单选题 Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessionswhen you change the policy action from permit to deny? ()
The new sessions matching the policy are denied. The existing sessions are dropped.
The new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.
The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.
The new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
多选题 Users can define policy to control traffic flow between which two components? ()(Choose two.)
from a zone to the router itself
from a zone to the same zone
from a zone to a different zone
from one interface to another interface
多选题 Click the Exhibit button. host_a is in subnet_a and host_b is in subnet_b. Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?()
DNS traffic is denied.
Telnet traffic is denied.
SMTP traffic is denied.
Ping traffic is permitted.
多选题 Which two are components of the enhanced services software architecture?() (Choose two.)
Linux kernel
routing protocol daemon
session-based forwarding module
separate routing and security planes
单选题 Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()
The untrust zone does not have a management policy configured.
The trust zone does not have ping enabled as host-inbound-traffic service.
The security policy from the trust zone to the untrust zone does not permit ping.
No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.