質問 1:
Click the Exhibit button.
user@host> show services application-identification application-system-cache
Application System Cache Configurations:
Application-cache: off
nested-application-cache: on
cache-unknown-result: on
cache-entry-timeout: 3600 seconds
You are using the application identification feature on your SRX Series device. The help desk reports that users are complaining about slow Internet connectivity. You issue the command shown in the exhibit.
What must you do to correct the problem?
A. Modify the configuration with thedelete services application-identification no-clearapplication-system-cachecommand and commit the change.
B. Modify the configuration with thedelete services application-identification no-applicationsystem-cachecommand and commit the change.
C. Reboot the SRX Series device.
D. Modify the configuration with thedelete services application-identification no-application -identificationcommand and commit the change.
正解:A
質問 2:
Click the Exhibit button.
IPv6 to IPv4 addresses are not being translated as shown in the exhibit.
Which two configurations would resolve the problem? (Choose two.)
A. set security nat proxy-ndp interface ge-0/0/1.0
B. set security nat source port-randomization disable
C. set security nat natv6v4 no-6-frag-header
D. set security nat proxy-arp interface ge-0/0/0.0
正解:A
質問 3:
What are three advantages of group VPNs? (Choose three.)
A. Supports any-to-any member connectivity.
B. Provides redundancy with cooperative key servers.
C. Eliminates the need for full mesh VPNs.
D. Supports translating private to public IP addresses.
E. Preserves original IP source and destination addresses.
正解:A,C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols.How would you accomplish this goal?
A. Use a custom ALG to detect the application regardless of the port used.
B. Use AppID to detect the application regardless of the port used.
C. Use an IDP policy to identify the application regardless of the port used.
D. Use AppTrack to detect the application regardless of the port used.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Click the Exhibit button.
{primarynode0}[edit security idp idp-policy test-ips-policy]
user@host# show
rulebase-ips {
rule r1 {
match {
source-address any;
attacks {
predefined-attack-groups "HTTP - All";
}
}
then {
action {
drop-packet;
}
}
terminal;
}
rule r2 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups "FTP - All";
}
then {
action {
no-action;
}
}
}
rule r3 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups "TELNET - All";
}
}
then {
action {
no-action;
} } } rule r4 { match { source-address any; attacks { predefined-attack-groups "FTP - All"; } } then { action { drop-packet; } } } }
A user with IP address 172.301.100 initiates an FTP session to a host with IP address
10.100.1.50 through an SRX Series device and is subject to the IPS policy shown in the exhibit.
If the user tries to execute thecd ~rootcommand, which statement is correct?
A. The FTP command will be allowed to execute but any other attacks executed during the session will be inspected.
B. The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be inspected by the IPS policy.
C. The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS policy.
D. The FTP command will be denied with the offending packet dropped and the session will be closed by the SRX device.
正解:A
質問 6:
You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack.Which two additional elements do you need to define your custom signature? (Choose two.)
A. direction
B. source IP address of the attacker
C. protocol number
D. service context
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports.
Which type of persistent NAT is required?
A. remote-host
B. target-host-port
C. any-remote-host
D. target-host
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate under a common IT security policy. You have been asked to facilitate communication between these VRs. Which two methods will accomplish this task? (Choose two.)
A. Use a physical connection between VR-A and VR-B to interconnect them.
B. Create a static route using the next-table action in both VRs.
C. Use instance-import to share the routes between the two VRs.
D. Create logical tunnel interfaces to interconnect the two VRs.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Click the Exhibit button.
-- Exhibit-
-- Exhibit -
An attacker is using a nonstandard port for HTTP for reconnaissance into your network.
Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPS engine will perform application identification until it processes the first 256 bytes of the packet.
