[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-343 Dumps with VCE and PDF 331-340

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-343
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-343.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 331 – (Topic 4)

While reviewing the logs on your SRX240 device, you notice SYN floods coming from multiple hosts out on the Internet.

Which Junos Screen option would protect against these denial-of-service (DoS) attacks?

  1. [edit security screen] user@host# show

    ids-option no-flood { limit-session {

    destination-ip-based 150;

    }

    }

  2. [edit security screen] user@host# show

    ids-option no-flood {

    tcp { syn-fin;

    }

    }

  3. [edit security screen] user@host# show

    ids-option no-flood { limit-session {

    source-ip-based 150;

    }

    }

  4. [edit security screen] user@host# show

ids-option no-flood { icmp {

flood threshold 10;

}

}

Answer: A

Question No: 332 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Your network management station has generated an alarm regarding NAT utilization based on an SNMP trap received from an SRX Series device.

Referring to the exhibit, which statement is correct about the alarm?

  1. The network management station will require manual intervention to clear the alarm.

  2. Once utilization is below 40 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

  3. Once utilization is below 50 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

  4. Once utilization is below 80 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

Answer: B

Question No: 333 – (Topic 4)

A security association is uniquely identified by which two values? (Choose two.)

  1. security parameter index value

  2. security association ID

  3. tunnel source address

  4. security protocol

Answer: A,D

Question No: 334 – (Topic 4)

You want to enable local logging for security policies and have the log information stored in a separate file on a branch SRX Series device.

Which configuration will accomplish this task?

  1. [edit system syslog] user@host# show

    file sec-pol-log { user info;

    }

  2. [edit system syslog] user@host# show host 192.168.1.1 { user info;

    }

  3. [edit system syslog] user@host# show

    file sec-pol-log { any any;

    }

  4. [edit system syslog] user@host# show

file sec-pol-log { security info;

}

Answer: A

Question No: 335 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Referring to the exhibit, which three statements are correct? (Choose three.)

  1. Source NAT is configured.

  2. Address shifting is configured.

  3. Interface-based NAT is configured.

  4. Pool-based NAT is configured.

  5. IPv6 is configured to bypass NAT.

Answer: A,C,E

Question No: 336 – (Topic 4)

You must create a security policy for a custom application that requires a longer session timeout than the default application offers.

Which two actions are valid? (Choose two.)

  1. Set the timeout value in the security forwarding-options section of the CLI.

  2. Set the timeout value for the application in the security zone configuration.

  3. Alter a built-in application and set the timeout value under the application-protocol section of the CLI.

  4. Create a custom application and set the timeout value under the application-protocol section of the CLI.

Answer: C,D

Question No: 337 – (Topic 4)

You want to show interface-specific zone information and statistics. Which operational command would be used to accomplish this?

  1. show security zones detail

  2. show interfaces ge-0/0/3.0

  3. show interfaces terse

  4. show interfaces ge-0/0/3.0 extensive

Answer: D

Question No: 338 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

You have created an IPsec VPN on an SRX Series device. You believe the tunnel is configured correctly, but traffic from a host with the IP address of 10.12.1.10 cannot reach a remote device over the tunnel with an IP address of 10.128.64.132. The ge-0/0/1.0 interface is in the trust zone and the st0.0 interface is in the vpn zone. The output of four show commands is shown in the exhibit.

What is the configuration problem with the tunnel?

  1. Only one IKE tunnel exists so there is no path for return IKE traffic. You need to allow IKE inbound on interface ge-0/0/0.0.

  2. Because there are no IPsec security associations, the problem is in the IPsec proposal settings.

  3. The static route created to reach the remote host is incorrect.

  4. The VPN settings are correct, the traffic is being blocked by a security policy.

Answer: C

Question No: 339 – (Topic 4)

An engineer has just created a single policy allowing ping traffic from a host in the Users zone to a server in the Servers zone.

When the host pings the server, what will happen to the return traffic?

  1. The return traffic will match the session and will be permitted.

  2. The return traffic will match the new policy and will be permitted.

  3. The return traffic will not be permitted; it will need a separate policy.

  4. The return traffic will not be permitted; it will match the system default policy.

Answer: A

Question No: 340 – (Topic 4)

Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)

  1. The SYN cookie mechanism is stateless; therefore, the initial three-way handshake can complete before a session table entry is completed.

  2. The SRX device will implement the SYN cookie mechanism on all connections once SYN cookies are enabled.

  3. The SYN cookie mechanism uses a cryptographic hash, which can detect spoofed source addresses.

  4. SYN cookie protection can stop UDP floods as well as TCP floods.

Answer: A,C

100% Ensurepass Free Download!
Download Free Demo:JN0-343 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-343 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-343 Latest Exam (Jan 2018) and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.