juniper认证考试

Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A;

题目

Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }

  • A、static destination NAT
  • B、static source NAT
  • C、pool-based destination NAT without PAT
  • D、pool-based destination NAT with PAT
参考答案和解析
正确答案:C
如果没有搜索结果,请直接 联系老师 获取答案。
相似问题和答案

第1题:

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()

A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }

D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }


参考答案:B

第2题:

Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }

  • A、DNS traffic is denied.
  • B、HTTP traffic is denied.
  • C、FTP traffic is permitted.
  • D、SMTP traffic is permitted.

正确答案:A,C

第3题:

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The Web server is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the Web server reachable from the Internet using port translation.Which type of NAT must you configure?()

A. source NAT with address shifting

B. pool-based source NAT

C. static destination NAT

D. pool-based destination NAT


参考答案:D

第4题:

Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }

  • A、set policy tunnel-traffic then tunnel remote-vpn
  • B、set policy tunnel-traffic then permit tunnel remote-vpn
  • C、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
  • D、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

正确答案:D

第5题:

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address andnetwork mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 isrunning an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of yourdevice. You must use NAT to make the webserver reachable from the Internet using port translation.Which type of NAT must you configure?()

  • A、source NAT with address shifting
  • B、pool-based source NAT
  • C、static destination NAT
  • D、pool-based destination NAT

正确答案:D

第6题:

Click the Exhibit button.Which type of source NAT is configured in the exhibit?()

A. static source pool

B. interface source pool

C. source pool with PAT

D. souce pool without PAT


参考答案:A

第7题:

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The Web server is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the Web server reachable from the Internet using port translation. Which type of NAT must you configure?()

  • A、source NAT with address shifting
  • B、pool-based source NAT
  • C、static destination NAT
  • D、pool-based destination NAT

正确答案:D

第8题:

WhichtypeofsourceNATisconfiguredintheexhibit?()[editsecuritynatdestination]user@hostshowpoolA{address10.1.10.5/32;}rule-set1{fromzoneuntrust;rule1A{match{destination-address100.0.0.1/32;}then{destination-natpoolA;}}}

A.staticdestinationNAT

B.staticsourceNAT

C.pool-baseddestinationNATwithoutPAT

D.pool-baseddestinationNATwithPAT


参考答案:C

第9题:

Which statement describes the behavior of source NAT with address shifting?()

  • A、Source NAT with address shifting translates both the source IP address and the source port of a packet.
  • B、Source NAT with address shifting defines a one-to-one mapping from an original source IP address to a translated source IP address.
  • C、Source NAT with address shifting can translate multiple source IP addresses to the same translated IP address.
  • D、Source NAT with address shifting allows inbound connections to be initiated to the static source pool IP addresses.

正确答案:B

第10题:

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()

  • A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
  • B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
  • C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
  • D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

正确答案:B

更多相关问题