itgle.com

多选题You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()Aaccess profileBIKE parametersCtunneled interfaceDredirect policy

题目
多选题
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()
A

access profile

B

IKE parameters

C

tunneled interface

D

redirect policy


相似考题
更多“多选题You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()Aaccess profileBIKE parametersCtunneled interfaceDredirect policy”相关问题
  • 第1题:

    You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

    A. resource access policies

    B. Host Enforcer policies

    C. source IP enforcement policies

    D. IPsec enforcement policies


    参考答案:D

  • 第2题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    A. Resource access policy on the MAG Series device

    B. IPsec routing policy on the MAG Series device

    C. General traffic policy blocking access through the firewall enforcer

    D. Auth table entry on the firewall enforcer


    参考答案:A, D

  • 第3题:

    Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? ()

    • A、You do not need to configure a RADIUS client policy.
    • B、You must know the exact model number of the Infranet Enforcer.
    • C、You must specify the NACN password of the device in the RADIUS client policy.
    • D、You do not need to designate a location group to which the Infranet Enforcer will belong.

    正确答案:A

  • 第4题:

    You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()

    • A、The intranet-auth authentication option
    • B、The redirect-portal application service
    • C、The uac-policy application service
    • D、The ipsec-vpn tunnel

    正确答案:C

  • 第5题:

    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

    • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
    • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

    正确答案:A

  • 第6题:

    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()

    • A、Connection Requests
    • B、System Errors
    • C、Enforcer Events
    • D、Enforcer Command Trace

    正确答案:C,D

  • 第7题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    • A、Resource access policy on the MAG Series device
    • B、IPsec routing policy on the MAG Series device
    • C、General traffic policy blocking access through the firewall enforcer
    • D、Auth table entry on the firewall enforcer

    正确答案:A,D

  • 第8题:

    You are deploying a Junos Pulse Access Control Service cluster in active/passive mode. How do you configure the IP address on the SRX Series devices?()

    • A、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP as the IP address the instance.
    • B、Configure multiple Junos Pulse Access Control Service instances on the enforcer, specifying the specific IP address each device in a separate instance.
    • C、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and active node address in the instance.
    • D、Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and passive node address in the instance.

    正确答案:A

  • 第9题:

    多选题
    You want to create a security policy on an SRX240 that redirects unauthenticated users back to the Junos Pulse Access Control Service.Which two steps must you take to accomplish this task?()
    A

    Configure a captive-portal service that redirects all traffic back to the Junos Pulse Access Control Service.

    B

    Configure a security policy that references the unified-access-control captive-portal service.

    C

    Configure a captive-portal service that redirects unauthenticated traffic back to the Junos Pulse Access Control Service.

    D

    Configure a security policy that references the unified-access-control intranet-controller service.


    正确答案: A,D
    解析: 暂无解析

  • 第10题:

    单选题
    You are deploying a Junos Pulse Access Control Service cluster in active/passive mode. How do you configure the IP address on the SRX Series devices?()
    A

    Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP as the IP address the instance.

    B

    Configure multiple Junos Pulse Access Control Service instances on the enforcer, specifying the specific IP address each device in a separate instance.

    C

    Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and active node address in the instance.

    D

    Configure a single Junos Pulse Access Control Service instance on the enforcer, specifying the VIP and passive node address in the instance.


    正确答案: A
    解析: 暂无解析

  • 第11题:

    多选题
    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
    A

    Resource access policy on the MAG Series device

    B

    IPsec routing policy on the MAG Series device

    C

    General traffic policy blocking access through the firewall enforcer

    D

    Auth table entry on the firewall enforcer


    正确答案: A,C
    解析: 暂无解析

  • 第12题:

    多选题
    A customer has purchased a third-party switch to use for Layer 2 access with their Junos Pulse Access Controe Service. When configuring the switch on the Junos Pulse Access Control Service, the customer does not find a make/model entry for it . Which two actions should the customer take to make the switch work with the Junos Pulse Access Control Service?()
    A

    Add the switch to the Junos Pulse Access Control Service as a standard RADIUS.

