In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?() A. to specify the destination addresses to which access is permittedB. to specify the source address permitted to access the resourceC. to specify the services to which access is permittedD. to inform the enforcer to expect policy information from the Junos Pulse Access Control Service
In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?()
A. to specify the destination addresses to which access is permitted
B. to specify the source address permitted to access the resource
C. to specify the services to which access is permitted
D. to inform the enforcer to expect policy information from the Junos Pulse Access Control Service
相关考题:
访问控制表是防火墙实现安全管理的重要手段。完成下列访问控制列表(access-control-list)的配置内容,使内部所有主机不能访问外部IP地址段为202.117.12.0/24Web服务器。Firewall(config)access-list 100 deny tcp (11) 202.197.12.0 255.255.255.0 eq (12)(11)
Assumethedefault-policyhasnotbeenconfigured.Giventheconfigurationshownintheexhibit,whichtwostatementsabouttrafficfromhost_aintheHRzonetohost_binthetrustzonearetrue?()[editsecuritypoliciesfrom-zoneHRto-zonetrust]user@hostshowpolicyone{match{source-addressany;destination-addressany;application[junos-httpjunos-ftp];}then{permit;}}policytwo{match{source-addresshost_a;destination-addresshost_b;application[junos-httpjunos-smtp];}then{deny;}}A.DNStrafficisdenied.B.HTTPtrafficisdenied.C.FTPtrafficispermitted.D.SMTPtrafficispermitted.
Intheconfigurationshownintheexhibit,youdecidedtoeliminatethejunos-ftpapplicationfromthematchconditionofthepolicyMyTraffic.[editsecuritypolicies]user@hostlshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;WhatwillhappentotheexistingFTPandBGPsessions?()A.TheexistingFTPandBGPsessionswillcontinue.B.TheexistingFTPandBGPsessionswillbere-evaluatedandonlyFTPsessionswillbedropped.C.TheexistingFTPandBGPsessionswillbere-evaluatedandallsessionswillbedropped.D.TheexistingFTPsessionswillcontinueandonlytheexistingBGPsessionswillbedropped.
Intheexhibit,youdecidedtochangemyHostsaddresses.[editsecuritypolicies]user@hostshowfrom-zonePrivateto-zoneExternal{policyMyTraffic{match{source-addressmyHosts;destination-addressExtServers;application[junos-ftpjunos-bgp];}then{permit{tunnel{ipsec-vpnvpnTunnel;}}}}}policy-rematch;Whatwillhappentothenewsessionsmatchingthepolicyandin-progresssessionsthathadalreadymatchedthepolicy?()A.Newsessionswillbeevaluated.In-progresssessionswillbere-evaluated.B.Newsessionswillbeevaluated.Allin-progresssessionswillcontinue.C.Newsessionswillbeevaluated.Allin-progresssessionswillbedropped.D.Newsessionswillhaltuntilallin-progresssessionsarere-evaluated.In-progresssessionswillbere-evaluatedandpossiblydropped.
ASA/PIXversion7.0introducedModularPolicyFramework(MPF)asanextensiblewaytoclassifytraffic,andthenapplypolicies(oractions)tothattraffic.MPFataminimum requireswhichthreecommands?() A.http-map,tcp-map,class-mapB.class-map,tcp-map,policy-mapC.class-map,policy-map,service-mapD.class-map,service-policy,policy-map
某全国连锁企业的总部和分布在全国各地的30家分公司之间经常需要传输各种内部数据,因此公司决定在总部和各分公司之间建立VPN技术。具体拓扑如下:配置部分只显示了与总部与分公司1的配置。根据拓扑完成问题1-问题3。[问题1](3分):在总部与分公司之间相连的VPN方式是(1),在IPsec工作模式中有传输模式和隧道模式,其中将源IP数据包整体封装后再进行传输的模式是(2).1备选答案:A.站点到站点 B.端到端C.端到站点[问题2](13分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。 (3)[FIREWALL1] interface(4)[FIREWALL1-GigabitEthernet1/0/2] ip address (5)[FIREWALL1-GigabitEthernet1/0/2] quit[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ip address 202.1.3.1 24[FIREWALL1-GigabitEthernet1/0/1] quit# 配置接口加入相应的安全区域。[FIREWALL1] firewall zone trust [FIREWALL1-zone-trust] add interface (6)[FIREWALL1-zone-trust] quit[FIREWALL1](7)[FIREWALL1-zone-untrust] add interface GigabitEthernet 1/0/1[FIREWALL1-zone-untrust] quit2. 