You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
- A、Resource access policy on the MAG Series device
- B、IPsec routing policy on the MAG Series device
- C、General traffic policy blocking access through the firewall enforcer
- D、Auth table entry on the firewall enforcer
相关考题:
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?() A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy
You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI).To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()A. CLIB. WebUIC. NSMD. Junos Pulse Access Control Service
You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()A. resource access policiesB. Host Enforcer policiesC. source IP enforcement policiesD. IPsec enforcement policies
You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()A. show services unified-access-control authentication-tableB. show auth tableC. show services unified-access-control policiesD. show services unified-access-control captive-portal
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A. Connection RequestsB. System ErrorsC. Enforcer EventsD. Enforcer Command Trace
You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer
Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? () A. You do not need to configure a RADIUS client policy.B. You must know the exact model number of the Infranet Enforcer.C. You must specify the NACN password of the device in the RADIUS client policy.D. You do not need to designate a location group to which the Infranet Enforcer will belong.
You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()A、Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B、A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C、Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D、A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
You need to control SSH, HTTP, and Telnet access to an MX240 router through any interface.You have decided to use a firewall filter. How should you apply the firewall filter?()A、as an outbound filter on interface fxp0B、as an outbound filter on interface lo0C、as an inbound filter on interface fxp0D、as an inbound filter on interface lo0
Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? ()A、You do not need to configure a RADIUS client policy.B、You must know the exact model number of the Infranet Enforcer.C、You must specify the NACN password of the device in the RADIUS client policy.D、You do not need to designate a location group to which the Infranet Enforcer will belong.
You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()A、In Local Group Policy, modify the audit policy.B、In Local Group Policy, modify the system audit policy.C、From the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.D、From the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.
A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()A、Connection RequestsB、System ErrorsC、Enforcer EventsD、Enforcer Command Trace
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()A、The MAG Series device has multiple ports associated with the certificate.B、The MAG Series device's serial number needs to be configured on the SRX Series device.C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.D、The MAG Series device and SRX Series device are not synchronized to an NTP server.
You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do()A、 From Windows Firewall, add an exceptionB、 From windows Firewall enable the block all incoming connections optionC、 From the Windows Firewall with Advanced Security snap-in, create an inbound ruleD、 From the Windows Firewall with Advanced Security snap-in, create an outbound rule.
You have a server that runs windows server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do?()A、From windows firewall, add an exception.B、From windows firewall enable the block all incoming connections option.C、From the windows firewall with advanced security snap-in, create an inbound rule.D、From the windows firewall with advanced security snap-in, create an outbound rule.
You are the administrator of a Windows XP Professional computer named Pro1. The computer is connected to the Internet. Pro1 provides Internet access to eight other Windows XP Professional computers that are connected to Pro1. You enable Internet Connection Sharing (ICS) and Windows Firewall on Pro1. You run an application named App1 on Pro1. App1 communicates with an online training company on the Internet. To display an online seminar, the training company needs to contact the App1 application at port 5800. You want to ensure that the training company can connect to the App1 application. What should you do?()A、Configure Windows Firewall to enable the Internet Control Message Protocol (ICMP) Allow redirect option. Then start the App1 application that opens port 5800. B、Create a new service exception named App1. Use port 5800 as both the external and internal port number.C、Edit the %systemroot%/System32/Drivers/Etc/Services file on Pro1 to include a service definition named App1 for port 5800. D、Change the TCP/IP settings on Pro1 to enable TCP/IP filtering. Permit network traffic on port 5800.
You acquire a pc with 3 hard drives: Disk 0, Disk 1, Disk 2. Each physical disk has a capacity of 6GB. You want each disk to consist of one partition. You want to configure the computer to dual-boot Win98 and Win2K PRO. You want to save your documents to Disk 1 and have the ability to access them under either OS. You also want to install Win2K PRO and have the ability to secure individual files on Disk 2.
单选题You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()AMultiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.BA single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.CMultiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.DA single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.
单选题You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?()Aguest-vlanBauth-fail-vlanCserver-reject-vlanDserver-fail-vlan
多选题You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()Aaccess profileBIKE parametersCtunneled interfaceDredirect policy
多选题You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()AResource access policy on the MAG Series deviceBIPsec routing policy on the MAG Series deviceCGeneral traffic policy blocking access through the firewall enforcerDAuth table entry on the firewall enforcer
单选题What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()ACheckpoint firewallBSRX Series deviceCDP sensorDMX Series device
单选题You are receiving reports of possible unauthorized access to resources protected by a firewall enforcer running the Junos OS. You want to verity which users are currently accessing resources through the enforcer.Which command should you use to verify user access on the enforcer?()Ashow services unified-access-control authentication-tableBshow auth tableCshow services unified-access-control policiesDshow services unified-access-control captive-portal
单选题You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()Aresource access policiesBHost Enforcer policiesCsource IP enforcement policiesDIPsec enforcement policies
多选题You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()ACLIBWebUICNSMDJunos Pulse Access Control Service
多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.
单选题You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do()A From Windows Firewall, add an exceptionB From windows Firewall enable the block all incoming connections optionC From the Windows Firewall with Advanced Security snap-in, create an inbound ruleD From the Windows Firewall with Advanced Security snap-in, create an outbound rule.
单选题You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?()AIn Local Group Policy, modify the audit policy.BIn Local Group Policy, modify the system audit policy.CFrom the Windows Firewall with Advanced Security properties, set the logging settings to Log successfulconnections.DFrom the Windows Firewall with Advanced Security properties, set the Data Protection (Quick Mode)IPSec settings to Advanced.