You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()A、Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B、A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C、Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D、A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.

You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()

  • A、Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.
  • B、A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.
  • C、Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.
  • D、A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.

相关考题:

Which statement is true regarding IPsec VPNs?() A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.

You are validating the configuration of your SRX Series device and see the output shown below.What does this indicate?() A.The SRX Series device has been configured correctly, the Junos Pulse Access Control Service is reachable on the network, and the SRX Series device is waiting to receive the initial connection from the Junos Pulse Access Control Service.B.The SRX Series device has confirmed that the Junos Pulse Access Control Service is configured and is reachable on the network, the SRX Series device is waiting to receive the connection from the Junos Pulse Access Control Service, and all that remains to be accomplished is to configure the SRX Series device.C.The SRX Series device is configured correctly and connected to the Junos Pulse Access Control Service. All that remains to be done to complete the configuration is to configure the SRX Series device on the Junos Pulse Access Control Service.D.Both the Junos Pulse Access Control Service and the SRX Series device are configured correctly and communicating with each other.

Which statement is true regarding NAT?() A. NAT is not supported on SRX Series devices.B. NAT requires special hardware on SRX Series devices.C. NAT is processed in the control plane.D. NAT is processed in the data plane.

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A. Resource access policy on the MAG Series deviceB. IPsec routing policy on the MAG Series deviceC. General traffic policy blocking access through the firewall enforcerD. Auth table entry on the firewall enforcer

You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?() A. Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.B. A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.C. Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.D. A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.

What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?() A. Checkpoint firewallB. SRX Series deviceC. DP sensorD. MX Series device

Which statement is true regarding NAT?()A、NAT is not supported on SRX Series devices.B、NAT requires special hardware on SRX Series devices.C、NAT is processed in the control plane.D、NAT is processed in the data plane.

What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()A、Checkpoint firewallB、SRX Series deviceC、DP sensorD、MX Series device

Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? ()A、You do not need to configure a RADIUS client policy.B、You must know the exact model number of the Infranet Enforcer.C、You must specify the NACN password of the device in the RADIUS client policy.D、You do not need to designate a location group to which the Infranet Enforcer will belong.

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

You are an administrator of an active/passive cluster of MAG Series devices running in mixed- mode configuration (IF-MAP server and authenticating users). The active user count is quickly approaching the maximum limit of the cluster. You have been directed to reconfigure the cluster to an active/active cluster and add a new license to increase the total number of active users the cluster can support. What must you do before changing the cluster configuration?()A、Apply the new license to the passive node of the cluster.B、Configure an external load balancer to hold the V IP.C、Disable the active node in the cluster.D、Remove the IF-MAP server configuration.

You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()A、Resource access policy on the MAG Series deviceB、IPsec routing policy on the MAG Series deviceC、General traffic policy blocking access through the firewall enforcerD、Auth table entry on the firewall enforcer

When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()A、The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.B、The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.C、The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.D、The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.

What are three benefits of IF-MAP Federation?()A、Enables seamless access for remote access users to firewall enforcer protected resources.B、Scales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.C、Enables dynamic configuration synchronization across multiple MAG Series devices.D、Provides a substitute for WAN clustering among geographically separated MAG Series devices.E、Shares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.

Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.

Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)A、The server sending the e-mail to the SRX Series device is a known open SMTP relay.B、The server sending the e-mail to the SRX Series device is running unknown SMTP server software.C、The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.D、The e-mail that the server is sending to the SRX Series device has a virus in its attachment.E、The server sending the e-mail to the SRX Series device is a known spammer IP address.

You are deploying a Junos Pulse Access Control Service cluster in active/passive mode. How do you configure the IP address on the SRX Series devices?()A、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP as the IP address the instance.B、Configure multiple Junos Pulse Access Control Service instances on the enforcer, specifying the specific IP address each device in a separate instance.C、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and active node address in the instance.D、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and passive node address in the instance.

You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()A、The endpoints can use agentless access.B、Encrypted traffic flows between the endpoint and the enforcer.C、Encrypted traffic flows between the endpoint and the protected resourceD、The endpoints can use the Odyssey Access Client.

Which statement is true regarding the Junos OS for security platforms?()A、SRX Series devices can store sessions in a session table.B、SRX Series devices accept all traffic by default.C、SRX Series devices must operate only in packet-based mode.D、SRX Series devices must operate only in flow-based mode.

You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()A、The MAG Series device has multiple ports associated with the certificate.B、The MAG Series device's serial number needs to be configured on the SRX Series device.C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.D、The MAG Series device and SRX Series device are not synchronized to an NTP server.

多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.

单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()AYou must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.BNo security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.CYou must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.DYou must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

单选题What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()ACheckpoint firewallBSRX Series deviceCDP sensorDMX Series device

多选题What are three benefits of IF-MAP Federation?()AEnables seamless access for remote access users to firewall enforcer protected resources.BScales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.CEnables dynamic configuration synchronization across multiple MAG Series devices.DProvides a substitute for WAN clustering among geographically separated MAG Series devices.EShares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.

单选题When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()AThe cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.BThe cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.CThe cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.DThe cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.

单选题Which statement is true regarding IPsec VPNs?()AThere are five phases of IKE negotiation.BThere are two phases of IKE negotiation.CIPsec VPN tunnels are not supported on SRX Series devices.DIPsec VPNs require a tunnel PIC in SRX Series devices.

单选题You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()AMultiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.BA single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.CMultiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.DA single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.