PrepAway - Latest Free Exam Questions & Answers

What does the device do?

Click the Exhibit button.
[edit security]
user@host# show
zones {
security-zone ZoneA {
tcp-rst;
host-inbound-traffic {
system-services {
ping;
telnet;
}}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}}
security-zone ZoneB {
interfaces {
ge-0/0/3.0;
}}}
policies {
from-zone ZoneA to-zone ZoneB {
policy A-to-B {
match {
source-address any;
destination-address any;
application any;

}
then {
permit;
}}}}
In the exhibit, a host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet
connection to the device’s ge-0/0/1.0 IP address.
What does the device do?

PrepAway - Latest Free Exam Questions & Answers

A.
The device sends back a TCP reset packet.

B.
The device silently discards the packet.

C.
The device forwards the packet out the ge-0/0/1.0 interface.

D.
The device responds with a TCP SYN/ACK packet and opens the connection.

6 Comments on “What does the device do?

  2. Foo says:

    From page 65 from the Junos Security Software Guide

    You must configure FTP and telnet at the interface level, not the zone level. For incoming FTP and telnet requests to be recognized, the interface must be known to the server.

    user@host# set security zones security-zone ABC interfaces ge-0/0/1.3
    host-inbound-traffic system-services ftp
    user@host# set security zones security-zone ABC interfaces ge-0/0/1.1
    host-inbound-traffic system-services telnet




    0



    0
  5. networkengineer says:

    The Juniper certification guide says that “If destination traffic to the SRX device is its incoming/ingress interface, security policies are not applicable. The only examination that takes place is the list of services and protocols allowed into that interface using the host-inbound-traffic statement within a zone definition.” From the configuration the 2 interfaces will inherit the system services ping and telnet so I would expect the traffic to be permitted. For me the answer is C.




    0



    0

Leave a Reply