Your network contains a server named Server1 that runs Windows Server 2008 R2. The network contains multiple subnets.An administrator reports that Server1 fails to communicate with computers on remote subnets.You run route.exe print on Server1 as shown in the exhibit. (Click the Exhibit button.)You need to ensure that Server1 can communicate with all computers on the network.What should you do?()A. Disable IPv6.B. Change the subnet mask.C. Add a default gateway address.D. Change the default metric to 100.
Click the Exhibit button.Referring to the exhibit, which statement contains the correct gateway parameters?() A. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }B. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }C. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }D. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
Click the Exhibit button.A network administrator receives complaints that the application voicecube is timing out after being idle for 30 minutes.Referring to the exhibit, what is a resolution?() A. [edit] user@host# set applications application voicecube inactivity-timeout neverB. [edit] user@host# set applications application voicecube inactivity-timeout 2C. [edit] user@host# set applications application voicecube destination-port 5060D. [edit] user@host# set security policies from-zone trust to-zone trust policy intrazone then timeout never
Click the Exhibit button.[A] establishes an IPsec tunnel with [B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.On which port is the IKE SA established?() A.TCP 500B.UDP 500C.TCP 4500D.UDP 4500
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?() A. [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B. [edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C. [edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D. [edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
Click the Exhibit button.Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?() A. Telnet is not being permitted by self policy.B. Telnet is not being permitted by security policy.C. Telnet is not allowed because it is not considered secure.D. Telnet is not enabled as a host-inbound service on the zone
Which statement contains the correct parameters for a route-based IPsec VPN?() A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
Click the Exhibit button.In the exhibit, two physical routers are configured for VRRP in the network with WXC devices.How should you define the default gateway address on each WXC device?() A. Define the virtual router IP address on both WXC devices.B. Add a static route for the virtual router IP address on both WXC devices.C. Define the physical IP address of each router on each respective WXC device.D. Leave the default gateway field in the WXC device blank; it will automatically detect the active gateway address.
Refer to the above exhibit. Why is the 140.140.0.0 network not used as the gateway of last resort even though it is configured first?() A.The last default - network statement will always be preferred.B.A route to the 140.140.0.0 network does not exist in the routing table.C.Default - network selection will always prefer the statement with the lowest IP address.D.A router will load balance across multiple default - networks; repeatedly issuing the show ip route command would show the gateway of last resort changing between the two networks.
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
To examine the Exhibit, press the Exhibit button. The system administrator notices a system with routing cannot communicate with a system with an ip address 192.24.34.6. Using the information provided in the exhibit, what is the most likely reason?()A、The named is not runningB、The default gateway is not setC、The NIS master server is downD、Ipforwarding is not turned on
Which configuration shows the correct application of a security policy scheduler?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
多选题Click the Exhibit button. In the exhibit,the protect-re filter is applied as an input filter on the lo0.0 interface and all possible services are enabled under [edit system services]. Which two methods can you use to access the router?()AFTPBSSHCTelnetDJ-Web
单选题Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?()A data link layerB application layerC access layerD session layerE network layer
单选题To examine the Exhibit, press the Exhibit button. The system administrator notices a system with routing cannot communicate with a system with an ip address 192.24.34.6. Using the information provided in the exhibit, what is the most likely reason?()AThe named is not runningBThe default gateway is not setCThe NIS master server is downDIpforwarding is not turned on
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
单选题Click the Exhibit button. When configuring WXC A's local WAN parameters, which QoS network parameter would you choose?()A over-subscribedB under-subscribedC dedicated circuitsD nondedicated circuits
单选题Which configuration shows the correct application of a security policy scheduler?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()A The untrust zone does not have a management policy configured.B The trust zone does not have ping enabled as host-inbound-traffic service.C The security policy from the trust zone to the untrust zone does not permit ping.D No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.
单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
单选题Referring to the exhibit, which statement is correct?()A The packets have exceeded the time-to-live valueB There is a loopC The asterisks indicate a response time outD The asterisks indicate that the traceroute is completed.
单选题Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }Astatic destination NATBstatic source NATCpool-based destination NAT without PATDpool-based destination NAT with PAT
单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
单选题Click the Exhibit button. In the exhibit, which statement is correct? ()A Three physical interfaces are redundant.B You must define an additional Redundancy Group.C node 0 will immediately become primary in the cluster.D You must issue an operational command and reboot the system for the above configuration to take effect.
单选题Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
单选题Click the Exhibit button. Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10.What is causing the problem?()A Telnet is not being permitted by self policy.B Telnet is not being permitted by security policy.C Telnet is not allowed because it is not considered secure.D Telnet is not enabled as a host-inbound service on the zone