多项选择题
Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?()
[edit security policies from-zone HR to-zone trust]
user@host# show
policy one {
match {
source-address any;
destination-address any;
application [ junos-http junos-ftp ];
}
then {
permit;
}
}
policy two {
match {
source-address host_a;
destination-address host_b;
application [ junos-http junos-smtp ];
}
then {
deny;
}
}
A.DNS traffic is denied.
B.HTTP traffic is denied.
C.FTP traffic is permitted.
D.SMTP traffic is permitted.
相关考题
-
单项选择题
Given the configuration shown in the exhibit, which statement is true about traffic from host_ato host_b?() [edit security policies from-zone HR to-zone trust] user@host# showpolicy two { match { source-address subnet_a; destination-address host_b; application [ junos-telnet junos-ping ]; } then { reject; } } policy one { match { source-address host_a; destination-address subnet_b; application any; } then { permit; } } host_a is in subnet_a and host_b is in subnet_b.
A.DNS traffic is denied.
B.Telnet traffic is denied.
C.SMTP traffic is denied.
D.Ping traffic is permitted -
单项选择题
In the configuration shown in the exhibit, you decided to eliminate the junos-ftp applicationfrom the match condition of the policy MyTraffic. [edit security policies] user@hostl# show from-zone Private to-zone External { policy MyTraffic { match { source-address myHosts; destination-address ExtServers; application [ junos-ftp junos-bgp ]; } then { permit { tunnel { ipsec-vpn vpnTunnel; } } } } } policy-rematch; What will happen to the existing FTP and BGP sessions?()
A.The existing FTP and BGP sessions will continue.
B.The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.
C.The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.
D.The existing FTP sessions will continue and only the existing BGP sessions will be dropped. -
单项选择题
Usingapolicywiththepolicy-rematchflagenabled,whathappenstotheexistingandnewsessionswhenyouchangethepolicyactionfrompermittodeny?()
A.The new sessions matching the policy are denied. The existing sessions are dropped.
B.The new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.
C.The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.
D.The new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