配置安全策略,允许私网指定网段进行报文交互。# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1](8)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone (9)[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (10)[FIREWALL1-policy-security-rule-1] destination-address 192.168.200.0 24[FIREWALL1-policy-security-rule-1] action (11)[FIREWALL1-policy-security-rule-1] quit…..# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FIREWALL1。[FIREWALL1-policy-security] rule name 3[FIREWALL1-policy-security-rule-3] source-zone local[FIREWALL1-policy-security-rule-3] destination-zone untrust[FIREWALL1-policy-security-rule-3] source-address 202.1.3.1 32[FIREWALL1-policy-security-rule-3] destination-address 202.1.5.1 32[FIREWALL1-policy-security-rule-3] action permit[FIREWALL1-policy-security-rule-3] quit…3. 配置IPSec隧道。# 配置访问控制列表,定义需要保护的数据流。[FIREWALL1] (12)[FIREWALL1-acl-adv-3000] rule permit (13)[FIREWALL1-acl-adv-3000] quit# 配置名称为tran1的IPSec安全提议。[FIREWALL1] ipsec proposal tran1[FIREWALL1-ipsec-proposal-tran1] encapsulation-mode (14)[FIREWALL1-ipsec-proposal-tran1] transform esp[FIREWALL1-ipsec-proposal-tran1] esp authentication-algorithm sha2-256[FIREWALL1-ipsec-proposal-tran1] esp encryption-algorithm aes[FIREWALL1-ipsec-proposal-tran1] quit# 配置序号为10的IKE安全提议。[FIREWALL1] (15)[FIREWALL1-ike-proposal-10] authentication-method pre-share[FIREWALL1-ike-proposal-10] authentication-algorithm sha2-256[FIREWALL1-ike-proposal-10] quit# 配置IKE用户信息表。[FIREWALL1] ike user-table 1[FIREWALL1-ike-user-table-1] user id-type ip 202.1.5.1 pre-shared-key Admin@gkys[FIREWALL1-ike-user-table-1] quit# 配置IKE Peer。[FIREWALL1] ike peer b[FIREWALL1-ike-peer-b] ike-proposal 10[FIREWALL1-ike-peer-b] user-table 1[FIREWALL1-ike-peer-b] quit# 配置名称为map_temp序号为1的IPSec安全策略模板。[FIREWALL1] ipsec policy-template map_temp 1[FIREWALL1-ipsec-policy-template-map_temp-1] security acl 3000[FIREWALL1-ipsec-policy-template-map_temp-1] proposal tran1[FIREWALL1-ipsec-policy-template-map_temp-1] ike-peer b[FIREWALL1-ipsec-policy-template-map_temp-1] reverse-route enable[FIREWALL1-ipsec-policy-template-map_temp-1] quit# 在IPSec安全策略map1中引用安全策略模板map_temp。[FIREWALL1] ipsec policy map1 10 isakmp template map_temp# 在接口GigabitEthernet 1/0/1上应用安全策略map1。[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ipsec policy map1[FIREWALL1-GigabitEthernet1/0/1] quit [问题3]IPsec中,通过一些协议的处理,可以有效的保护分组安全传输。其中能够确保数据完整性,但是不能确保数据机密性的是(17),而技能报数数据传输的机密性又能保证数据完整性的是(18)
某公司在外地新开了一家分公司,现管理员希望在总部与分公司之间通过vpn建立连接。根据拓扑图,完成下列问题。[问题1](3分)该公司所选用的VPn技术为IPSec。它工作在TCP/IP协议栈的(1)层,能为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。其中能够确保数据完整性,但是不确保数据机密性的协议是(2),既能报数数据传输的机密性又能保证数据完整性的是协议是(3)。[问题2](4分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。…# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1] (5)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone trust[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (6)[FIREWALL1-policy-security-rule-1] destination-address(7)[FIREWALL1-policy-security-rule-1] quit[FIREWALL1] acl 3000[FIREWALL1-acl-adv-3000] rule (8)ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[FIREWALL1-acl-adv-3000] quit…
公司有一台提供SMTP服务的主机,现在想要设置防火墙允许SMTP服务器通过防火墙,并且永久性的生效,其命令为()。A.firewall_cmd --add-service=smtp --permanentB.firewall_cmd --add-service=smtpC.firewalld_cmd -add-service=smtp --permanentD.firewalld_cmd -add-service=smtp
在防火墙中永久开放FTP服务的命令是A.firewall-cmd --add-service=ftpB.firewall-cmd --permanent --add-service=ftpC.firewall-cmd --permanent --service=ftpD.firewall-cmd --permanent --add-service-ftp
Samba服务中,开启防火墙对Samba流量放行的命令是()。A.firewall-cmd --add-service=smb --permanentB.firewall-cmd --add-service=nmb --permanentC.firewall-cmd --add-service=samba --permanentD.以上都不是