Loading ...
Global Do...
News & Politics
1
0
Try Now
Log In
Pricing
Testinside Testinside -help you pass any IT exam! Exam : Juniper Networks JN0-331 Title : SEC,Specialist(JNCIS-SEC) Version : Demo Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com Important Note, Please Read Carefully Other TestInside products All TestInside.com IT Exam Products Our products of Offline Testing Engine Use the offline Testing engine product to practice the questions in an exam environment. Build a foundation of knowledge which will be useful also after passing the exam. TestInside Testing Engine Latest Version We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check your member zone at TestInside and update 34 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go to http://www.TestInside.com 2. Log in the Member Center 3.The latest versions of all purchased products are downloadable from here. Just click the links. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to sales(at)TestInside.com. You should include the following: Exam number, version, page number, question number, and your login Account. Our experts will answer your mail promptly. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact sales(at)TestInside.com. Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com 1. Regarding zone types, which statement is true? A. You cannot assign an interface to a functional zone. B. You can specifiy a functional zone in a security policy. C. Security zones must have a scheduler applied. D. You can use a security zone for traffic destined for the device itself. Answer: D 2. Regarding attacks, which statement is correct? A. Both DoS and propagation attacks exploit and take control of all unprotected network devices. B. Propagation attacks focus on suspicious packet formation using the DoS SYN-ACK-ACK proxy flood. C. DoS attacks are directed at the network protection devices, while propagation attacks are directed at the servers. D. DoS attacks are exploits in nature, while propagation attacks use trust relationships to take control of the devices. Answer: D 3. Click the Exhibit button. [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; Based on the configuration shown in the exhibit, what are the actions of the security policy? A. The policy will always permit transit packets and use the IPsec VPN myTunnel. B. The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel. C. The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm. D. The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm. Answer: C 4. Which two statements are true regarding proxy ARP? (Choose two.) A. Proxy ARP is enabled by default. B. Proxy ARP is not enabled by default. C. JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled. D. JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled. Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com Answer: BD 5. For IKE phase 1 negotiations, when is aggressive mode typically used? A. when one of the tunnel peers has a dynamic IP address B. when one of the tunnel peers wants to force main mode to be used C. when fragmentation of the IKE packet is required between the two peers D. when one of the tunnel peers wants to specify a different phase 1 proposal Answer: A 6. Click the Exhibit button. [edit groups] user@host# show node0 { system { host-name NODE0; } interfaces { fxp0 { unit 0 { family inet { address 1.1.1.1/24; } } } } } node1 { system { host-name NODE1; } Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com interfaces { fxp0 { unit 0 { family inet { address 1.1.1.2/24; } } } } } In the exhibit, what is the function of the configuration statements? A. This section is where you define all chassis clustering configuration. B. This configuration is required for members of a chassis cluster to talk to each other. C. You can apply this configuration in the chassis cluster to make configuration easier. D. This section is where unique node configuration is applied. Answer: D 7. Which two statements describe the difference between JUNOS Software for security platforms and a traditional router? (Choose two.) A. JUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT. B. JUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default. C. JUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding. D. JUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet. Answer: BC 8. Which two statements describe the difference between JUNOS Software for security platforms and a Testinside TestInside Help You Pass Any IT Exam http://www.TestInside.com traditional router? (Choose two.) A. JUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT. B. JUNOS Software for security platforms secures traffic by default; a traditional router does not secure traffic by default. C. JUNOS Software for security platforms allows for session-based forwarding; a traditional router uses packet-based forwarding. D. JUNOS Software for security platforms separates broadcast domains; a traditional router does not separate broadcast domains. Answer: BC 9. A traditional router is better suited than a firewall device for which function? A. VPN establishment B. packet-based forwarding C. stateful packet processing D. Network Address Translation Answer: B 10. Which three functions are provided by JUNOS Software for security platforms? (Choose three.) A. VPN establishment B. stateful ARP lookups C. Dynamic ARP inspection D. Network Address Translation E. inspection of packets at higher levels (Layer 4 and above) Answer: ADE Testinside Testinside.com was founded in 2002. The safer,easier way to help you pass any IT Certification exams . We provide high quality IT Certification exams practice questions and answers(Q&A). Especially Adobe, Apple, Citrix, Comptia, EMC, HP, Juniper, LPI, Nortel, Oracle, SUN, Vmware and so on. And help you pass any IT Certification exams at the first try. English http://www.testinside.com Chinese (Traditional) http:// www.testinside.net Chinese (Simplified) http:// www.testinside.cn
