Which user authentication methods are available in JUNOS?() A.MD5 and SHAB.RADIUS and TACACS onlyC.Local User DatabaseD.Local user Database, RADIUS, and TACACS+
Which user authentication methods are available in JUNOS?()
A.MD5 and SHA
B.RADIUS and TACACS only
C.Local User Database
D.Local user Database, RADIUS, and TACACS+
相关考题:
Giventutorial.jsp:2.ELTutorial3.Example14.5.Dear${my:nickname(user)}6.Which,whenaddedtothewebapplicationdeploymentdescriptor,ensuresthatline5isincludedverbatimintheJSPoutput?() A.B.C.D.
Giventheconfigurationshownintheexhibit,whichconfigurationobjectwouldbeusedtoassociatebothNancyandWalterwithfirewalluserauthenticationwithinasecuritypolicy?()profileftp-users{clientnancy{firewall-user{password$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7;SECRET-DATA}}clientwalter{firewall-user{password$9$a1UqfTQnApB36pBREKv4aJUk.5QF;SECRET-DATA}}session-options{client-groupftp-group;}}firewall-authentication{pass-through{default-profileftp-users;ftp{banner{loginJUNOSRocks!;}}}}A.ftp-groupB.ftp-usersC.firewall-userD.nancyandwalter
Assumethedefault-policyhasnotbeenconfigured.Giventheconfigurationshownintheexhibit,whichtwostatementsabouttrafficfromhost_aintheHRzonetohost_binthetrustzonearetrue?()[editsecuritypoliciesfrom-zoneHRto-zonetrust]user@hostshowpolicyone{match{source-addressany;destination-addressany;application[junos-httpjunos-ftp];}then{permit;}}policytwo{match{source-addresshost_a;destination-addresshost_b;application[junos-httpjunos-smtp];}then{deny;}}A.DNStrafficisdenied.B.HTTPtrafficisdenied.C.FTPtrafficispermitted.D.SMTPtrafficispermitted.
Giventheconfigurationshownintheexhibit,whichstatementistrueabouttrafficfromhost_atohost_b?()[editsecuritypoliciesfrom-zoneHRto-zonetrust]user@hostshowpolicytwo{match{source-addresssubnet_a;destination-addresshost_b;application[junos-telnetjunos-ping];}then{reject;}}policyone{match{source-addresshost_a;destination-addresssubnet_b;applicationany;}then{permit;}}host_aisinsubnet_aandhost_bisinsubnet_b.A.DNStrafficisdenied.B.Telnettrafficisdenied.C.SMTPtrafficisdenied.D.Pingtrafficispermitted
Intheconfigurationshownintheexhibit,youdecidedtoeliminatethejunos-ftpapplicationfromthematchconditionofthepolicyMyTraffic.[editsecuritypolicies]user@hostlshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;WhatwillhappentotheexistingFTPandBGPsessions?()A.TheexistingFTPandBGPsessionswillcontinue.B.TheexistingFTPandBGPsessionswillbere-evaluatedandonlyFTPsessionswillbedropped.C.TheexistingFTPandBGPsessionswillbere-evaluatedandallsessionswillbedropped.D.TheexistingFTPsessionswillcontinueandonlytheexistingBGPsessionswillbedropped.
Intheexhibit,youdecidedtochangemyHostsaddresses.[editsecuritypolicies]user@hostshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;Whatwillhappentothenewsessionsmatchingthepolicyandin-progresssessionsthathadalreadymatchedthepolicy?()A.Newsessionswillbeevaluated.In-progresssessionswillbere-evaluated.B.Newsessionswillbeevaluated.Allin-progresssessionswillcontinue.C.Newsessionswillbeevaluated.Allin-progresssessionswillbedropped.D.Newsessionswillhaltuntilallin-progresssessionsarere-evaluated.In-progresssessionswillbere-evaluatedandpossiblydropped.
Which statement contains the correct parameters for a route-based IPsec VPN?() A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
Which security or functional zone name has special significance to the Junos OS?() A. selfB. trustC. untrustD. junos-global
A company is using RADIUS to authenticate login requests to its Juniper Networks routers. Usersshould still be able to authenticate using the local password database but only if the RADIUS server is unreachable. Which JUNOS software configuration accomplishes this goal?()A. authentication-order radius;B. authentication-order password;C. authentication-order [radius password];D. authentication-order [password radius];
CiscoNX-OSSoftwaresupportsSNMPv1,SNMPv2c,andSNMPv3.BothSNMPv1andSNMPv2cuseacommunity-basedformofsecurity.SNMPv3providessecureaccesstodevicesbyacombinationofauthenticatingandencryptingframesoverthenetwork.WhichsecurityfeaturesareprovidedinCiscoNX-OSSNMPv3?()A.encryption—scramblesthepacketcontentstopreventthemfrombeingseenbyunauthorizedsourcesB.password—apassword(communitystring)sentincleartextbetweenamanagerandagentforaddedprotectionC.authentication—determinesthatthemessageisfromavalidsourceD.messageintegrity—ensuresthatapackethasnotbeentamperedwithwhileitwasintransitE.user—todetermineifuserauthenticationisusedinsteadofcommunitystrings