多选题 Which three functions are provided by JUNOS Software for security platforms?()
VPN establishment
stateful ARP lookups
Dynamic ARP inspection
Network Address Translation
inspection of packets at higher levels (Layer 4 and above)
多选题 Which two commands can be used to monitor firewall user authentication?()
show access firewall-authentication
show security firewall-authentication users
show security audit log
show security firewall-authentication history
单选题 Which statement is true regarding proxy ARP?()
Proxy ARP is enabled by default on stand-alone JUNOS security devices.
Proxy ARP is enabled by default on chassis clusters.
JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.
JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled
单选题 Which attribute is optional for IKE phase 2 negotiations?()
proxy-ID
phase 2 proposal
Diffie-Hellman group key
security protocol (ESP or AH)
单选题 Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()
message 1 and 2
message 3 and 4
message 5 and 6
message 7 and 8
单选题 You must configure a SCREEN option that would protect your device from a session table flood.Which configuration meets this requirement?()
A
B
C
D
单选题 You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem?()
Telnet is not being permitted by self policy.
Telnet is not being permitted by security policy.
Telnet is not allowed because it is not considered secure.
Telnet is not enabled as a host-inbound service on the zone
单选题 Which parameters are valid SCREEN options for combating operating system probes?()
syn-fin, syn-flood, and tcp-no-frag
syn-fin, port-scan, and tcp-no-flag
syn-fin, fin-no-ack, and tcp-no-frag
syn-fin, syn-ack-ack-proxy, and tcp-no-frag
单选题 For IKE phase 1 negotiations, when is aggressive mode typically used?()
when one of the tunnel peers has a dynamic IP address
when one of the tunnel peers wants to force main mode to be used
when fragmentation of the IKE packet is required between the two peers
when one of the tunnel peers wants to specify a different phase 1 proposal