Which three firewall user authentication objects can be referenced in a security policy? ()(Choose three.) A. access profileB. client groupC. clientD. default profileE. external
Which three firewall user authentication objects can be referenced in a security policy? ()(Choose three.)
A. access profile
B. client group
C. client
D. default profile
E. external
相关考题:
以下程序段的输出结果为 ( )int j=2;switch(j){case 2:System.out.print("two.");case 2+1:System.out.println("three.");breakdefault:System.out.println("value is"+j);break;}A.two.three.B.two.C.three.D.value is 2
Giventheconfigurationshownintheexhibit,whichconfigurationobjectwouldbeusedtoassociatebothNancyandWalterwithfirewalluserauthenticationwithinasecuritypolicy?()profileftp-users{clientnancy{firewall-user{password$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7;SECRET-DATA}}clientwalter{firewall-user{password$9$a1UqfTQnApB36pBREKv4aJUk.5QF;SECRET-DATA}}session-options{client-groupftp-group;}}firewall-authentication{pass-through{default-profileftp-users;ftp{banner{loginJUNOSRocks!;}}}}A.ftp-groupB.ftp-usersC.firewall-userD.nancyandwalter
Which statement contains the correct parameters for a route-based IPsec VPN?() A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
Whichofthefollowinglocalfilesisusedtorunthedatecommandontheremotemachine"Earth"usingthefollowingrexeccommandwithoutrequestforapassword?rexecEarthdate()。 A.~/.rhostsB.$HOME/.netrcC./etc/hosts.equivD./etc/security/user
ASystempadministratorneedstosetthedefaultpasswordlengthforalluserstosixcharacters.Whichofthefollowingfilesneedstobeeditedtoaccomplishthis() A./etc/security/limitsB./etc/security/mkuser.sysC./etc/security/privD./etc/security/user
以下程序段的输出结果为( )。 int j=2 switch (j){ Case 2: system.out.print("two."): Case 2+1: System.out.println("three."); break: default: System.out.println (“value is”+j): Break }A.B.twoA.two.three.B.twoC.threeD.value is 2
TheLWAPP(LightweightAccessPointProtocol)isinusewithintheCompanywirelessLAN.Whichstatementistrueaboutthisprotocol?() A.Real-timeframeexchangeisaccomplishedwithintheaccesspoint.B.ThecontroltrafficbetweentheclientandtheaccesspointisencapsulatedwiththeLWAPP.C.Authentication,security,andmobilityarehandledbytheaccesspoint.D.DatatrafficbetweentheclientandtheaccesspointisencapsulatedwithLWAPP.E.Noneoftheotheralternativesapply
某全国连锁企业的总部和分布在全国各地的30家分公司之间经常需要传输各种内部数据,因此公司决定在总部和各分公司之间建立VPN技术。具体拓扑如下:配置部分只显示了与总部与分公司1的配置。根据拓扑完成问题1-问题3。[问题1](3分):在总部与分公司之间相连的VPN方式是(1),在IPsec工作模式中有传输模式和隧道模式,其中将源IP数据包整体封装后再进行传输的模式是(2).1备选答案:A.站点到站点 B.端到端C.端到站点[问题2](13分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。 (3)[FIREWALL1] interface(4)[FIREWALL1-GigabitEthernet1/0/2] ip address (5)[FIREWALL1-GigabitEthernet1/0/2] quit[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ip address 202.1.3.1 24[FIREWALL1-GigabitEthernet1/0/1] quit# 配置接口加入相应的安全区域。[FIREWALL1] firewall zone trust [FIREWALL1-zone-trust] add interface (6)[FIREWALL1-zone-trust] quit[FIREWALL1](7)[FIREWALL1-zone-untrust] add interface GigabitEthernet 1/0/1[FIREWALL1-zone-untrust] quit2. 配置安全策略,允许私网指定网段进行报文交互。# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1](8)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone (9)[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (10)[FIREWALL1-policy-security-rule-1] destination-address 192.168.200.0 24[FIREWALL1-policy-security-rule-1] action (11)[FIREWALL1-policy-security-rule-1] quit…..# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FIREWALL1。[FIREWALL1-policy-security] rule name 3[FIREWALL1-policy-security-rule-3] source-zone local[FIREWALL1-policy-security-rule-3] destination-zone untrust[FIREWALL1-policy-security-rule-3] source-address 202.1.3.1 32[FIREWALL1-policy-security-rule-3] destination-address 202.1.5.1 32[FIREWALL1-policy-security-rule-3] action permit[FIREWALL1-policy-security-rule-3] quit…3. 配置IPSec隧道。# 配置访问控制列表,定义需要保护的数据流。[FIREWALL1] (12)[FIREWALL1-acl-adv-3000] rule permit (13)[FIREWALL1-acl-adv-3000] quit# 配置名称为tran1的IPSec安全提议。[FIREWALL1] ipsec proposal tran1[FIREWALL1-ipsec-proposal-tran1] encapsulation-mode (14)[FIREWALL1-ipsec-proposal-tran1] transform esp[FIREWALL1-ipsec-proposal-tran1] esp authentication-algorithm sha2-256[FIREWALL1-ipsec-proposal-tran1] esp encryption-algorithm aes[FIREWALL1-ipsec-proposal-tran1] quit# 配置序号为10的IKE安全提议。[FIREWALL1] (15)[FIREWALL1-ike-proposal-10] authentication-method pre-share[FIREWALL1-ike-proposal-10] authentication-algorithm sha2-256[FIREWALL1-ike-proposal-10] quit# 配置IKE用户信息表。[FIREWALL1] ike user-table 1[FIREWALL1-ike-user-table-1] user id-type ip 202.1.5.1 pre-shared-key Admin@gkys[FIREWALL1-ike-user-table-1] quit# 配置IKE Peer。[FIREWALL1] ike peer b[FIREWALL1-ike-peer-b] ike-proposal 10[FIREWALL1-ike-peer-b] user-table 1[FIREWALL1-ike-peer-b] quit# 配置名称为map_temp序号为1的IPSec安全策略模板。[FIREWALL1] ipsec policy-template map_temp 1[FIREWALL1-ipsec-policy-template-map_temp-1] security acl 3000[FIREWALL1-ipsec-policy-template-map_temp-1] proposal tran1[FIREWALL1-ipsec-policy-template-map_temp-1] ike-peer b[FIREWALL1-ipsec-policy-template-map_temp-1] reverse-route enable[FIREWALL1-ipsec-policy-template-map_temp-1] quit# 在IPSec安全策略map1中引用安全策略模板map_temp。[FIREWALL1] ipsec policy map1 10 isakmp template map_temp# 在接口GigabitEthernet 1/0/1上应用安全策略map1。[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ipsec policy map1[FIREWALL1-GigabitEthernet1/0/1] quit [问题3]IPsec中,通过一些协议的处理,可以有效的保护分组安全传输。其中能够确保数据完整性,但是不能确保数据机密性的是(17),而技能报数数据传输的机密性又能保证数据完整性的是(18)
某公司在外地新开了一家分公司,现管理员希望在总部与分公司之间通过vpn建立连接。根据拓扑图,完成下列问题。[问题1](3分)该公司所选用的VPn技术为IPSec。它工作在TCP/IP协议栈的(1)层,能为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。其中能够确保数据完整性,但是不确保数据机密性的协议是(2),既能报数数据传输的机密性又能保证数据完整性的是协议是(3)。[问题2](4分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。…# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1] (5)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone trust[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (6)[FIREWALL1-policy-security-rule-1] destination-address(7)[FIREWALL1-policy-security-rule-1] quit[FIREWALL1] acl 3000[FIREWALL1-acl-adv-3000] rule (8)ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[FIREWALL1-acl-adv-3000] quit…
以下那一个选项是查询数据方法:A.User.objects.filter(username='wangwu').get(pk=1)B.User.objects.filter(id=user_id).update(password='9999')C.User.objects.all().delete()D.User.objects.get(pk=user_id).delete()