单选题
Under which configuration hierarchy is an access profile configured for firewall user authentication?()
[edit access]
[edit security access]
[edit firewall access]
[edit firewall-authentication]
多选题
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()
data integrity
data confidentiality
data authentication
outer IP header confidentiality
outer IP header authentication
单选题
You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?()
You must enable SPC detect within the configuration.
You must enable active-active failover for redundancy.
You must ensure all SPCs use the same slot placement.
You must configure auto-negotiation on the control ports of both devices
多选题
Which two firewall user authentication objects can be referenced in a security policy?()
access profile
client group
client
default profile
多选题
Which two statements about the use of SCREEN options are correct?()
SCREEN options are deployed at the ingress and egress sides of a packet flow.
Although SCREEN options are very useful, their use can result in more session creation.
SCREEN options offer protection against various attacks at the ingress zone of a packet flow.
SCREEN options examine traffic prior to policy processing, thereby resulting in fewer resouces used formalicious packet processing.
单选题
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com(172.19.1.1) in the Untrust zone. How do you create this policy?()
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy
多选题
Which three advanced permit actions within security policies are valid?()
Mark permitted traffic for firewall user authentication.
Mark permitted traffic for SCREEN options.
Associate permitted traffic with an IPsec tunnel.
Associate permitted traffic with a NAT rule.
Mark permitted traffic for IDP processing.
单选题
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
A route-based VPN generally uses less resources than a policy-based VPN.
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
多选题
Which two parameters are configured in IPsec policy?()
mode
IKE gateway
security proposal
Perfect Forward Secrecy
多选题
You have been tasked with performing an update to the IDP attack database. Which three requirements areincluded as part of this task?()
The IDP security package must be installed after it is downloaded.
The device must be rebooted to complete the update.
The device must be connected to a network.
An IDP license must be installed on your device.
You must be logged in as the root user
