You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
- A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
- B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
- C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
- D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
相关考题:
When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?() A. The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.B. The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.C. The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.D. The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.
Your IT manager has requested that you start providing weekly reports of CPU utilization on all network devices.Which monitoring function should be enabled on the MAG Series device?() A. Admin loggingB. SNMP loggingC. Syslog server loggingD. Event logging
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A. You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B. No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C. You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D. You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
Which service is provided by a MAG Series device?() A. RoutingB. MPLS VPNsC. Access controlD. Intrusion detection
Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?() A. Remote DebuggingB. System SnapshotC. User Access logsD. Policy Tracing
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer
You are installing a cisco 4402 series wireless lan controller. What type of interface is used on the uplink port?()A、1000base-x mini-gbicB、10/100/1000 mbps rj45C、10/100 mbps rj45D、1000base-sx
You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()A、Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B、A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C、Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D、A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()A、The user will be instructed to call the network administrator.B、The user will fail authentication.C、The user will be prompted to install a new device certificate on the MAG Series device.D、The user will successfully authenticate and have full network access.
You are installing a Cisco 4402 Series Wireless LAN Controller. Which type of interface should you use onthe controller’s distribution port?()A、10/100 Mbps RJ45B、1000BASE-SX SFPC、10/100/1000 Mbps RJ45D、10000BASE-SX
You are installing a cisco aironet 1000 series controller-based access point. when you boot it, all the leds on the access point blink together. What does this indicate about the access point?()A、duplicate ip addressB、code upgrade in progressC、normal operationD、searching for primary controller
You are installing a cisco 4402 series wireless lan controller. Which type of interface should you use on the controller’s distribution port?()A、1000base-sx sfpB、10/100/1000 mbps rj45C、10/100 mbps rj45D、10000base-sx
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()A、The MAG Series device has multiple ports associated with the certificate.B、The MAG Series device's serial number needs to be configured on the SRX Series device.C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.D、The MAG Series device and SRX Series device are not synchronized to an NTP server.
单选题Which service is provided by a MAG Series device?()ARoutingBMPLS VPNsCAccess controlDIntrusion detection
单选题You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()AMultiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.BA single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.CMultiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.DA single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
单选题You are installing a Cisco 4402 Series Wireless LAN Controller. Which type of interface shouldyou use on the controller’s distribution port?()A1000BASE-SX SFPB10/100/1000 Mbps RJ45C10/100 Mbps RJ45D10000BASE-SX
单选题Your IT manager has requested that you start providing weekly reports of CPU utilization on all network devices.Which monitoring function should be enabled on the MAG Series device?()AAdmin loggingBSNMP loggingCSyslog server loggingDEvent logging
多选题You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()AResource access policy on the MAG Series deviceBIPsec routing policy on the MAG Series deviceCGeneral traffic policy blocking access through the firewall enforcerDAuth table entry on the firewall enforcer
多选题Which three settings are accessible from the serial console menu on a MAG Series device?()AThe ping commandBFactory default resetCPersonality imageDLicense importsEAdmin login credentials
多选题Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()ARemote DebuggingBSystem SnapshotCUser Access logsDPolicy Tracing
单选题When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()AThe cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.BThe cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.CThe cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.DThe cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.
单选题You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()AThe user will be instructed to call the network administrator.BThe user will fail authentication.CThe user will be prompted to install a new device certificate on the MAG Series device.DThe user will successfully authenticate and have full network access.
多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()AThe endpoints can use agentless access.BEncrypted traffic flows between the endpoint and the enforcer.CEncrypted traffic flows between the endpoint and the protected resourceDThe endpoints can use the Odyssey Access Client.
多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.
多选题Before replacing a MAG Series device, using the admin GUI, you export two backup files, system.cfg from "Maintenance" "ImportfExport Configuration" and user.cfg from "Maintenance" "Import/Export Users". When you receive the new hardware, you import all of the settings stored in the system.cfg file (including the IP address, network configuration, and device certificates), but you fail to import the user.cfg file. Which three configuration areas were updated by system.cfg?()ACluster configuration settingsBStatic routesCSNMP settingsDSign-in policiesEMAC authentication realms
单选题You are installing a cisco 4402 series wireless lan controller. What type of interface is used on the uplink port?()A1000base-x mini-gbicB10/100/1000 mbps rj45C10/100 mbps rj45D1000base-sx
单选题You are installing a cisco 4402 series wireless lan controller. Which type of interface should you use on the controller’s distribution port?()A1000base-sx sfpB10/100/1000 mbps rj45C10/100 mbps rj45D10000base-sx
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()AYou must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.BNo security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.CYou must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.DYou must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.