Juniper-SEC, Specialist (JNCIS-SEC)

1.

Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?

policy-rematch policy-evaluate rematch-policy evaluate-policy

2.

Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessions when you change the policy action from permit to deny?

The new sessions matching the policy are denied. The existing sessions are dropped. The new sessions matching the policy are denied. The existing sessions, not being allowed to carry anytraffic, simply timeout. The new sessions matching the policy might be allowed through if they match another policy. The existingsessions are dropped. The new sessions matching the policy are denied. The existing sessions continue until they are completedor their timeout is reached.

3.

Which statement describes the behavior of source NAT with address shifting?

Source NAT with address shifting translates both the source IP address and the source port of a packet. Source NAT with address shifting defines a one-to-one mapping from an original source IP address to atranslated source IP address. Source NAT with address shifting can translate multiple source IP addresses to the same translated IPaddress. Source NAT with address shifting allows inbound connections to be initiated to the static source pool IPaddresses.

4.

Which statement is true about interface-based source NAT?

PAT is a requirement. It requires you to configure address entries in the junos-nat zone. It requires you to configure address entries in the junos-global zone. The IP addresses being translated must be in the same subnet as the egress interface.

5.

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the webserver reachable from the Internet using port translation. Which type of NAT must you configure?

source NAT with address shifting pool-based source NAT static destination NAT pool-based destination NAT

6.

Which statement is true about source NAT?

Source NAT works only with source pools. Destination NAT is required to translate the reply traffic. Source NAT does not require a security policy to function. The egress interface IP address can be used for source NAT.

7.

Which statement is true regarding proxy ARP?

Proxy ARP is enabled by default on stand-alone JUNOS security devices. Proxy ARP is enabled by default on chassis clusters. JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled. JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP isenabled.

8.

Which configuration shows a pool-based source NAT without PAT'?

[edit security nat source] user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; port no-translation; } } } [edit security nat source]user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } overflow-pool interface; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; port no-translation; } } } [edit security nat source]user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } port no-translation; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; } } } [edit security nat source]user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } overflow-pool interface; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; } } }

9.

Which statement is true about a NAT rule action of off?

The NAT action of off is only supported for destination NAT rule-sets. The NAT action of off is only supported for source NAT rule-sets. The NAT action of off is useful for detailed control of NAT. The NAT action of off is useful for disabling NAT when a pool is exhausted.

10.

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP? (Choose three.)

data integrity data confidentiality data authentication outer IP header confidentiality outer IP header authentication

Juniper-SEC, Specialist (JNCIS-SEC)

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

Juniper-SEC, Specialist (JNCIS-SEC)

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner