforcer policiesCsource IP enforcement policiesDIPsec enforcement policies
单选题
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()
A
resource access policies
B
Host Enforcer policies
C
source IP enforcement policies
D
IPsec enforcement policies
参考解析
解析:
暂无解析
相关考题:
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?() A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A. CLIB. WebUIC. NSMD. Junos Pulse Access Control Service
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A. resource access policiesB. Host Enforcer policiesC. source IP enforcement policiesD. IPsec enforcement policies
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A. show services unified-access-control authentication-tableB. show auth tableC. show services unified-access-control policiesD. show services unified-access-control captive-portal
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A. Connection RequestsB. System ErrorsC. Enforcer EventsD. Enforcer Command Trace
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer
Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()A、Enable Network Access Protection (NAP) on the network.B、Deploy the Root CA certificate to the external computers.C、Implement the Remote Desktop Connection Broker role service.D、Configure the firewall to allow inbound traffic on TCP Port 1723.
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A、show services unified-access-control authentication-tableB、show auth tableC、show services unified-access-control policiesD、show services unified-access-control captive-portal
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A、Connection RequestsB、System ErrorsC、Enforcer EventsD、Enforcer Command Trace
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A、CLIB、WebUIC、NSMD、Junos Pulse Access Control Service
You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A、resource access policiesB、Host Enforcer policiesC、source IP enforcement policiesD、IPsec enforcement policies
You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed?()A、VPN TrafficB、DNS TrafficC、LDAP TrafficD、HTTP TrafficE、HTTPS TrafficF、Traffic from the network address of 192.168.10/24
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).A firewall separates the internal network from the Internet. The firewall blocks all outbound traffic except for HTTP and SMTP traffic.You install a DNS server. The DNS server is configured to use the default root hints. You need to ensure that the DNS server can resolve the host names on the Internet. Which port should you open on the firewall?()A、53B、135C、500D、3389
You are designing a strategy to allow users to gain VPN access to the internal network. What should you do?()A、 Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.B、 Allow all inbound VPN traffic to pass through the perimeter firewall only.C、 Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.D、 Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.
You are the administrator of a Windows Server 2003 computer named Server1. The network contains another Windows Server 2003 computer named Server2 that has the DNS and WINS services installed. Two hundred Windows 2000 Professional computers regularly connect to Server1 to access file and print resourcesAdministrators report that network traffic has increased and that response times for requests for network resources on Server1 have increased. You need to identify whether Server1 is receiving requests for resources through NetBIOS broadcasts. What should you do?()A、Use Network Monitor to capture traffic between Server1 and all client computers.B、Use Network Monitor to capture traffic between Server1 and Server2.C、Monitor Event Viewer for Net Logon error or warning events.D、Run the tracert command on Server1.
单选题You need to design access to e-mail by Internet users. What should you do?()AConfigure front-end servers to use HTTP to communicate with back-end serversBConfigure the internal firewall to allow IPSec traffic between front-end and back-end Exchange serversCRequire all users to encrypt all outbound e-mail messagesDIssue digital certificates to all remote users. Require the certificates to be used when authenticating to Outlook Web Access
单选题You are designing a strategy to allow users to gain VPN access to the internal network. What should you do?()AAllow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.BAllow all inbound VPN traffic to pass through the perimeter firewall only. CAllow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.DAllow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.
单选题You are the administrator of a Windows Server 2003 computer named Server1. The network contains another Windows Server 2003 computer named Server2 that has the DNS and WINS services installed. Two hundred Windows 2000 Professional computers regularly connect to Server1 to access file and print resourcesAdministrators report that network traffic has increased and that response times for requests for network resources on Server1 have increased. You need to identify whether Server1 is receiving requests for resources through NetBIOS broadcasts. What should you do?()AUse Network Monitor to capture traffic between Server1 and all client computers.BUse Network Monitor to capture traffic between Server1 and Server2.CMonitor Event Viewer for Net Logon error or warning events.DRun the tracert command on Server1.
多选题You need to identify the types of inbound traffic that should pass through the perimeter firewall while maintaining the security of the network. Which inbound traffic should be allowed?()AVPN TrafficBDNS TrafficCLDAP TrafficDHTTP TrafficEHTTPS TrafficFTraffic from the network address of 192.168.10/24
单选题You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()Ashow services unified-access-control authentication-tableBshow auth tableCshow services unified-access-control policiesDshow services unified-access-control captive-portal
单选题You are designing a strategy to allow users to gain VPN access to the internal network. What should you do?()A Allow all inbound VPN traffic to pass through the internal firewall and the perimeter firewall.B Allow all inbound VPN traffic to pass through the perimeter firewall only.C Allow all VPN traffic from the source IP address of 131.107.1.14 to pass through the internal firewall.D Allow all VPN traffic from the source IP address of 191.168.1.0/24 to pass through the perimeter firewall.
单选题Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()AEnable Network Access Protection (NAP) on the network.BDeploy the Root CA certificate to the external computers.CImplement the Remote Desktop Connection Broker role service.DConfigure the firewall to allow inbound traffic on TCP Port 1723.
单选题Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).A firewall separates the internal network from the Internet. The firewall blocks all outbound traffic except for HTTP and SMTP traffic.You install a DNS server. The DNS server is configured to use the default root hints. You need to ensure that the DNS server can resolve the host names on the Internet. Which port should you open on the firewall?()A53B135C500D3389