多选题 Which two statements are true regarding redundancy groups?()
When priority settings are equal and the members participating in a cluster are initialized at the same time, the primary role for redundancy group 0 is assigned to node 0.
The preempt option determines the primary and secondary roles for redundancy group 0 during a failure and recovery scenario.
Redundancy group 0 manages the control plane failover between the nodes of a cluster.
The primary role can be shared for redundancy group 0 when the active-active option is enabled
多选题 Which three statements are true when working with high-availability clusters?()
The valid cluster-id range is between 0 and 255.
JUNOS security devices can belong to more than one cluster if cluster virtualization is enabled.
If the cluster-id value is set to 0 on a JUNOS security device, the device will not participate in the cluster.
A reboot is required if the cluster-id or node value is changed.
JUNOS security devices can belong to one cluster only.
多选题 What are three configuration objects used to build JUNOS IDP rules?()
zone objects
policy objects
attack objects
alert and notify objects
network and address objects
多选题 Which two statements are true about overflow pools?()
Overflow pools do not support PAT
Overflow pools can not use the egress interface IP address for NAT
Overflow pools must use PAT
Overflow pools can contain the egress interface IP address or separate IP addresses
单选题 Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
set policy tunnel-traffic then tunnel remote-vpn
set policy tunnel-traffic then permit tunnel remote-vpn
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题 An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()
DoS
SYN flood
port scanning
IP address sweep
单选题 Which statement is true about a NAT rule action of off?()
The NAT action of off is only supported for destination NAT rule-sets.
The NAT action of off is only supported for source NAT rule-sets.
The NAT action of off is useful for detailed control of NAT
The NAT action of off is useful for disabling NAT when a pool is exhausted.
单选题 You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()
[edit interfaces]
[edit security zones]
[edit system services]
[edit security interfaces]
单选题 Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.
The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.
The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am