Which two security policy actions are valid? (Choose two.)
A. close
B. deny
C. discard
D. reject
正解:B,D
質問 2:
Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessions when you change the policy action from permit to deny?
A. The new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
B. The new sessions matching the policy are denied. The existing sessions are dropped.
C. The new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.
D. The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.
正解:B
質問 3:
What are two uses of NAT? (Choose two.)
A. allowing networks with overlapping private address space to communicate
B. preventing unauthorized connections from outside the network
C. allowing stateful packet inspection
D. conserving public IP addresses
正解:A,D
質問 4:
Click the Exhibit button.
[edit security policies]
user@host# show
from-zone Private to-zone External {
policy MyTraffic {
match {
source-address myHosts;
destination-address ExtServers;
application [ junos-ftp junos-bgp ];
}
then {
permit {
tunnel {
ipsec-vpn vpnTunnel;
}}}}}
policy-rematch;
In the exhibit, you decided to change myHosts addresses.
What will happen to the new sessions matching the policy and in-progress sessions that had
already matched the policy?
A. New sessions will be evaluated. In-progress sessions will be re-evaluated.
B. New sessions will be evaluated. All in-progress sessions will continue.
C. New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.
D. New sessions will be evaluated. All in-progress sessions will be dropped.
正解:A
質問 5:
Regarding an IPsec security association (SA), which two statements are true? (Choose two.)
A. IPsec SA is established during phase 2 negotiations.
B. IKE SA is bidirectional.
C. IPsec SA is bidirectional.
D. IKE SA is established during phase 2 negotiations.
正解:B,D
質問 6:
Which configuration shows a pool-based source NAT without PAT'?
A. [edit security nat source]
user@host# show
pool A {
address {207.17.137.1/32 to 207.17.137.254/32;
}
overflow-pool interface;
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
}}}
B. [edit security nat source]
user@host# show
pool A {
address { 207.17.137.1/32 to 207.17.137.254/32;
}}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
port no-translation;
}}
}
C. [edit security nat source]
user@host# show
pool A {
address {207.17.137.1/32 to 207.17.137.254/32;
}
port no-translation;
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
}}}
D. [edit security nat source]
user@host# show
pool A {
address { 207.17.137.1/32 to 207.17.137.254/32;
}
overflow-pool interface;
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
port no-translation;
}}}
正解:C
佐久** -
頻出順の学習もできる!出題範囲網羅だから安心!素早く実力UPするテキストJN0-331問題集だ