665 お客様のコメント
質問 1:
Which two statements are correct regarding reth interfaces? (Choose two.)
A. Child interfaces must be in the same slot on both nodes
B. Child interfaces do not need to be in the same slot on both nodes.
C. Child interfaces must be the same Ethernet interface type.
D. Child interfaces can be a mixture of Ethernet interface types.
正解:B,C
質問 2:
Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?
A. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
accept;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
reject;
}
}
B. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
source-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
C. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
D. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
正解:C
質問 3:
Which two statements apply to policy scheduling? (Choose two.)
A. You must manually configure system-time updates.
B. Policies that do not have schedulers are not active.
C. Multiple policies can use the same scheduler.
D. An individual policy can have only one scheduler applied.
正解:C,D
質問 4:
Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)
A. The SYN cookie mechanism uses a cryptographic hash, which can detect spoofed source addresses.
B. The SRX device will implement the SYN cookie mechanism on all connections once SYN cookies are enabled.
C. The SYN cookie mechanism is stateless; therefore, the initial three-way handshake can complete before a session table entry is completed.
D. SYN cookie protection can stop UDP floods as well as TCP floods.
正解:A,C
質問 5:
When the first packet in a new flow is received, which high-end SRX component is responsible for setting up the flow?
A. services processing card
B. network processing card
C. Routing Engine
D. I/O card
正解:A
Which two statements are correct regarding reth interfaces? (Choose two.)
A. Child interfaces must be in the same slot on both nodes
B. Child interfaces do not need to be in the same slot on both nodes.
C. Child interfaces must be the same Ethernet interface type.
D. Child interfaces can be a mixture of Ethernet interface types.
正解:B,C
質問 2:
Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?
A. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
accept;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
reject;
}
}
B. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
source-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
C. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
D. [edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
正解:C
質問 3:
Which two statements apply to policy scheduling? (Choose two.)
A. You must manually configure system-time updates.
B. Policies that do not have schedulers are not active.
C. Multiple policies can use the same scheduler.
D. An individual policy can have only one scheduler applied.
正解:C,D
質問 4:
Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)
A. The SYN cookie mechanism uses a cryptographic hash, which can detect spoofed source addresses.
B. The SRX device will implement the SYN cookie mechanism on all connections once SYN cookies are enabled.
C. The SYN cookie mechanism is stateless; therefore, the initial three-way handshake can complete before a session table entry is completed.
D. SYN cookie protection can stop UDP floods as well as TCP floods.
正解:A,C
質問 5:
When the first packet in a new flow is received, which high-end SRX component is responsible for setting up the flow?
A. services processing card
B. network processing card
C. Routing Engine
D. I/O card
正解:A
関川** -
試験対策として2週間集中して勉強し、合格しました。
練習問題は本番にも出題されているので、即役立つ内容ばかりでした。とてもよいテキストで満足です。
ありがとうございました。