JN0-330 题目列表
单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?()A The traffic is permitted through the myTunnel IPSec tunnel only on Tuesdays.B The traffic is permitted through the myTunnel IPSec tunnel daily, with the exception of Mondays.C The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
单选题You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in theUntrust zone. How do you do create this policy? ()ASpecify the IP address (172.19.1.1/32) as the destination address in the policy.BSpecify the DNS entry (hostb.example.com.) as the destination address in the policy.CCreate an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.DCreate an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
单选题In a JSRP cluster with two J6350 routers, the interface ge-7/0/0 belongs to which device? ()AThis interface is a system-created interface.BThis interface belongs to NODE0 of the cluster.CThis interface belongs to NODE1 of the cluster.DThis interface will not exist because J6350 routers have only six slots.
单选题A route-based VPN is required for which scenario? ()Awhen the remote VPN peer is behind a NAT deviceBwhen multiple networks need to be reached across the tunnelCwhen the remote VPN peer is a dialup or remote access clientDwhen a dynamic routing protocol such as OSPF is required across the VPN
多选题Click the Exhibit button. host_a is in subnet_a and host_b is in subnet_b. Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?()ADNS traffic is denied.BTelnet traffic is denied.CSMTP traffic is denied.DPing traffic is permitted.
单选题Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessionswhen you change the policy action from permit to deny? ()AThe new sessions matching the policy are denied. The existing sessions are dropped.BThe new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.CThe new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.DThe new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
单选题Click the Exhibit button. In the exhibit, what is the purpose of this OSPF configuration?()A The router sends the file debugOSPF (containing hellos sent and LSA updates) to the syslog server.B The router traces both OSPF hellos sent and LSA updates, and stores the results in the debugOSPFfile.C The router traces both OSPF hellos sent and LSA updates, and sends the results to the syslog process with the debugOSPF facility.D The router traces all OSPF operations, stores the results in the debugOSPF file, and marks both hellos sent and LSAupdates in the file with a special flag.
多选题Users can define policy to control traffic flow between which two components? ()(Choose two.)Afrom a zone to the router itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface
多选题Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by AH?()(Choose three.)Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication
多选题On which three traffic types does firewall pass-through authentication work? ()(Choose three.)ApingBFTPCTelnetDHTTPEHTTPS
单选题Which parameters must you select when configuring operating system probes SCREEN options?()Asyn-fin, syn-flood, and tcp-no-fragBsyn-fin, port-scan, and tcp-no-flagCsyn-fin, fin-no-ack, and tcp-no-fragDsyn-fin, syn-ack-ack-proxy, and tcp-no-frag
多选题Which two are components of the enhanced services software architecture?() (Choose two.)ALinux kernelBrouting protocol daemonCsession-based forwarding moduleDseparate routing and security planes
单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections. How many flows exist between Host A and Host B? ()A1B2C3D4
单选题Interface ge-0/0/2.0 of your router is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A host with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. This host isattached to the ge-0/0/0.0 interface of your router. You must use interface-based static NAT to make the HTTP service on the host reachable from the Internet. On which IP address and TCP port can Internet hosts reach the HTTP service?()AIP address 10.10.10.1 and TCP port 8080BIP address 71.33.252.17 and TCP port 80CIP address 71.33.251.19 and TCP port 80DIP address 71.33.252.19 and TCP port 8080
单选题A traditional router is better suited than a firewall device for which function? ()AVPN establishmentBpacket-based forwardingCstateful packet processingDnetwork address translation