单选题 [edit groups] user@host# show node0 { system { host-name NODE0; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.1/24; } } } } } node1 { system { host-name NODE1; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.2/24; } } } } } In the exhibit, what is the function of the configuration statements?()
This section is where you define all chassis clustering configuration.
This configuration is required for members of a chassis cluster to talk to each other.
You can apply this configuration in the chassis cluster to make configuration easier.
This section is where unique node configuration is applied.
单选题 A policy-based IPsec VPN is ideal for which scenario?()
when you want to conserve tunnel resources
when the remote peer is a dialup or remote access client
when you want to configure a tunnel policy with an action of deny
when a dynamic routing protocol such as OSPF must be sent across the VPN
多选题 Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()
JUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.
JUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default.
JUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding.
JUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet.
多选题 Which two statements are true regarding high-availability chassis clustering?()
A chassis cluster consists of two devices.
A chassis cluster consists of two or more devices.
Devices participating in a chassis cluster can be different models.
Devices participating in a chassis cluster must be the same models
单选题 Regarding secure tunnel (st) interfaces, which statement is true?()
You cannot assign st interfaces to a security zone.
You cannot apply static NAT on an st interface logical unit.
st interfaces are optional when configuring a route-based VPN
A static route can reference the st interface logical unit as the next-hop
多选题 Which three statements are true regarding IDP?()
IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.
IDP inspects traffic up to the Application layer.
IDP searches the data stream for specific attack patterns.
IDP inspects traffic up to the Presentation layer.
IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
多选题 Which two security policy actions are valid?()
deny
discard
reject
close
多选题 Users can define policy to control traffic flow between which two components?()
from a zone to the device itself
from a zone to the same zone
from a zone to a different zone
from one interface to another interface
单选题 What is the purpose of a zone in JUNOS Software?()
A zone defines a group of security devices with a common management.
A zone defines the geographic region in which the security device is deployed.
A zone defines a group of network segments with similar security requirements.
A zone defines a group of network segments with similar class-of-service requirements.
单选题 Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()
close-connection
terminate-connection
close-client-and-server
terminate-session