单选题After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?（）A The Junos OS drops any flow that does not match t

第1题：

第2题：

Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }

• A、DNS traffic is denied.
• B、HTTP traffic is denied.
• C、FTP traffic is permitted.
• D、SMTP traffic is permitted.

第3题：

第4题：

A standard access control list has been configured on a router and applied to interface Serial 0 in anoutbound direction. No ACL is applied to Interface Serial 1 on the same router. What will happen whentraffic being filtered by the access list does not match the configured ACL statements for Serial 0？（）

• A、The traffic is dropped
• B、The resulting action is determined by the destination IP address
• C、The source IP address is checked，and，if a match is not found， traffic is routed out interface Serial 1
• D、The resulting action is determined by the destination IP address and port number

第5题：

You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?（）

• A、The intranet-auth authentication option
• B、The redirect-portal application service
• C、The uac-policy application service
• D、The ipsec-vpn tunnel

第6题：

After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?（）

• A、The Junos OS drops any flow that does not match the source address or destination address.
• B、All traffic is dropped.
• C、All existing sessions continue.
• D、The Junos OS does a policy re-evaluation.

第7题：

In the exhibit， you decided to change myHosts addresses. [edit security policies] user@host# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts； destination-address  ExtServers；application  [ junos-ftp junos-bgp ]； } then { permit { tunnel { ipsec-vpn vpnTunnel； } } } } } policy-rematch； What will happen to the new sessions matching the policy and in-progress sessions that hadalready matched the policy？（）

• A、New sessions will be evaluated. In-progress sessions will be re-evaluated.
• B、New sessions will be evaluated. All in-progress sessions will continue.
• C、New sessions will be evaluated. All in-progress sessions will be dropped.
• D、New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

第8题：

第9题：

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?（）

• A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
• C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
• D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }

第10题：

Which configuration shows the correct application of a security policy scheduler?（）

• A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
• B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
• C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
• D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;