The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?()A. Switch1(config-if)# switchport port-security maximum 1B. Switch1(config)# mac-address-table secureC. Switch1(config)# access-list 10 permit ip hostD. Switch1(config-if)# switchport p ort-security violation shutdownE. Switch1(config-if)# ip access-group 10
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?()
A. Switch1(config-if)# switchport port-security maximum 1
B. Switch1(config)# mac-address-table secure
C. Switch1(config)# access-list 10 permit ip host
D. Switch1(config-if)# switchport p ort-security violation shutdown
E. Switch1(config-if)# ip access-group 10
相关考题:
a firewall is both policy and the implementation of that policy in terms of (),(),and (), as well as other security measures A、network configurationB、host systemsC、routersD、softwares
A () is an approach to security; it helps implement a larger security policy that defines the services and access to be permitted. A、firewallB、patentC、ERPD、intranet
A firewall is an approach to security; it helps implement a larger security policy that defines the services and access to be permitted.
Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()A. Source IP and browserB. Source IP and certificateC. Certificate and Host CheckerD. Host Checker and source IP
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.) A. Traffic is permitted from the trust zone to the untrust zone.B. Intrazone traffic in the trust zone is permitted.C. All traffic through the device is denied.D. The policy is matched only when no other matching policies are found.
Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections.How many sessions exist between Host A and Host B?()A.1B.2C.3D.4
You are not able to telnet to the interface IP of your JUNOS software with enhanced services devicefrom a PC on the same subnet. What is causing the problem? () A. Telnet is not being permitted by self policy.B. Telnet is not being permitted by security policy.C. Telnet is not allowed because it is not considered secure.D. Telnet is not enabled as a host-inbound service on the zone.
A network vulnerability scanner is part of which critical element of network and system security?() A. host securityB. perimeter securityC. security monitoringD. policy management
Which OSPF network type is ideal for partially meshed NBMA networks because it is easy to configure(requires no configuration of neighbor commands), consumes only one IP subnet, and requires no designated router election?
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.
You are developing a Windows Communication Foundation (WCF) service. One of the parameters used with the service operations is a security token. The security token is not sensitive. The monitoring software tracks security tokens and can read tokens in clear text only.The company security policy requires that you validate all clear text data passed over the corporate network.You need to ensure that the service verifies that the security token is not changed during transit. What should you do?()A、For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to EncryptAndSign.B、Implement IEndpointldentityProvider in the message contract class.C、Implement ISecureConversationSession in the message contract class.D、For all the security-sensitive members, set the ProtectionLevel parameter of the MessageBodyMember or MessageHeader attribute to Sign.
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy (Choose two.)()。A、Switch1(config-if)# switchport port-security maximum 1B、Switch1(config)# mac-address-table secureC、Switch1(config)# access-list 10 permit ip hostD、Switch1(config-if)# switchport port-security violation shutdownE、Switch1(config-if)# ip access-group 10
A network vulnerability scanner is part of which critical element of network and system security?()A、host securityB、perimeter securityC、security monitoringD、policy management
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?()A、TestKing1(config-if)# switchport port-security maximum 1B、TestKing1(config)# mac-address-table secureC、TestKing1(config)# access-list 10 permit ip hostD、TestKing1(config-if)# switchport port-security violation shutdownE、TestKing1(config-if)# ip access-group 10
Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()A、Source IP and browserB、Source IP and certificateC、Certificate and Host CheckerD、Host Checker and source IP
You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()A、Telnet is not being permitted by self policy.B、Telnet is not being permitted by security policy.C、Telnet is not allowed because it is not considered secure.D、Telnet is not enabled as a host-inbound service on the zone
Which two statements are true regarding the system-default security policy [edit security policies default-policy]?()(Choose two.)A、Traffic is permitted from the trust zone to the untrust zone.B、Intrazone traffic in the trust zone is permitted.C、All traffic through the device is denied.D、The policy is matched only when no other matching policies are found.
Network Access Protection (NAP) is configured for the corporate network.Users connect to the corporate network by using portable computers.The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.You need to ensure that users can access network resources only from computers that comply with the company policy.What should you do?()A、Create an IPsec Enforcement Network policy.B、Create an 802.1X Enforcement Network policy.C、Create a Wired Network (IEEE 802.3) Group policy.D、Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
多选题You work as a senior administrator at ABC.com. The ABC.com network consists of a single domain named ABC.com. All servers on the ABC.com network have Windows Server 2012 R2 installed. You are running a training exercise for junior administrators. You are currently discussing the Windows Firewall with Advanced Security feature. Which of the following is TRUE with regards to Windows Firewall with Advanced Security?()AIt provides host-based,two-way network traffic filtering for a computer.BIt provides host-based,one-way network traffic filtering for a computer.CIt blocks unauthorized network traffic flowing into or out of the local computer.DIt only blocks unauthorized network traffic flowing into the local computer.EIt only blocks unauthorized network traffic flowing out of the local computer.
问答题Which OSPF network type is ideal for partially meshed NBMA networks because it is easy to configure(requires no configuration of neighbor commands), consumes only one IP subnet, and requires no designated router election?
单选题A network vulnerability scanner is part of which critical element of network and system security?()A host securityB perimeter securityC security monitoringD policy management
单选题You are not able to telnet to the interface IP of your JUNOS software with enhanced services devicefrom a PC on the same subnet. What is causing the problem? ()ATelnet is not being permitted by self policy.BTelnet is not being permitted by security policy.CTelnet is not allowed because it is not considered secure.DTelnet is not enabled as a host-inbound service on the zone.
单选题Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()ASource IP and browserBSource IP and certificateCCertificate and Host CheckerDHost Checker and source IP
多选题You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()AThe endpoints can use agentless access.BEncrypted traffic flows between the endpoint and the enforcer.CEncrypted traffic flows between the endpoint and the protected resourceDThe endpoints can use the Odyssey Access Client.
单选题You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do? ()A Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).B Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.C Create a task on each application server that runs the secedit command with Baseline1.inf every day.D Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections. How many sessions exist between Host A and Host B?()A1B2C3D4