    B

    Add the switch to the Junos Pulse Access Control Service using the Any make/model.

    C

    Add the switch as a firewall enforcer.

    D

    Obtain and configure the RADIUS dictionary for the switch and use that vendor listing for the make/model.


    正确答案: D,B
    解析: 暂无解析

  • 第13题:

    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()

    A. Connection Requests

    B. System Errors

    C. Enforcer Events

    D. Enforcer Command Trace


    参考答案:C, D

  • 第14题:

    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()

    • A、The crypto ACL number
    • B、The IPSEC mode (tunnel or transport)
    • C、The GRE tunnel interface IP address
    • D、The GRE tunnel source interface or IP address, and tunnel destination IP address
    • E、The MTU size of the GRE tunnel interface

    正确答案:C,D

  • 第15题:

    A policy-based IPsec VPN is ideal for which scenario?()

    • A、when you want to conserve tunnel resources
    • B、when the remote peer is a dialup or remote access client
    • C、when you want to configure a tunnel policy with an action of deny
    • D、when a dynamic routing protocol such as OSPF must be sent across the VPN

    正确答案:B

  • 第16题:

    You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

    • A、access profile
    • B、IKE parameters
    • C、tunneled interface
    • D、redirect policy

    正确答案:A,B

  • 第17题:

    In a Junos Pulse Access Control Service firewall enforcement configuration, what is the purpose of the source IP policy?()

    • A、to specify the destination addresses to which access is permitted
    • B、to specify the source address permitted to access the resource
    • C、to specify the services to which access is permitted
    • D、to inform the enforcer to expect policy information from the Junos Pulse Access Control Service

    正确答案:D

  • 第18题:

    You want to create a security policy on an SRX240 that redirects unauthenticated users back to the Junos Pulse Access Control Service.Which two steps must you take to accomplish this task?()

    • A、Configure a captive-portal service that redirects all traffic back to the Junos Pulse Access Control Service.
    • B、Configure a security policy that references the unified-access-control captive-portal service.
    • C、Configure a captive-portal service that redirects unauthenticated traffic back to the Junos Pulse Access Control Service.
    • D、Configure a security policy that references the unified-access-control intranet-controller service.

    正确答案:B,C

  • 第19题:

    You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()

    • A、CLI
    • B、WebUI
    • C、NSM
    • D、Junos Pulse Access Control Service

    正确答案:C,D

  • 第20题:

    You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.Which type of policies provide this level of protection?()

    • A、resource access policies
    • B、Host Enforcer policies
    • C、source IP enforcement policies
    • D、IPsec enforcement policies

    正确答案:D

  • 第21题:

    多选题
    You have a firewall enforcer receiving resource access policies from a Junos Pulse Access Control Service. You are using Network and Security Manager (NSM) for configuration management on that firewall. The firewall can also be configured using its built-in command-line interface (CLI) or Web-based user interface (WebUI). To avoid conflicting configurations, which two interfaces must you use to configure the firewall enforcer?()
    A

    CLI

    B

    WebUI

    C

    NSM

    D

    Junos Pulse Access Control Service


    正确答案: A,D
    解析: 暂无解析

  • 第22题:

    多选题
    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()
    A

    The crypto ACL number

    B

    The IPSEC mode (tunnel or transport)

    C

    The GRE tunnel interface IP address

    D

    The GRE tunnel source interface or IP address, and tunnel destination IP address

    E

    The MTU size of the GRE tunnel interface


    正确答案: A,D
    解析: 暂无解析

  • 第23题:

    多选题
    A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue?()
    A

    Connection Requests

    B

    System Errors

    C

    Enforcer Events

    D

    Enforcer Command Trace


    正确答案: B,A
    解析: 暂无解析

  • 第24题:

    多选题
    You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()
    A

    access profile

    B

    IKE parameters

    C

    tunneled interface

    D

    redirect policy


    正确答案: C,B
    解析: 暂无解析