单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()
A
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B
Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
C
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
参考解析
解析:
暂无解析
相关考题:
You are having problems with connections from a specific host (192.168.1.15) not closing down correctly.You want to find the state of the threads from that host check for long-running queries. Which statement will accomplish this?()A.AB.BC.CD.D
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A. You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B. No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C. You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D. You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()A. Enhanced Endpoint SecurityB. DP signaturesC. Antivirus licensingD. Endpoint Security Assessment Plug-in
You‘re the systems administrator at Testing, and you create the following access control lists.You then enter the command ip access-group 101 in to apply access control list 101 to router TK1s e0 interface.Which of the following Telnet sessions will be blocked as a result of your access lists?()A. Telnet sessions from host A to host 5.1.1.10B. Telnet sessions from host A to host 5.1.3.10C. Telnet sessions from host B to host 5.1.2.10D. Telnet sessions from host B to host 5.1.3.8E. Telnet sessions from host C to host 5.1.3.10F. Telnet sessions from host F to host 5.1.1.10
How will the above access lists affect traffic?() A.FTP traffic from 192.169.1.22 will be deniedB.No traffic, except for FTP traffic will be allowed to exit E0C.FTP traffic from 192.169.1.9 to any host will be deniedD.All traffic exiting E0 will be deniedE.All FTP traffic to network 192.169.1.9/29 will be denied
I don't want you to make any trouble,(), I urge you to solve the problem.A、thusB、consequentlyC、on the contraryD、just as
You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()A、Specify the IP address (172.19.1.1/32) as the destination address in the policy.B、Specify the DNS entry (hostb.example.com.) as the destination address in the policy.C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }A、DNS traffic is denied.B、HTTP traffic is denied.C、FTP traffic is permitted.D、SMTP traffic is permitted.
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()A、The intranet-auth authentication optionB、The redirect-portal application serviceC、The uac-policy application serviceD、The ipsec-vpn tunnel
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
The following access list was applied outbound on he E0 interface connected to the 192.168.1.8/29 LAN: access-list 123 deny tcp 192.168.1.8 0.0.0.7 eq 20 any access-list 123 deny tcp 192.168.1.9 0.0.0.7 eq 21 any What effect will this access list have?()A、All traffic will be allowed to exit E0 except FTP traffic.B、FTP traffic from 192.168.1.22 to any host will be denied.C、FTP traffic from 192.168.1.9 to any host will be denied.D、All traffic exiting E0 will be denied.E、All FTP traffic to network 192.168.1.8/29 from any host will be denied.
How will the above access lists affect traffic?()A、FTP traffic from 192.169.1.22 will be deniedB、No traffic, except for FTP traffic will be allowed to exit E0C、FTP traffic from 192.169.1.9 to any host will be deniedD、All traffic exiting E0 will be deniedE、All FTP traffic to network 192.169.1.9/29 will be denied
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.A、DNS traffic is denied.B、Telnet traffic is denied.C、SMTP traffic is denied.D、Ping traffic is permitted
In your Certkiller .com production database, you find that the database users are able to create and read files with unstructured data, available in any location on the host machine from an application. You want to restrict the database users to access files in a specific location on the host machine. What could do to achieve this?()A、Modify the value for the UTL_FILE_DIR parameter in the parameter fileB、Grant read and write privilege on the operating system path to the database usersC、Modify the value for the LDAP_DIRECTORY_ACCESS parameter in the parameter fileD、Modify the value for the PLSQL_NATIVE_LIBRARY_DIR parameter in the parameter fileE、Create a directory object referring to the operating system path, and grant read and write privilege on the directory object to the database users
You need to design a method to ensure that only scripts that are approved by the IT department can run on company computers. Your solution must meet business requirements. What should you do?()A、Create a new software restriction policy in the Default Domain Policy GPO that removes the Microsoft Visual Basic Scripting Edition and the Windows Script Component file types from the File Types listB、Create a new software restriction policy in the Default Domain Policy GPO that disables the use of Wscript.exe and Cscript.exeC、Configure Windows Script Host to not execute Windows Script Component file typesD、Configure Windows Script Host to execute only scripts that are signed by a certificate issued by an approved certification authority (CA)
You administer a Windows 2000 Professional computer that is shared by multiple users. You receive a phone call from one of the users of the shared computer that tells you that the computer is reporting a kernel stop error. You notice that a user has tried to install video drivers that have caused the computer to become unstable. You want to ensure that users can install only the drivers that are approved by the manufacturer. What should you do? ()A、Configure File signature verification to block driver installation, and set driver signing as a system default.B、Remove all users from the Power User group.C、Create a Local Computer Policy to prevent users from installing drivers.D、Create a Local Computer Policy to enable Windows File Protection.
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题On your newly installed router, you apply the access list illustrated below to interface Ethernet 0 on a Cisco router. The interface is connected to the 192.168.1.8/29 LAN. access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 20 any access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 21 any How will the above access lists affect traffic?()AAll traffic will be allowed to exit E0 except FTP traffic.BFTP traffic from 192.168.166.19 to any host will be denied.CFTP traffic from 192.168.166.22 to any host will be denied.DAll traffic exiting E0 will be denied.EAll FTP traffic to network 192.168.166.18/29 from any host will be denied.
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题I don't want you to make any trouble,(), I urge you to solve the problem.AthusBconsequentlyCon the contraryDjust as
多选题You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?()ASelect Require and Enforce for the Host Checker Policy in the realm authentication policy.BSelect Evaluate Policies for the Host Checker policy in the realm authentication policy.CConfigure the Host Checker policy as a role restriction for the Employee role.DConfigure the Host Checker policy as a resource access policy for the Employee role.
单选题You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()AThe intranet-auth authentication optionBThe redirect-portal application serviceCThe uac-policy application serviceDThe ipsec-vpn tunnel
单选题You want to create a Host Checker policy that looks for a specific antivirus product that is running on your client machines, but the predefined antivirus options do not include the antivirus product version that you use.Which feature should you verify the antivirus product is up to date?()AEnhanced Endpoint SecurityBDP signaturesCAntivirus licensingDEndpoint Security Assessment Plug-in
单选题You are the network administrator at TestKing. You apply the following access list on the E0 outbound interface connected to the 192.168.1.8/29 LAN: access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 20 any access-list 21 deny tcp 192.168.1.8 0.0.0.7 eq 21 any What will the effect of this access list be?()AAll traffic will be allowed to out of E0 except FTP traffic.BFTP traffic from 192.168.1.22 to any host will be blocked.CFTP traffic from 192.168.1.9 to any host will be blocked.DAll traffic will be prevented from leaving E0.EAll FTP traffic to network 192.168.1.9/29 from any host will be blocked.
单选题You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()AYou must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.BNo security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.CYou must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.DYou must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.