Home » Juniper » JN0-696 » Which action will solve the problem?
Click the Exhibit button.
A customer has a problem connecting to an SRX Series device from the untrust zone using SSH only.
Referring to the exhibit, which action will solve the problem?
A. Configure the ssh parameter under the [edit security zones security-zone trust interfaces ge-0/0/1.0 host inbound-traffic protocols] hierarchy.
B. Configure the ssh parameter under the [edit security zones security-zone untrust host-inbound-traffic system-services] hierarchy.
C. Configure the ssh parameter under the [edit security zones security-zone untrust host-inbound-traffic protocols] hierarchy.
D. Configure the ssh parameter under the [edit security zones security-zone trust host-inbound-traffic system-services] hierarchy.
Correct Answer: B
Explanation/Reference:
Assume that inbound ssh, ftp, and ping traffic should be permitted from the untrusted zone. Then you should do the following:
[edit security zones]
root# set security zone untrust host-inbound-traffic ssh root# set security zone untrust host-inbound-traffic ftp root# set security zone untrust host-inbound-traffic
ping
Note: For SRX Series branch devices, a factory default security policy is provided that:
Allows all traffic from the trust zone to the untrust zone.
Allows all traffic between trusted zones, that is from the trust zone to intrazone trusted zones. Denies all traffic from the untrust zone to the trust zone.
References: http://www.dummies.com/how-to/content/how-to-configure-srx-security-zones-with-junos.html
http://www.juniper.net/documentation/en_US/junos12.3×48/topics/concept/security-srx-device-zone-and-policy-understanding.html
Download Printable PDF. VALID exam to help you PASS.
|
|