B. The IPS engine will detect the application regardless of the nonstandard port.
C. The IPS engine will perform application identification until the session is established.
D. The IPS engine will not detect the application due to the nonstandard port.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
Click the Exhibit button.
user@host> show services application-identification application-system-cache
Application System Cache Configurations:
Application-cache: off
nested-application-cache: on
cache-unknown-result: on
cache-entry-timeout: 3600 seconds
You are using the application identification feature on your SRX Series device. The help desk reports that users are complaining about slow Internet connectivity. You issue the command shown in the exhibit.
What must you do to correct the problem?
A. Modify the configuration with thedelete services application-identification no-clearapplication-system-cachecommand and commit the change.
B. Modify the configuration with thedelete services application-identification no-applicationsystem-cachecommand and commit the change.
C. Reboot the SRX Series device.
D. Modify the configuration with thedelete services application-identification no-application -identificationcommand and commit the change.
正解:A
質問 2:
Click the Exhibit button.
IPv6 to IPv4 addresses are not being translated as shown in the exhibit.
Which two configurations would resolve the problem? (Choose two.)
A. set security nat proxy-ndp interface ge-0/0/1.0
B. set security nat source port-randomization disable
C. set security nat natv6v4 no-6-frag-header
D. set security nat proxy-arp interface ge-0/0/0.0
正解:A
質問 3:
What are three advantages of group VPNs? (Choose three.)
A. Supports any-to-any member connectivity.
B. Provides redundancy with cooperative key servers.
C. Eliminates the need for full mesh VPNs.
D. Supports translating private to public IP addresses.
E. Preserves original IP source and destination addresses.
正解:A,C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols.How would you accomplish this goal?
A. Use a custom ALG to detect the application regardless of the port used.
B. Use AppID to detect the application regardless of the port used.
C. Use an IDP policy to identify the application regardless of the port used.
D. Use AppTrack to detect the application regardless of the port used.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Click the Exhibit button.
{primarynode0}[edit security idp idp-policy test-ips-policy]
user@host# show
rulebase-ips {
rule r1 {
match {
source-address any;
attacks {
predefined-attack-groups "HTTP - All";
}
}
then {
action {
drop-packet;
}
}
terminal;
}
rule r2 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups "FTP - All";
}
then {
action {
no-action;
}
}
}
rule r3 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups "TELNET - All";
}
}
then {
action {
no-action;
} } } rule r4 { match { source-address any; attacks { predefined-attack-groups "FTP - All"; } } then { action { drop-packet; } } } }
A user with IP address 172.301.100 initiates an FTP session to a host with IP address
10.100.1.50 through an SRX Series device and is subject to the IPS policy shown in the exhibit.
If the user tries to execute thecd ~rootcommand, which statement is correct?
A. The FTP command will be allowed to execute but any other attacks executed during the session will be inspected.
B. The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be inspected by the IPS policy.
C. The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS policy.
D. The FTP command will be denied with the offending packet dropped and the session will be closed by the SRX device.
正解:A
質問 6:
You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack.Which two additional elements do you need to define your custom signature? (Choose two.)
A. direction
B. source IP address of the attacker
C. protocol number
D. service context
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports.
Which type of persistent NAT is required?
A. remote-host
B. target-host-port
C. any-remote-host
D. target-host
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate under a common IT security policy. You have been asked to facilitate communication between these VRs. Which two methods will accomplish this task? (Choose two.)
A. Use a physical connection between VR-A and VR-B to interconnect them.
B. Create a static route using the next-table action in both VRs.
C. Use instance-import to share the routes between the two VRs.
D. Create logical tunnel interfaces to interconnect the two VRs.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Click the Exhibit button.
-- Exhibit-
-- Exhibit -
An attacker is using a nonstandard port for HTTP for reconnaissance into your network.
Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPS engine will perform application identification until it processes the first 256 bytes of the packet.
B. The IPS engine will detect the application regardless of the nonstandard port.
C. The IPS engine will perform application identification until the session is established.
D. The IPS engine will not detect the application due to the nonstandard port.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
0 お客様のコメント