Which two parameters are configurable under the [edit security zones security-zone zoneA] stanza?

Which two parameters are configurable under the [edit security zones security-zone zoneA]
stanza? (Choose two.)

Which two parameters are configurable under the [edit security zones security-zone zoneA]
stanza? (Choose two.)

A.
the TCP RST feature

B.
the security policies for intrazone communication

C.
the zone-specific address book

D.
the default policy action for firewall rules in this zone



Leave a Reply 1

Your email address will not be published. Required fields are marked *


rpgghost

rpgghost

http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/id-29204.html

Security Zone

Security zones are the building blocks for policies; they are logical entities to which one or more interfaces are bound. Security zones provide a means of distinguishing groups of hosts (user systems and other hosts, such as servers) and their resources from one another in order to apply different security measures to them.

Security zones have the following properties:

Policies—Active security policies that enforce rules for the transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on the traffic as it passes through the firewall. For more information, see Security Policies Overview.
Screens—A Juniper Networks stateful firewall secures a network by inspecting, and then allowing or denying, all connection attempts that require passage from one security zone to another. For every security zone, and the MGT zone, you can enable a set of predefined screen options that detect and block various kinds of traffic that the device determines as potentially harmful. For more information, see Reconnaissance Deterrence Overview.
Address books—IP addresses and address sets that make up an address book to identify its members so that you can apply policies to them. For more information, see Configuring Address Books.
TCP-RST—When this feature is enabled, the system sends a TCP segment with the RESET flag set when traffic arrives that does not match an existing session and does not have the SYNchronize flag set.
Interfaces—List of interfaces in the zone.