[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-343 Dumps with VCE and PDF 51-60

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-343
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-343.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 51 – (Topic 1)

What is the default session timeout for TCP sessions?

  1. 1 minute

  2. 15 minutes

  3. 30 minutes

  4. 90 minutes

Answer: C

Question No: 52 – (Topic 1)

What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?

  1. set apply-groups node$

  2. set apply-groups (node)

  3. set apply-groups $(node)

  4. set apply-groups (node)all

Answer: C

Question No: 53 – (Topic 1)

Which three firewall user authentication objects can be referenced in a security policy? (Choose three.)

  1. access profile

  2. client group

  3. client

  4. default profile

  5. external

Answer: A,B,C

Question No: 54 – (Topic 1)

Which two UTM features require a license tobe activated? (Choose two.)

  1. antispam

  2. antivirus (full AV)

  3. content filtering

  4. Web-filtering redirect

Answer: A,B

Question No: 55 – (Topic 1)

Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close. Which configuration meets this requirement?

  1. [edit security policies from-zone Private to-zone External] user@host# show

    policy allowTransit { match {

    source-address PrivateHosts; destination-address ExtServers; application ExtApps;

    }

    then { permit { tunnel {

    ipsec-vpn VPN;

    }

    }

    log { session-init;

    }

    }

    }

  2. [edit security policies from-zone Private to-zone External] user@host# show

    policy allowTransit { match {

    source-address PrivateHosts; destination-address ExtServers; application ExtApps;

    }

    then { permit { tunnel {

    ipsec-vpn VPN;

    }

    }

    count { session-close;

    }

    }

    }

  3. [edit security policies from-zone Private to-zone External] user@host#

    showpolicy allowTransit { match {

    source-address PrivateHosts; destination-address ExtServers; application ExtApps;

    }

    then { permit { tunnel {

    ipsec-vpn VPN;

    }

    }

    log {

    session-close;

    }

    }

    }

  4. [edit security policies from-zone Private to-zone External] user@host# show

policy allowTransit { match {

source-address PrivateHosts; destination-address ExtServers; application ExtApps;

}

then { permit { tunnel {

ipsec-vpn VPN; log;

count session-close;

}

}

}

}

Answer: C

Question No: 56 – (Topic 1)

You must configure a SCREEN option that would protect your router from a session table flood.Which configuration meets this requirement?

  1. [edit security screen] user@host# show

    ids-option protectFromFlood { icmp {

    ip-sweep threshold 5000;

    flood threshold 2000;

    }

    }

  2. [edit security screen] user@host# show

    ids-option protectFromFlood { tcp {

    syn-flood {

    attack-threshold 2000;

    destination-threshold 2000;

    }

    }

    }

  3. [edit security screen] user@host# show

    ids-option protectFromFlood { udp {

    flood threshold 5000;

    }

    }

  4. [edit security screen] user@host# show

ids-option protectFromFlood { limit-session {

source-ip-based 1200;

destination-ip-based 1200;

}

}

Answer: D

Question No: 57 – (Topic 1)

What are two rule base types within an IPS policy on an SRX Series device? (Choose two.)

  1. rulebase-ips

  2. rulebase-ignore

  3. rulebase-idp

  4. rulebase-exempt

Answer: A,D

Question No: 58 – (Topic 1)

Which two statements about the use of SCREEN optionsare correct? (Choose two.)

  1. SCREEN options are deployed at the ingress and egress sides of a packet flow.

  2. Although SCREEN options are very useful, their use can result in more session creation.

  3. SCREEN options offer protection against various attacks at the ingress zone of a packet flow.

  4. SCREEN options examine traffic prior to policy processing, thereby resulting in fewer resources used for malicious packet processing.

Answer: C,D

Question No: 59 – (Topic 1)

Which two statements regarding symmetric key encryption are true? (Choose two.)

  1. The same key is used for encryption and decryption.

  2. It is commonly used to create digital certificate signatures.

  3. It uses two keys: one for encryption and a different key for decryption.

  4. An attacker can decrypt data if the attacker captures the key used for encryption.

Answer: A,D

Question No: 60 – (Topic 1)

Which three statements are true when working with high-availabilityclusters? (Choose three.)

  1. The valid cluster-id range is between 0 and 255.

  2. Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled.

  3. If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.

  4. A reboot is required if the cluster-id or node value is changed.

  5. Junos OS security devices can belong to one cluster only.

Answer: C,D,E

100% Ensurepass Free Download!
Download Free Demo:JN0-343 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-343 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-343 Latest Exam (Jan 2018) and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.