单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

单选题
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
A

from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

B

from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

C

from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }

D

from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

参考解析

解析: 暂无解析

相关考题:

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back.What is causing the problem?()A. The host needs to open the telnet port.B. The host needs a route for the translated address.C. The administrator must use a proxy-arp policy for the translated address.D. The administrator must use a security policy, which will allow communication between the zones.
查看答案
An administrator wants to be alerted when a network-based attack is underway, but the company policy prohibits blocking or dropping network connections.Which of the following MUST be deployed?() A.IDSB.IPSC.FirewallD.Managed PKI
查看答案
An administrator wants to limit access of a wireless network without requiring authorized users toenter a password or network key.Which of the following methods would MOST likely be implemented on the wireless network?()A. Disable SSIDB. WPAC. MAC filteringD. RAS
查看答案
An administrator wants to test the network MTU. Which of the following commands allows differentsize packets to be sent?() A.netstatB.tracerouteC.nbtstatD.ping
查看答案
The network administrator of the Oregon router adds the follwing command to the router configuration: ip route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command?() A. The command establishes a static routeB. The command invokes a dynamic routing protocol for 192.168.12.0C. Traffic for network 192.168.12.0 is forwarded to 172.16.12.1D. Traffic for all networks is forwarded to 172.16.12.1E. This route is automatically propagated throughout the entire networkF. Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network
查看答案
Refer to the exhibit,a network administrator cannot establish a telnet session with the indicated router.What is the cause of this failure?()A、A level 5 password is not setB、The vty password is missingC、The console password is missingD、An ACL is blocking Telnet access
查看答案
The network administrator of the Oregon router adds the follwing command to the router configuration: ip route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command?()A、The command establishes a static routeB、The command invokes a dynamic routing protocol for 192.168.12.0C、Traffic for network 192.168.12.0 is forwarded to 172.16.12.1D、Traffic for all networks is forwarded to 172.16.12.1E、This route is automatically propagated throughout the entire networkF、Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network
查看答案
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyE、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyF、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
查看答案
A network administrator has configured access list 172 to prevent Telnet and ICMP traffic from reaching a server with the address if 192.168.13.26. Which command can the administrator issue to verify that the access list is working properly?()A、Router# ping 192.168.13.26B、Router# debug access-list 172C、Router# show open ports 192.168.13.26D、Router# show access-listE、Router# show ip interface
查看答案
A network administrator is configuring ACLs on a cisco router,to allow traffic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0and192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()A、access-list 10 permit ip 192.168.147.0 0.0.0.255.255B、access-list 10 permit ip 192.168.149.0 0.0.0.255.255C、access-list 10 permit ip 192.168.146.0 0.0.0.0.255D、access-list 10 permit ip 192.168.146.0 0.0.0.1.255E、access-list 10 permit ip 192.168.148.0 0.0.0.1.255F、access-list 10 permit ip 192.168.146.0 255.255.255.0
查看答案
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()A、BPDUB、Port securityC、RSTPD、STPE、VTPF、Blocking mode
查看答案
A network administrator is viewing the control plane traffic flowing through their network in real-time. What built-in feature enabled this ability?()A、call homeB、wiresharkC、ethanalyzerD、NX-OS
查看答案
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
查看答案
An administrator wants to test the network MTU. Which of the following commands allows differentsize packets to be sent?()A、netstatB、tracerouteC、nbtstatD、ping
查看答案
An administrator has purchased monitoring software that can be configured to alert administrators when hardware and applications are having issues.  All devices are configured with SNMP, but the administrator wants to further secure the SNMP traffic.  Which of the following settings would BEST provide additional monitoring security?()A、Setting up a custom community nameB、Configuring the network to block traffic on port 161C、Configuring the Windows Firewall to block port 161D、Setting SNMP to read only on the devicesE、Installing new MIBs
查看答案
An administrator wants to be alerted when a network-based attack is underway, but the company policy prohibits blocking or dropping network connections. Which of the following MUST be deployed?()A、IDSB、IPSC、FirewallD、Managed PKI
查看答案
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?()A、NIPSB、HoneypotC、DMZD、NIDS
查看答案
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
查看答案
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
查看答案
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any anyBaccess-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any anyCaccess-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any anyDaccess-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any
查看答案
多选题A network administrator is configuring ACLs on a cisco router,to allow traffic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0and192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255Daccess-list 10 permit ip 192.168.146.0 0.0.0.1.255Eaccess-list 10 permit ip 192.168.148.0 0.0.0.1.255Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
查看答案
单选题An administrator wants to limit access of a wireless network without requiring authorized users to enter a password or network key. Which of the following methods would MOST likely be implemented on the wireless network?()ADisable SSIDBWPACMAC filteringDRAS
查看答案
单选题A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()ABPDUBPort securityCRSTPDSTPEVTPFBlocking mode
查看答案
单选题A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()AThe host needs to open the telnet port.BThe host needs a route for the translated address.CThe administrator must use a proxy-arp policy for the translated address.DThe administrator must use a security policy, which will allow communication between the zones.
查看答案
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyEaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyFaccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
查看答案
多选题An administrator has purchased monitoring software that can be configured to alert administrators when hardware and applications are having issues. All devices are configured with SNMP, but the administrator wants to further secure the SNMP traffic. Which of the following settings would BEST provide additional monitoring security?()ASetting up a custom community nameBConfiguring the network to block traffic on port 161CConfiguring the Windows Firewall to block port 161DSetting SNMP to read only on the devicesEInstalling new MIBs
查看答案
多选题A network administrator has configured access list 172 to prevent Telnet and ICMP traffic from reaching a server with the address if 192.168.13.26. Which command can the administrator issue to verify that the access list is working properly?()ARouter# ping 192.168.13.26BRouter# debug access-list 172CRouter# show open ports 192.168.13.26DRouter# show access-listERouter# show ip interface
查看答案
热门标签