多选题 Which three statements are true when working with high-availability clusters? (Choose three.)()
The valid cluster-id range is between 0 and 255.
Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled.
If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.
A reboot is required if the cluster-id or node value is changed.
Junos OS security devices can belong to one cluster only.
多选题 At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)
[edit security idp]
[edit security zones security-zone trust interfaces ge-0/0/0.0]
[edit security zones security-zone trust]
[edit security screen]
单选题 Which statement is true regarding NAT?()
NAT is not supported on SRX Series devices.
NAT requires special hardware on SRX Series devices.
NAT is processed in the control plane.
NAT is processed in the data plane.
单选题 Which zone is system-defined?()
security
functional
junos-global
management
多选题 Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)
Up to three external authentication server types can be used simultaneously.
Only one external authentication server type can be used simultaneously.
If the local password database is not configured in the authentication order, and the configured authentication server bypassed.
If the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
单选题 A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?()
It enables an attacker to perform an IP sweep of devices.
It enables a hacker to know which operating system the system is running.
It can overflow the session table to its limit, which can result in rejection of legitimate traffic.
It creates a ping of death and can cause the entire network to be infected with a virus.
多选题 Which two statements in a source NAT configuration are true regarding addresses, rule-sets, or rules that overlap?()(Choose two.)
Addresses used for NAT pools should never overlap.
If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.
If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.
Dynamic source NAT rules take precedence over static source NAT rules.
单选题 What is the default session timeout for TCP sessions?()
1 minute
15 minutes
30 minutes
90 minutes
单选题 You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()
[edit security policies from-zone HR to-zone HR]
[edit security zones functional-zone management protocols]
[edit security zones protocol-zone HR host-inbound-traffic]
[edit security zones security-zone HR host-inbound-traffic protocols]
多选题 Which two statements are true about the relationship between static NAT and proxy ARP? ()(Choose two.)
It is necessary to forward ARP requests to remote hosts.
It is necessary when translated traffic belongs to the same subnet as the ingress interface.
It is not automatic and you must configure it.
It is enabled by default and you do not need to configure it.