多选题
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()
The MAG Series device has multiple ports associated with the certificate.
The MAG Series device's serial number needs to be configured on the SRX Series device.
The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
The MAG Series device and SRX Series device are not synchronized to an NTP server.
单选题
Which Junos Pulse feature allows the user to log in once through a Junos Pulse Secure Access Service on the network and then access resources protected by a Junos Pulse Access Control Service without reauthentication?()
Roaming Session
Session Migration
Location Awareness
Persistent Session
多选题
Click the Exhibit button.
A user logs in, is assigned the default role, and successfully loads the Host Enforcer policies shown in the exhibit.Which three statements are true? ()
The local host will respond to ICMP echo-request packets from 192.168.53.10.
The local host will respond to UDP port 53 requests from 192.168.1.25.
The local host can send any packet of any type to host 172.16.1.1.
The local host will accept any packet of any type from host 172.16.1.1.
The local host can send packets to UDP port512 on server 192.168.53.10.
多选题
Which three authentication server types are supported for retrieving user attributes used in role- mapping rules?()
LDAP
S/Key
TACACS+
RADIUS
SiteMinder
单选题
You are the administrator of a Junos Pulse Access Control Service implementation. You must restrict authenticated users connected from the branch offices to a few specific resources within the data center. However, when the authenticated users are connected at the corporate office, they are allowed more access to the data center resources. You have created two roles with different levels of access and are trying to determine the best way of controlling when a user is mapped to a specific role. Having the user prompted to manually select their role is possible, but you want to automate the process. Which configuration solves this problem?()
Implement a RADIUS request attribute policy to assist with realm selection and create different role-mapping rules for the user in each realm.
Implement a directory/attribute server on the realm and set up this server to determine by group membership the proper role to which a user should be mapped.
Reorder the role-mapping rules to allow for the more open role to be mapped first and then enable the stop processing rules when this rule matches function on this role.
Implement a Host Checker policy on the realm that determines the geographic location of the device and restricts the user based on the results of the policy.
多选题
Your manager has informed you that only specific users can have access to the Preferred Members role, and that these users are restricted to the Preferred Members role. The Preferred Members role-mapping rule is currently set as the last rule in your role-mapping rules and is based on username. Currently all users are assigned to the Preferred Members role-mapping rule. Which three changes in the admin GUI will enforce your managers change request?()
Move the Preferred Members role-mapping rule to the top of the list.
Remove the Preferred Members role from the role-mapping rule.
Edit the Preferred Members role-mapping rule so that the username is equal to *.
Edit the Preferred Members role-mapping rule so that only the select users are assigned to the role-mapping rule.
Edit the Preferred Members role-mapping rule and select Stop processing rules when this rule matches.
单选题
You are setting up a Junos Pulse Access Control Service. You cannot obtain a device certificate from an external certificate authority.Which tool should you use to generate a device certificate?()
OpenSSL
OpenSSH
OpenLDAP
OpenRADIUS
多选题
You want to enforce a Host Checker policy so that only users who pass the policy receive the Employee role. In the admin GUI, which two parameters must you configure?()
Select Require and Enforce for the Host Checker Policy in the realm authentication policy.
Select Evaluate Policies for the Host Checker policy in the realm authentication policy.
Configure the Host Checker policy as a role restriction for the Employee role.
Configure the Host Checker policy as a resource access policy for the Employee role.
单选题
What is a function of a user role?()
It defines the IPsec parameters for the role.
It assigns access to resources.
It associates the user with a RADIUS server.
It defines the types of authentication methods available to the user
单选题
A company has completed two acquisitions over the previous year. Each of the acquired companies was allowed to keep its own independent authentication server. The network administrator has been asked to roll out the Junos Pulse Access Control Service to users within the original company along with each of the two acquired organizations.The administrator configures three authentication realms, one for each independent authentication server, and associates them all with a single sign-in policy. All of the client endpoints are running Junos Pulse on their Windows XP desktops. When a user signs in to the Junos Pulse Access Control Service, which statement is correct?()
The first authentication realm that was added to the sign-in policy is used by default.
The user is allowed to choose the correct authentication realm from a list presented by Junos Pulse.
When Junos Pulse is initially installed on the desktop, it must be configured with the correct realm.
This is not an allowed configuration; the administrator should configure separate sign-in policies for each realm.
