移动端

  • 题王微信公众号

    题王微信公众号

    微信搜“题王网”真题密题、最新资讯、考试攻略、轻松拿下考试

计算机考试 | juniper认证考试

模式切换

0 0 0
我的错题 我的收藏 学习笔记

章节目录

多选题 Which three statements are true when working with high-availability clusters? (Choose three.)()

A

The valid cluster-id range is between 0 and 255.

B

Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled.

C

If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.

D

A reboot is required if the cluster-id or node value is changed.

E

Junos OS security devices can belong to one cluster only.

多选题 At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)

A

[edit security idp]

B

[edit security zones security-zone trust interfaces ge-0/0/0.0]

C

[edit security zones security-zone trust]

D

[edit security screen]

单选题 Which statement is true regarding NAT?()

A

NAT is not supported on SRX Series devices.

B

NAT requires special hardware on SRX Series devices.

C

NAT is processed in the control plane.

D

NAT is processed in the data plane.

单选题 Which zone is system-defined?()

A

security

B

functional

C

junos-global

D

management

多选题 Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)

A

Up to three external authentication server types can be used simultaneously.

B

Only one external authentication server type can be used simultaneously.

C

If the local password database is not configured in the authentication order, and the configured authentication server  bypassed.

D

If the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.

单选题 A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?()

A

It enables an attacker to perform an IP sweep of devices.

B

It enables a hacker to know which operating system the system is running.

C

It can overflow the session table to its limit, which can result in rejection of legitimate traffic.

D

It creates a ping of death and can cause the entire network to be infected with a virus.

多选题 Which two statements in a source NAT configuration are true regarding addresses, rule-sets, or rules that overlap?()(Choose two.)

A

Addresses used for NAT pools should never overlap.

B

If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.

C

If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.

D

Dynamic source NAT rules take precedence over static source NAT rules.

单选题 What is the default session timeout for TCP sessions?()

A

1 minute

B

15 minutes

C

30 minutes

D

90 minutes

单选题 You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()

A

[edit security policies from-zone HR to-zone HR]

B

[edit security zones functional-zone management protocols]

C

[edit security zones protocol-zone HR host-inbound-traffic]

D

[edit security zones security-zone HR host-inbound-traffic protocols]

多选题 Which two statements are true about the relationship between static NAT and proxy ARP? ()(Choose two.)

A

It is necessary to forward ARP requests to remote hosts.

B

It is necessary when translated traffic belongs to the same subnet as the ingress interface.

C

It is not automatic and you must configure it.

D

It is enabled by default and you do not need to configure it.

首页 上一页 1 2 3 4 5 下一页 尾页 /

到第