itgle.com

多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this b

题目
多选题
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
A

The MAG Series device has multiple ports associated with the certificate.

B

The MAG Series device's serial number needs to be configured on the SRX Series device.

C

The SRX Series device must have a certificate signed by the same authority as the MAG Series device.

D

The MAG Series device and SRX Series device are not synchronized to an NTP server.


相似考题
参考答案和解析
正确答案: C,D
解析: 暂无解析
更多“多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this b”相关问题
  • 第1题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    A. Resource access policy on the MAG Series device

    B. IPsec routing policy on the MAG Series device

    C. General traffic policy blocking access through the firewall enforcer

    D. Auth table entry on the firewall enforcer


    参考答案:A, D

  • 第2题:

    What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()

    A. Checkpoint firewall

    B. SRX Series device

    C. DP sensor

    D. MX Series device


    参考答案:A

  • 第3题:

    What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()

    • A、Checkpoint firewall
    • B、SRX Series device
    • C、DP sensor
    • D、MX Series device

    正确答案:A

  • 第4题:

    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()

    • A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.
    • C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.
    • D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

    正确答案:A

  • 第5题:

    When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()

    • A、The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.
    • B、The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.
    • C、The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.
    • D、The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.

    正确答案:A

  • 第6题:

    You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()

    • A、The endpoints can use agentless access.
    • B、Encrypted traffic flows between the endpoint and the enforcer.
    • C、Encrypted traffic flows between the endpoint and the protected resource
    • D、The endpoints can use the Odyssey Access Client.

    正确答案:B,D

  • 第7题:

    Which service is provided by a MAG Series device?()

    • A、Routing
    • B、MPLS VPNs
    • C、Access control
    • D、Intrusion detection

    正确答案:B

  • 第8题:

    多选题
    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()
    A

    Resource access policy on the MAG Series device

    B

    IPsec routing policy on the MAG Series device

    C

    General traffic policy blocking access through the firewall enforcer

    D

    Auth table entry on the firewall enforcer


    正确答案: A,C
    解析: 暂无解析

  • 第9题:

    单选题
    What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?()
    A

    Checkpoint firewall

    B

    SRX Series device

    C

    DP sensor

    D

    MX Series device


    正确答案: C
    解析: 暂无解析

  • 第10题:

    多选题
    What are three benefits of IF-MAP Federation?()
    A

    Enables seamless access for remote access users to firewall enforcer protected resources.

    B

    Scales a Junos Pulse Access control Service deployment beyond the capacity of a single cluster.

    C

    Enables dynamic configuration synchronization across multiple MAG Series devices.

    D

    Provides a substitute for WAN clustering among geographically separated MAG Series devices.

    E

    Shares non-localized DP integration and IPsec configuration information between multiple Junos Pulse Access Control Service instances.


    正确答案: C,B
    解析: 暂无解析

  • 第11题:

    单选题
    You have configured the Odyssey Access Client with a profile which has the "Disable Server Verification" setting cleared.What will be the result if the device certificate on the MAG Series device has expired and the user attempts to authenticate?()
    A

    The user will be instructed to call the network administrator.

    B

    The user will fail authentication.

    C

    The user will be prompted to install a new device certificate on the MAG Series device.

    D

    The user will successfully authenticate and have full network access.


    正确答案: A
    解析: 暂无解析

  • 第12题:

    多选题
    Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)
    A

    The server sending the e-mail to the SRX Series device is a known open SMTP relay.

    B

    The server sending the e-mail to the SRX Series device is running unknown SMTP server software.

    C

    The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.

    D

    The e-mail that the server is sending to the SRX Series device has a virus in its attachment.

    E

    The server sending the e-mail to the SRX Series device is a known spammer IP address.


    正确答案: D,C
    解析: 暂无解析

  • 第13题:

    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()

    A. Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.

    B. A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.

    C. Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.

