Which two statements about security policy actions are true? (Choose two.)
A. The log action implies an accept action.
B. The log action requires an additional terminating action.
C. The count action requires an additional terminating action.
D. The count action implies an accept action.
正解:B,C
質問 2:
Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?
A. Implement a security policy from security zone trust to security zone junos-host.
B. Implement a firewall filter on the security zone trust.
C. Implement host-inbound-traffic system-services to allow SSH.
D. Implement a security policy from security zone junos-host to security zone trust.
正解:A
質問 3:
You have recently configured an IPsec tunnel between two SRX Series devices. One of the devices is assigned an IP address using DHCP with an IP address that changes frequently. Initial testing indicates that the IPsec tunnel is not working. Troubleshooting has revealed that Phase 1 negotiations are failing.
Which two actions would solve the problem? (Choose two.)
A. Verify that the device with the IP address assigned by DHCP is the traffic initiator.
B. Verify that VPN monitoring is enabled.
C. Verify that the IKE policy is configured for aggressive mode.
D. Verify that PKI is properly configured.
正解:A,C
質問 4:
What are three defined zone types on an SRX Series device?
A. null
B. routing
C. dynamic
D. junos-host
E. functional
正解:A,D,E
質問 5:
Which two modes are supported during the Phase 1 IKE negotiations used to establish an IPsec tunnel?
(Choose two.)
A. main mode
B. tunnel mode
C. transport mode
D. aggressive mode
正解:A,D