A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()
- A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
- C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
- D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
相关考题:
The Ezonexam network administrator wants to use a router named VE1 to segment the local network. What are some of the advantages of using VE1 to segment the network? (Choose two)A. Routers generally cost less than switchesB. Filtering can occur based on Layer 3 informationC. Broadcasts are not forwarded across the routerD. Broadcasts are eliminatedE. Adding a router to the network decreases latencyF. Routers can generally support more LAN ports than switches
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?A. BPDUB. Port securityC. RSTPD. STPE. VTPF. Blocking mode
An administrator wants to be alerted when a network-based attack is underway, but the company policy prohibits blocking or dropping network connections.Which of the following MUST be deployed?() A.IDSB.IPSC.FirewallD.Managed PKI
A company wants to secure access to its internal wireless network. The company wants to use themost secure means to access the network. Which of the following is the BEST choice for wireless security in this situation?()A. WEP encryptionB. Channel rotationC. Disable SSIDD. WPA encryption
An administrator wants to limit access of a wireless network without requiring authorized users toenter a password or network key.Which of the following methods would MOST likely be implemented on the wireless network?()A. Disable SSIDB. WPAC. MAC filteringD. RAS
An administrator wants to test the network MTU. Which of the following commands allows differentsize packets to be sent?() A.netstatB.tracerouteC.nbtstatD.ping
A network administrator wants to detect a login attack against a router. What IOS command can make the attack recorded in syslog server?()A、Logging detect fail-loginB、Login on-failure logC、Login detect login-failure logD、Logging login on-failureE、none of the above
A network administrator needs to configure port security on a switch.which two statements are true?()A、The network administrator can apply port security to dynamic access portsB、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.D、The network administrator can apply port security to EtherChannels.E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()A、BPDUB、Port securityC、RSTPD、STPE、VTPF、Blocking mode
An administrator wants to test the network MTU. Which of the following commands allows differentsize packets to be sent?()A、netstatB、tracerouteC、nbtstatD、ping
An administrator has purchased monitoring software that can be configured to alert administrators when hardware and applications are having issues. All devices are configured with SNMP, but the administrator wants to further secure the SNMP traffic. Which of the following settings would BEST provide additional monitoring security?()A、Setting up a custom community nameB、Configuring the network to block traffic on port 161C、Configuring the Windows Firewall to block port 161D、Setting SNMP to read only on the devicesE、Installing new MIBs
An administrator wants to be alerted when a network-based attack is underway, but the company policy prohibits blocking or dropping network connections. Which of the following MUST be deployed?()A、IDSB、IPSC、FirewallD、Managed PKI
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?()A、NIPSB、HoneypotC、DMZD、NIDS
An AIX server is configured with a static IP address but the system administrator wants the server to give out IP addresses for clients who want to use the dynamic host configuration protocol instead of static IP addresses.How is this accomplished?()A、Use SMIT to have the server use DHCP instead of a static addressB、Edit /etc/rc.tcpip and start the dhcpsd daemonC、Use the network options command to enable ipforwardingD、Edit /etc/rc.net to set network options back to default
The Cluster Administrator wants to use disk heartbeats as a non-IP network. What Volume Group consideration must be accounted for prior to configuring disk heartbeats?() A、 The Volume Group major number must be the same on all nodes.B、 The Shared Volume Group must be created with the Big VG format.C、 The Volume Group must be created as Enhanced Concurrent Capable.D、 The "t factor" must be doubled to create the reserved area for disk hearbeats.
An administrator wants to record details of all logical volumes mapped as virtual disks on a VIO server partition and the associated virtual target devices and mappings. Which IOS command can the administrator use to achieve this?()A、 lssp -detailB、 lsvdev -s vtd -c lvC、 lsmap -type lv -allD、 lsdev -Cs virtual -t lv
A network administrator wants to analyze the historical performance of the servers in the organization and forecast the system performance needs into the future. Which add-on component of IBM Director would be used to assist with this task?()A、Capacity ManagerB、Resource MonitorsC、System AvailabilityD、System Performance Monitor
An AIX server has 2 network interfaces and the system administrator wants to enable the users on the locally configured network interface to be able to connect to systems configured on the global network interface. How is it accomplished?()A、Enable routed on the serverB、Enable gated on the serverC、Enable ipforwarding on the serverD、Set network options back to default
单选题An administrator wants to record details of all logical volumes mapped as virtual disks on a VIO server partition and the associated virtual target devices and mappings. Which IOS command can the administrator use to achieve this?()A lssp -detailB lsvdev -s vtd -c lvC lsmap -type lv -allD lsdev -Cs virtual -t lv
单选题A company wants to secure access to its internal wireless network. The company wants to use themost secure means to access the network. Which of the following is the BEST choice for wireless security in this situation?()AWEP encryptionBChannel rotationCDisable SSIDDWPA encryption
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
单选题A network administrator wants to verify the active alarms on interface so-0/0/0. Which command displays this information?()Ashow interfaces alarmsBshow interfaces terseCshow alarms extensiveDshow interfaces extensive
单选题The administrator wants to backup the existing VIO server software and its current configuration before applying an update. What command will the administrator use to backup the VIO server software so that the backup can be restored from a Network Installation Manager (NIM) server or a Hardware Management Console (HMC)?()A mksysb -t vio /mountpointB backupios -file /mountpointC mksysb -i /mountpoint/vio.mksysbD backupios -mksysb -file /mountpoint/vio.mksysb
单选题An administrator wants to limit access of a wireless network without requiring authorized users to enter a password or network key. Which of the following methods would MOST likely be implemented on the wireless network?()ADisable SSIDBWPACMAC filteringDRAS
单选题A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()ABPDUBPort securityCRSTPDSTPEVTPFBlocking mode
单选题A network administrator wants to detect a login attack against a router. What IOS command can make the attack recorded in syslog server?()ALogging detect fail-loginBLogin on-failure logCLogin detect login-failure logDLogging login on-failureEnone of the above
多选题An administrator has purchased monitoring software that can be configured to alert administrators when hardware and applications are having issues. All devices are configured with SNMP, but the administrator wants to further secure the SNMP traffic. Which of the following settings would BEST provide additional monitoring security?()ASetting up a custom community nameBConfiguring the network to block traffic on port 161CConfiguring the Windows Firewall to block port 161DSetting SNMP to read only on the devicesEInstalling new MIBs
单选题You are the network administrator at TestKing. TestKing has been provided withthe network address 165.100.27.0/24. The TestKing CEO wants to know how many subnetworks this address provides, and how many hosts can be supported on each subnet. What would your reply be?()AOne network with 254 hosts.B254 networks with 254 hosts per network.C65,534 networks with 255 hosts per network.D30 networks with 64 hosts per network.E254 networks with 65,534 per network.