Loading ...
Global Do...
News & Politics
2
0
Try Now
Log In
Pricing
Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com Exam : Juniper Networks JN0-330 Title : JN0-330 - Enhanced Services, Specialist (JNCIS-ES) Version : Demo Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com 1. Click the Exhibit button. Which type of source NAT is configured in the exhibit? A. static source pool B. interface source pool C. source pool with PAT D. souce pool without PAT Answer: A 2. Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem? A. The untrust zone does not have a management policy configured. B. The trust zone does not have ping enabled as host-inbound-traffic service. C. The security policy from the trust zone to the untrust zone does not permit ping. D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone. Answer: C 3. A traditional router is better suited than a firewall device for which function? A. VPN establishment B. packet-based forwarding C. stateful packet processing D. network address translation Answer: B 4. You must configure a SCREEN option that would protect your router from a session table flood. Which configuration meets this requirement? A. [edit security screen] user@hostl# show Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com ids-option protectFromFlood { icmp { ip-sweep threshold 5000; flood threshold 2000; } B. [edit security screen] user@hostl# show ids-option protectFromFlood { tcp { syn-flood { attack-threshold 2000; destination-threshold 2000; } C. [edit security screen] user@hostl# show ids-option protectFromFlood { udp { flood threshold 5000; } D. [edit security screen] user@hostl# show ids-option protectFromFlood { limit-session { source-ip-based 1200; destination-ip-based 1200; } Answer: D 5. Click the Exhibit button. In the exhibit, what is the priority for Router B in VRRP group 100? Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com A. 1 B. 100 C. 110 D. 255 Answer: B 6. In a JSRP cluster with two J6350 routers, the interface ge-7/0/0 belongs to which device? A. This interface is a system-created interface. B. This interface belongs to NODE0 of the cluster. C. This interface belongs to NODE1 of the cluster. D. This interface will not exist because J6350 routers have only six slots. Answer: C 7. Click the Exhibit button. Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy? Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com A. The traffic is permitted through the myTunnel IPSec tunnel only on Tuesdays. B. The traffic is permitted through the myTunnel IPSec tunnel daily, with the exception of Mondays. C. The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm. D. The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am. Answer: C 8. Which parameters must you select when configuring operating system probes SCREEN options? A. syn-fin, syn-flood, and tcp-no-frag B. syn-fin, port-scan, and tcp-no-flag C. syn-fin, fin-no-ack, and tcp-no-frag D. syn-fin, syn-ack-ack-proxy, and tcp-no-frag Answer: C 9. A route-based VPN is required for which scenario? A. when the remote VPN peer is behind a NAT device B. when multiple networks need to be reached across the tunnel Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com C. when the remote VPN peer is a dialup or remote access client D. when a dynamic routing protocol such as OSPF is required across the VPN Answer: D 10. On which three traffic types does firewall pass-through authentication work? (Choose three.) A. ping B. FTP C. Telnet D. HTTP E. HTTPS Answer: BCD 11. Which three parameters are configured in the IKE policy? (Choose three.) A. mode B. preshared key C. external interface D. security proposals E. dead peer detection settings Answer: ABD 12. Click the Exhibit button. In the exhibit, which statement is correct? A. Three physical interfaces are redundant. B. You must define an additional Redundancy Group. C. node 0 will immediately become primary in the cluster. D. You must issue an operational command and reboot the system for the above configuration to take effect. Answer: D 13. Which command allows you to view the router's current priority for VRRP group 100 on interface ge-0/0/1.0? Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com A. show vrrp B. show vrrp group 100 C. show interfaces ge-0/0/1.0 vrrp group 100 D. show interfaces vrrp ge-0/0/1.0 group 100 Answer: A 14. Which statement is true about interface-based static NAT? A. It also supports PAT. B. It requires you to configure address entries in the junos-nat zone. C. It requires you to configure address entries in the junos-global zone. D. The IP addresses being translated must be in the same subnet as the incoming interface. Answer: D 15. Which two are components of the enhanced services software architecture? (Choose two.) A. Linux kernel B. routing protocol daemon C. session-based forwarding module D. separate routing and security planes Answer: BC 16. Which two are characteristics of link-state routing protocols? (Choose two.) A. Routers choose a best path for a destination based on the SPF algorithm. B. All routers in a given area or level build a consistent database describing the network's topology. C. Routers choose the best path for a destination based on the interface on which they received the link state advertisement with the lowest cost. D. All routers in a given area or level forward link state advertisements between interfaces in the same area or level, adding their metric to the link state advertisement's cost information when they forward it. Answer: AB 17. Which two are components of the JUNOS software's routing policy? (Choose two.) A. route-map B. prefix-list C. distribute-list D. policy-statement Answer: BD 18. Click the Exhibit button. host_a is in subnet_a and host_b is in subnet_b. Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b? Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com A. DNS traffic is denied. B. Telnet traffic is denied. C. SMTP traffic is denied. D. Ping traffic is permitted. Answer: B 19. You want to create a policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you do create this policy? A. Specify the IP address (172.19.1.1/32) as the destination address in the policy. B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy. C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy. D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy. Answer: D 20. In JUNOS software with enhanced services, which three packet elements are inspected to determine if a session already exists? (Choose three.) A. IP protocol B. IP time-to-live C. source and destination IP address Exam1pass Easiest way to pass IT exams Exam1pass Help You Pass Any IT Exam http://www.exam1pass.com D. source and destination MAC address E. source and destination TCP/UDP port Answer: ACE