    D. A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.


    参考答案:B

  • 第14题:

    Which two Junos platforms provide stateful firewall functionality?()

    • A、MX Series
    • B、EX Series
    • C、SRX Series
    • D、QFX Series

    正确答案:A,C

  • 第15题:

    Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()

    • A、Remote Debugging
    • B、System Snapshot
    • C、User Access logs
    • D、Policy Tracing

    正确答案:C,D

  • 第16题:

    You have a firewall enforcer protecting resources in a data center. A user is experiencing difficulty connecting to a protected resource.Which two elements must exist so the user can access the resource?()

    • A、Resource access policy on the MAG Series device
    • B、IPsec routing policy on the MAG Series device
    • C、General traffic policy blocking access through the firewall enforcer
    • D、Auth table entry on the firewall enforcer

    正确答案:A,D

  • 第17题:

    Which three situations will trigger an e-mail to be flagged as spam if a branch SRX Series device has been properly configured with antispam inspection enabled for the appropriate security policy? ()(Choose three.)

    • A、The server sending the e-mail to the SRX Series device is a known open SMTP relay.
    • B、The server sending the e-mail to the SRX Series device is running unknown SMTP server software.
    • C、The server sending the e-mail to the SRX Series device is on an IP address range that is known to be dynamically assigned.
    • D、The e-mail that the server is sending to the SRX Series device has a virus in its attachment.
    • E、The server sending the e-mail to the SRX Series device is a known spammer IP address.

    正确答案:A,C,E

  • 第18题:

    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()

    • A、The MAG Series device has multiple ports associated with the certificate.
    • B、The MAG Series device's serial number needs to be configured on the SRX Series device.
    • C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
    • D、The MAG Series device and SRX Series device are not synchronized to an NTP server.

    正确答案:C,D

  • 第19题:

    多选题
    You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
    A

    The MAG Series device has multiple ports associated with the certificate.

    B

    The MAG Series device's serial number needs to be configured on the SRX Series device.

    C

    The SRX Series device must have a certificate signed by the same authority as the MAG Series device.

    D

    The MAG Series device and SRX Series device are not synchronized to an NTP server.


    正确答案: A,C
    解析: 暂无解析

  • 第20题:

    单选题
    You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()
    A

    You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    B

    No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

    C

    You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

    D

    You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.


    正确答案: C
    解析: 暂无解析

  • 第21题:

    多选题
    Without calling JTAC, which two troubleshooting tools on a MAG Series device would you use to identify the cause of an authentication failure?()
    A

    Remote Debugging

    B

    System Snapshot

    C

    User Access logs

    D

    Policy Tracing


    正确答案: B,D
    解析: 暂无解析

  • 第22题:

    单选题
    When configuring a single SRX210 as a firewall enforcer to a MAG4610 active/passive cluster, which statement supports a fault-tolerant configuration?()
    A

    The cluster VIP is defined on the MAG4610 cluster, and the VIP of the cluster is defined as an instance on the SRX Series device.

    B

    The cluster VIP is not defined on the MAG4610 cluster, and the IP address of both the active and passive nodes of the cluster are defined as separate instances on the SRX Series device.

    C

    The cluster VIP is defined on the MAG4610 cluster, and the IP address of the active node is defined as an instance on the SRX Series device.

    D

    The cluster VIP is not defined on the MAG4610 cluster, and the IP address of the passive node is defined as an instance on the SRX Series device.


    正确答案: C
    解析: 暂无解析

  • 第23题:

    多选题
    You administer a network containing SRX Series firewalls. New policy requires that you implement MAG Series devices to provide access control for end users. The policy requires that the SRX Series devices dynamically enforce security policy based on the source IP address of the user. The policy also requires that the users communicate with protected resources using encrypted traffic. Which two statements are true?()
    A

    The endpoints can use agentless access.

    B

    Encrypted traffic flows between the endpoint and the enforcer.

    C

    Encrypted traffic flows between the endpoint and the protected resource

    D

    The endpoints can use the Odyssey Access Client.


    正确答案: B,D
    解析: 暂无解析

  • 第24题:

    单选题
    You are configuring an active/passive cluster of SRX Series devices as the firewall enforcer on a MAG Series device.Which statement is true?()
    A

    Multiple Infranet Enforcer instances are created with a single serial number of an SRX Series device defined in each configuration.

    B

    A single Infranet Enforcer instance is created with both serial numbers of the clustered SRX Series devices defined in the configuration.

    C

    Multiple Infranet Enforcer instances are created with a single IP address of an SRX Series device defined in each configuration.

    D

    A single Infranet enforcer instance is created with the VIP of the clustered SRX Series device defined in the configuration.


    正确答案: D
    解析: 暂无解析