单选题By default， which condition would cause a session to be removed from the session table？（）A Route entry for the session changed.B Security policy for the session changed.C The ARP table entry for the source IP address timed out.D No traffic matched the 

第1题：

You issue the command telnet interface ge-1/1/0 10.10.10.1 source 192.168.100.1 bypass-routing. Which statement is correct?（）

• A、The bypass-routing parameter is ignored when using private IP addressing.
• B、The telnet session will have the source IP address 10.10.10.1.
• C、The telnet session will connect to the neighboring device's interface ge-1/1/0.
• D、Return traffic for the telnet session might not arrive at interface ge-1/1/0.

第2题：

Which two statements about RPF checks in Multicast Source Discovery Protocol （MSDP） are true？（）

• A、It prevents message looping， Session Advertisement （SA）messages must be RPF checked
• B、RPF check should be done against the route to the source S of the corresponding PIM-SM domain
• C、RPF check should be done against the route to the Rendez-vous Point of the corresponding PIM-SM domain，which originated the SA
• D、RPF checking Session Advertisement （SA） messages will cause message looping

第3题：

第4题：

Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?（）

• A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
• B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
• C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
• D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }

第5题：

DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these？ （）

• A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers
• B、 intercepts all ARP requests and responses on untrusted ports
• C、 builds and maintains the DHCP snooping binding database， which contains information about untrusted hosts with leased IP addresses
• D、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts
• E、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry

第6题：

By default， which condition would cause a session to be removed from the session table？（）

• A、Route entry for the session changed.
• B、Security policy for the session changed.
• C、The ARP table entry for the source IP address timed out.
• D、No traffic matched the session during the timeout period.

第7题：

Which information is stored in the stateful session flow table while using a stateful firewall？（）

• A、the inside private IP address and the translated inside global IP address
• B、the source and destination IP addresses， port numbers，TCP sequencing information， and additional flags for each TCP or UDP connection associated with a particular session
• C、the outbound and inbound access rules （ACL entries）
• D、all TCP and UDP header information only

第8题：

Your boss， Miss ，is interested in CEF.  What should you tell her？ （）

• A、The FIB lookup is based on the Layer 3 destination address prefix （shortest match）.
• B、The adjacent table is derived from the ARP table.
• C、The FIB table is derived from the IP routing table.
• D、When the adjacency table is full， a CEF TCAM table entry points to the Layer 3 engine to redirect the adjacency.
• E、CEF IP destination prefixes are stored in the TCAM table， from the least specific to the most specific entry.
• F、When the CEF TCAM table is full， packets are dropped.

第9题：

Your Cisco network currently runs OSPF and you have a need to policy-route some specific traffic，regardless of what the routing table shows. Which one of these options would enable you to policy-route the traffic?（）

• A、source IP address and the protocol （such as SSL，HTTPS，SSH）
• B、the packet Time to Live and the source IP address
• C、type of service header and DSCP value
• D、destination IP address

第10题：

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com（172.19.1.1） in the Untrust zone. How do you create this policy？（）

• A、Specify the IP address （172.19.1.1/32） as the destination address in the policy.
• B、Specify the DNS entry （hostb.example.com.） as the destination address in the policy.
• C、Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
• D、Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy