Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }
第1题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
第2题:
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
第3题:
Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The Web server is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the Web server reachable from the Internet using port translation.Which type of NAT must you configure?()
A. source NAT with address shifting
B. pool-based source NAT
C. static destination NAT
D. pool-based destination NAT
第4题:
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
第5题:
Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of yourdevice. You must use NAT to make the webserver reachable from the Internet using port translation.Which type of NAT must you configure?()
第6题:
A. static source pool
B. interface source pool
C. source pool with PAT
D. souce pool without PAT
第7题:
Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The Web server is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the Web server reachable from the Internet using port translation. Which type of NAT must you configure?()
第8题:
WhichtypeofsourceNATisconfiguredintheexhibit?()[editsecuritynatdestination]user@hostshowpoolA{address10.1.10.5/32;}rule-set1{fromzoneuntrust;rule1A{match{destination-address100.0.0.1/32;}then{destination-natpoolA;}}}
A.staticdestinationNAT
B.staticsourceNAT
C.pool-baseddestinationNATwithoutPAT
D.pool-baseddestinationNATwithPAT
第9题:
Which statement describes the behavior of source NAT with address shifting?()
第10题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()