Which three advanced permit actions within security policies are valid?（） (Choose three.)A、Mark permitted traffic for firewall user authentication.B、Mark permitted traffic for SCREEN options.C、Associate permitted traffic with an IPsec tunnel.D、Associate p

第1题：

第2题：

第3题：

第4题：

Based on the configuration shown in the exhibit， what will happen to the traffic matching thesecurity policy？（） [edit schedulers] user@host# showscheduler now { monday all-day； tuesday exclude； wednesday { start-time 07：00：00 stop-time 18：00：00； } thursday { start-time 07：00：00 stop-time 18：00：00； } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts； destination-address ExtServers； application ExtApps； } then { permit { tunnel { ipsec-vpn myTunnel； } } } scheduler-name now； }

• A、The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
• B、The traffic is permitted through the myTunnel IPsec tunnel daily， with the exception of Mondays.
• C、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7：00 am and 6：00 pm， and Thursdays between 7：00 am and 6：00 pm.
• D、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6：01 pm and 6：59 am， and Thursdays between 6：01 pm and 6：59 am

第5题：

Assume the default-policy has not been configured.Given the configuration shown in the exhibit， which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true？（） [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any； destination-address any； application [ junos-http junos-ftp ]； } then { permit； } } policy two { match { source-address host_a； destination-address host_b； application [ junos-http junos-smtp ]； } then { deny； } }

• A、DNS traffic is denied.
• B、HTTP traffic is denied.
• C、FTP traffic is permitted.
• D、SMTP traffic is permitted.

第6题：

Which command is needed to change this policy to a tunnel policy for a policy-based VPN？（） [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net； destination-address remote-net； application any； then { permit； } }

• A、set policy tunnel-traffic then tunnel remote-vpn
• B、set policy tunnel-traffic then permit tunnel remote-vpn
• C、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
• D、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

第7题：

What are three characteristics of a service tunnel? （）(Choose three.)

• A、It is bidirectional.
• B、It carries optimized traffic.
• C、It can carry traffic using UDP.
• D、It is formed only within a community

第8题：

Content filtering enables traffic to be permitted or blocked based on inspection of which three types of content?（）(Choose three.)

• A、MIME pattern
• B、file extension
• C、IP spoofing
• D、POP3
• E、protocol command

第9题：

第10题：

第11题：

第12题：

第13题：

第14题：

第15题：

What are three benefits of the Cisco Adaptive Threat Defense strategy？ （Choose three.） （）

• A、 using QoS techniques such as Traffic Policing to rate limit suspected traffic to prevent DoS attacks
• B、 automatic reconfiguration s of the security devices based on current security threats
• C、 containment and control of security threats
• D、 application security
• E、 anti-x defense F- virtual firewall

第16题：

Which three statistics does the Executive report summarize?（） (Choose three.)

• A、latency and loss
• B、compression results
• C、traffic (by application)
• D、CRC and alignment errors
• E、user access (by username)

第17题：

On which three traffic types does firewall pass-through authentication work? （）(Choose three.)

• A、ping
• B、FTP
• C、Telnet
• D、HTTP
• E、HTTPS

第18题：

Which three advanced permit actions within security policies are valid？（）

• A、Mark permitted traffic for firewall user authentication.
• B、Mark permitted traffic for SCREEN options.
• C、Associate permitted traffic with an IPsec tunnel.
• D、Associate permitted traffic with a NAT rule.
• E、Mark permitted traffic for IDP processing.

第19题：

Which two statements are true regarding the system-default security policy [edit security policies default-policy]?（）(Choose two.)

• A、Traffic is permitted from the trust zone to the untrust zone.
• B、Intrazone traffic in the trust zone is permitted.
• C、All traffic through the device is denied.
• D、The policy is matched only when no other matching policies are found.

第20题：

Given the configuration shown in the exhibit， which statement is true about traffic from host_ato host_b？（） [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a； destination-address host_b； application [ junos-telnet junos-ping ]； } then { reject； } } policy one { match { source-address host_a； destination-address subnet_b； application any； } then { permit； } } host_a is in subnet_a and host_b is in subnet_b.

• A、DNS traffic is denied.
• B、Telnet traffic is denied.
• C、SMTP traffic is denied.
• D、Ping traffic is permitted

第21题：

第22题：

第23题：