单选题 A network administrator has configured source NAT, translating to an address that is on a locally connected subnet.The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?()
The host needs to open the telnet port.
The host needs a route for the translated address.
The administrator must use a proxy-arp policy for the translated address.
The administrator must use a security policy, which will allow communication between the zones.
单选题 When using UTM features in an HA cluster, which statement is true for installing the licenses on the cluster members?()
One UTM cluster license will activate UTM features on both members.
Each device will need a UTM license generated for its serial number.
Each device will need a UTM license generated for the cluster, but licenses can be applied to either member.
HA clustering automatically comes with UTM licensing, no additional actions are needed.
单选题 Which Web-filtering technology can be used at the same time as integrated Web filtering on a single branch SRX Series device?()
Websense redirect Web filtering
local Web filtering (blacklist or whitelist)
firewall user authentication
ICAP
多选题 Which two functions of the Junos OS are handled by the data plane? ()(Choose two.)
NAT
OSPF
SNMP
SCREEN options
单选题 Which statement is true regarding the Junos OS for security platforms?()
SRX Series devices can store sessions in a session table.
SRX Series devices accept all traffic by default.
SRX Series devices must operate only in packet-based mode.
SRX Series devices must operate only in flow-based mode.
单选题 Which statement contains the correct parameters for a route-based IPsec VPN?()
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
单选题 The Junos OS blocks an HTTP request due to the category of the URL.Which form of Web filtering is being used?()
redirect Web filtering
integrated Web filtering
categorized Web filtering
local Web filtering
单选题 For which network anomaly does Junos provide a SCREEN?()
a telnet to port 80
a TCP packet with the SYN and ACK flags set
an SNMP getnext request
an ICMP packet larger than 1024 bytes
单选题 How do you apply UTM enforcement to security policies on the branch SRX series?()
UTM profiles are applied on a security policy by policy basis.
UTM profiles are applied at the global policy level.
Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.
Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level.
单选题 What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?()
set apply-groups node$
set apply-groups (node)
set apply-groups $(node)
set apply-groups (node)all