The authentication order configuration on your M120 includes the settings tacplus and radius (in that order), but does not include the password parameter. You attempt to log in to the device, but the network containing the authentication servers is curre

第1题：

In order to log（）the system you have to type in your password.

Ain

Bon

Cin to

Doff to

第2题：

Your company has deployed network access protection (NAP). You configure secure wireless access to the network by using 802.1x authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP what should you do?（）

• A、Configure all access points as RADIUS clients to the remediation servers.
• B、Configure all access points as RADIUS clients to the network Policy Server (NPS).
• C、Create a network policy that defines remote access server as a network connection method.
• D、Create a network policy that specifies EAP-TLS as the only available authentication method.

第3题：

A company is using RADIUS to authenticate login requests to its Juniper Networks routers. Usersshould still be able to authenticate using the local password database but only if the RADIUS server is unreachable. Which JUNOS software configuration accomplishes this goal?（）

• A、authentication-order radius;
• B、authentication-order password;
• C、authentication-order [radius password];
• D、authentication-order [password radius];

第4题：

Which two statements regarding external authentication servers for firewall userauthentication are true？（）

• A、Up to three external authentication server types can be used simultaneously.
• B、Only one external authentication server type can be used simultaneously.
• C、If the local password database is not configured in the authentication order， and the configured authentication server is unreachable， authentication is not performed.
• D、If the local password database is not configured in the authentication order， and the configured authentication server rejects the authentication request， authentication is not performed

第5题：

A successful authentication attempt by a RADIUS server does not supply a username to the JUNOS software. Which username is used by default？（）

• A、root
• B、local
• C、radius
• D、remote

第6题：

Your company has deployed Network Access Protection (NAP).You configure secure wireless access to the network by using 802.1X authentication from any access point.You need to ensure that all client computers that access the network are evaluated by NAP. What should you do?（）

• A、Configure all access points as RADIUS clients to the Remediation Servers.
• B、Configure all access points as RADIUS clients to the Network Policy Server (NPS).
• C、Create a Network Policy that defines Remote Access Server as a network connection method. 
• D、Create a Network Policy that specifies EAP-TLS as the only available authentication method.

第7题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003.   The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods， audit settings， and account policy settings.   The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements， renaming the administrator account， and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings.   You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized， and that after the deployment， the security settings on all application servers meet the design requirements.   What should you do？ （）

• A、 Apply the Setup security.inf template first， the Hisecws.inf template next， and then the Application.inf template.
• B、 Apply the Application.inf template and then the Hisecws.inf template.
• C、 Apply the Application.inf template first， the Setup security.inf template next， and then the Hisecws.inf template.
• D、 Apply the Setup security.inf template and then the Application.inf template.

第8题：

You are an IIS Web server administrator implementing authentication settings for a new Web site.According to the requirements for the Human Resources Web site， users should be prompted forauthentication information when they attempt to access the site. The site will be accessed only by userswho have accounts in your organization’s Active Directory domain. You have already configured the filesystem permissions for the content based on the appropriate settings. You also want to maximize securityof the site. Which two actions should you take to meet these requirements？（）

• A、Enable Windows authentication.
• B、Enable basic authentication.
• C、Disable anonymous authentication.
• D、Enable anonymous authentication.

第9题：

第10题：

第11题：

第12题：

第13题：

In order to log（）the system you have to type in your password.

• A、in
• B、on
• C、in to
• D、off to

第14题：

A router has been configured with the authentication order settings shown below: [edit] user@host# show system authentication-order authentication-order [radius tacplus password]; The router also has a local database that contains the user lab with password lab123. What would happen if both the RADIUS and the TACACS servers respond with a reject for user lab?（）

• A、The user lab will not be able to login.
• B、The user lab will be authenticated against the local database and will be able to login.
• C、The user will be able to login only if tries to login as the root user.
• D、The user lab will receive an error message indicating the username and password provided could not be found on the radius and tacacs servers.

第15题：

You are the network administrator for your company. A user is complaining that they are not able to access the network with the Junos Pulse client. You run a packet capture on the network interface to monitor the 802.1X authentication process. You notice that after the EAP- request/identity packet is received, and the supplicant responds with an EAP-response/identity packet, no further communication occurs for several seconds. What are three causes for this behavior?（）

• A、The authenticator is not licensed to support Junos Pulse.
• B、The authenticator did not receive the EAP-response/identity packet.
• C、The authentication server is not receiving the RADIUS packet containing the EAP-response/identity data.
• D、The authenticator is sending the request over its loopback interface.
• E、The authentication server is sending back a RADIUS response packet, but the authenticator is not forwarding the response back to the supplicant.

第16题：

Which two statements regarding external authentication servers for firewall user authentication are true?（） (Choose two.)

• A、Up to three external authentication server types can be used simultaneously.
• B、Only one external authentication server type can be used simultaneously.
• C、If the local password database is not configured in the authentication order, and the configured authentication server  bypassed.
• D、If the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.

第17题：

A successful authentication attempt by a RADIUS server does not supply a username to the JUNOSsoftware. Which username is used by default?（）

• A、root
• B、local
• C、radius
• D、remote

第18题：

You are the network administrator for The network consists of a single Active Directory domain named All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a network server named Testking1. When you attempt to synchronize Testking1 with the Windows Update servers, you receive an error message. You suspect that your proxy server requires authentication. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Testking1 can communicate with the Windows Update servers. What should you do on Testking1?（）

• A、Restart the IIS administration tool.
• B、Configure the Internet Explorer settings to bypass the proxy server.
• C、In the SUS options, configure authentication to the proxy server.
• D、Install the Microsoft Firewall Client.

第19题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains Windows Server 2003 file servers. The network also contains a Windows Server 2003 computer named Server1 that runs Routing and Remote Access and Internet Authentication Service （IAS）. Server1 provides VPN access to the network for users’ home computers.   You suspect that an external unauthorized user is attempting to access the network through Server1. You want to log the details of access attempts by VPN users when they attempt to access the network. You want to compare the IP addresses of users’ home computers with the IP addresses used in the access attempts to verify that the users are authorized.  You need to configure Server1 to log the details of access attempts by VPN users.   What should you do？  （）

• A、 Configure the system event log to Do not overwrite.
• B、 In IAS， in Remote Access Logging， enable the Authentication requests setting.
• C、 Configure the Remote Access server to Log all events.
• D、 Create a custom remote access policy and configure it for Authentication-Type.

第20题：

Your network contains a Network Policy Server (NPS) named Server1.NPS1 provides authentication for all of the VPN servers on the network.You need to track the usage information of all VPN connections.Which RADIUS attribute should you log？（）

• A、Acct-Session-Id
• B、Acct-Status-Type
• C、Class
• D、NAS-Identifier

第21题：

第22题：

第23题：