Regarding zone types, which statement is true?()A、You cannot assign an interface to a functional zone.B、You can specifiy a functional zone in a security policy.C、Security zones must have a scheduler applied.D、You can use a security zone for traffic destined for the device itself.
Regarding zone types, which statement is true?()
- A、You cannot assign an interface to a functional zone.
- B、You can specifiy a functional zone in a security policy.
- C、Security zones must have a scheduler applied.
- D、You can use a security zone for traffic destined for the device itself.
相关考题:
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?() A. set security zones management interfaces ge-0/0/0.0B. set zones functional-zone management interfaces ge-0/0/0.0C. set security zones functional-zone management interfaces ge-0/0/0.0D. set security zones functional-zone out-of-band interfaces ge-0/0/0.0
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.) A. [edit security idp]B. [edit security zones security-zone trust interfaces ge-0/0/0.0]C. [edit security zones security-zone trust]D. [edit security screen]
Which two statements are true about hierarchical architecture? ()(Choose two.) A. You can assign a logical interface to multiple zones.B. You cannot assign a logical interface to multiple zones.C. You can assign a logical interface to multiple routing instances.D. You cannot assign a logical interface to multiple routing instances.
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A. [edit security policies from-zone HR to-zone HR]B. [edit security zones functional-zone management protocols]C. [edit security zones protocol-zone HR host-inbound-traffic]D. [edit security zones security-zone HR host-inbound-traffic protocols]
Which type of zone is used by traffic transiting the device?()A、transit zoneB、default zoneC、security zoneD、functional zone
You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A、[edit security policies from-zone HR to-zone HR]B、[edit security zones functional-zone management protocols]C、[edit security zones protocol-zone HR host-inbound-traffic]D、[edit security zones security-zone HR host-inbound-traffic protocols]
Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()A、PassB、FlowC、AllowD、Inspect
You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A、[edit security policies from-zone HR to-zone HR]B、[edit security zones functional-zone management protocols]C、[edit security zones protocol-zone HR host-inbound-traffic]D、[edit security zones security-zone HR host-inbound-traffic protocols]
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
In the Junos OS, which statement is true?()A、vlan.0 belongs to the untrust zone.B、You must configure Web authentication to allow inbound traffic in the untrust zone.C、The zone name "untrust" has no special meaning.D、The untrust zone is not configurable.
Which two steps are performed when configuring a zone?()A、Define a default policy for the zone.B、Assign logical interfaces to the zone.C、Assign physical interfaces to the zone.D、Define the zone as a security or functional zone
At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A、[edit security idp]B、[edit security zones security-zone trust interfaces ge-0/0/0.0]C、[edit security zones security-zone trust]D、[edit security screen]
Which two statements are true regarding IDP?()A、IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.B、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.C、IDP inspects traffic up to the Presentation layer.D、IDP inspects traffic up to the Application layer.
Which statement describes a security zone?()A、A security zone can contain one or more interfaces.B、A security zone can contain interfaces in multiple routing instances.C、A security zone must contain two or more interfaces.D、A security zone must contain bridge groups.
Regarding secure tunnel (st) interfaces, which statement is true?()A、You cannot assign st interfaces to a security zone.B、You cannot apply static NAT on an st interface logical unit.C、st interfaces are optional when configuring a route-based VPND、A static route can reference the st interface logical unit as the next-hop
You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone.From the [edit] hierarchy, which command do you use to configure this assignment?()A、set security zones management interfaces ge-0/0/0.0B、set zones functional-zone management interfaces ge-0/0/0.0C、set security zones functional-zone management interfaces ge-0/0/0.0D、set security zones functional-zone out-of-band interfaces ge-0/0/0.0
Which two statements are true about hierarchical architecture? ()(Choose two.)A、You can assign a logical interface to multiple zones.B、You cannot assign a logical interface to multiple zones.C、You can assign a logical interface to multiple routing instances.D、You cannot assign a logical interface to multiple routing instances.
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
Your company, A. Datum Corporation, has a single Active Directory domain named intranet.adatum.com. The domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain controllers also run DNS servers. The intranet.adatum.com DNS zone is configured as an Active Directory-integrated zone with the Dynamic updates setting configured to Secure only. A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by domain controllers or member servers. You need to configure the intranet.adatum.com zone to meet the new security policy requirement. Which two actions should you perform()A、Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone properties.B、Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS zone propC、Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the intraneD、Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the int
Your company, A. Datum Corporation, has a single Active Directory domain named intranet.adatum.com. The domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain controllers also run DNS servers. The intranet.adatum.com DNS zone is configured as an Active Directoryintegrated zone with the Dynamic updates setting configured to Secure only. A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by domain controllers or member servers. You need to configure the intranet.adatum.com zone to meet the new security policy requirement. Which two actions should you perform()A、Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone properties.B、Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS zone properties.C、Assign the server computer accounts the Allow on Write All Properties permission on the Security tab of the intranet.adatum.com DNS zone properties.D、Assign the server computer accounts the Allow on Create All Child Objects permission on the Security tab of the intranet.adatum.com DNS zone properties.
单选题Which statement describes a security zone?()AA security zone can contain one or more interfaces.BA security zone can contain interfaces in multiple routing instances.CA security zone must contain two or more interfaces.DA security zone must contain bridge groups.
多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
单选题Regarding zone types, which statement is true?()AYou cannot assign an interface to a functional zone.BYou can specifiy a functional zone in a security policy.CSecurity zones must have a scheduler applied.DYou can use a security zone for traffic destined for the device itself.
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected tointerface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A[edit security policies from-zone HR to-zone HR]B[edit security zones functional-zone management protocols]C[edit security zones protocol-zone HR host-inbound-traffic]D[edit security zones security-zone HR host-inbound-traffic protocols]
多选题Which two steps are performed when configuring a zone?()ADefine a default policy for the zone.BAssign logical interfaces to the zone.CAssign physical interfaces to the zone.DDefine the zone as a security or functional zone
单选题Regarding secure tunnel (st) interfaces, which statement is true?()AYou cannot assign st interfaces to a security zone.BYou cannot apply static NAT on an st interface logical unit.Cst interfaces are optional when configuring a route-based VPNDA static route can reference the st interface logical unit as the next-hop