It holds security policies for particular hosts.
It holds statistics about traffic to and from particular hosts.
It defines hosts in a zone so they can be referenced by policies.
It maps hostnames to IP addresses to serve as a backup to DNS resolution.
第1题:
A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
第2题:
Why would a network administrator configure port security on a switch?()
第3题:
The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?
A.To prevent unauthorized hosts from getting access to the LAN
B.To limit the number of Layer 2 broadcasts on a particular switch port
C.To prevent unauthorized Telnet or SSH access to a switch port
D.To prevent the IP and MAC address of the switch and associated ports
E.None of the above
第4题:
Which configuration shows the correct application of a security policy scheduler?()
第5题:
What is the purpose of an address book?()
第6题:
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
第7题:
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }
第8题:
A. Traffic is permitted from the trust zone to the untrust zone.
B. Intrazone traffic in the trust zone is permitted.
C. All traffic through the device is denied.
D. The policy is matched only when no other matching policies are found.
第9题:
In a DNS environment, the zone file that maps hostnames to IP address (sometimes called the named.hosts file), is created on which of the following servers?()
第10题:
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()