[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-643 Dumps with VCE and PDF 221-230

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-643.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 221 – (Topic 3)

For IKE phase 1 negotiations, when is aggressive mode typically used?

  1. when one of the tunnel peers has a dynamic IP address

  2. when one of the tunnel peers wants to force main mode to be used

  3. when fragmentation of the IKE packet is required between the two peers

  4. when one of the tunnel peers wants to specify a different phase 1 proposal

Answer: A

Question No: 222 – (Topic 3)

Which IDP policy action drops a packet before it can reach its destination, but does not close the connection?

  1. discard-packet

  2. drop-traffic

  3. discard-traffic

  4. drop-packet

Answer: D

Question No: 223 – (Topic 3)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Which type of source NAT is configured in the exhibit?

  1. interface-based source NAT

  2. static source NAT

  3. pool-based source NAT with PAT

  4. pool-based source NAT without PAT

Answer: A

Question No: 224 – (Topic 3)

Which statement is true regarding proxy ARP?

  1. Proxy ARP is enabled by default on stand-alone JUNOS security devices.

  2. Proxy ARP is enabled by default on chassis clusters.

  3. JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.

  4. JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled.

Answer: D

Question No: 225 – (Topic 3)

Regarding a route-based versus policy-based IPsec VPN, which statement is true?

  1. A route-based VPN generally usesfewerresources than a policy-based VPN.

  2. A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.

  3. A route-based VPN is better suited for dialup or remote access compared to a policy- based VPN.

  4. A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use a policy referencing the IPsec VPN.

Answer: A

Question No: 226 – (Topic 3)

By default, which condition would cause a session to be removed from the session table?

  1. Route entry for the session changed.

  2. Security policy for the session changed.

  3. The ARP table entry for the source IP address timed out.

  4. No traffic matched the session during the timeout period.

Answer: D

Question No: 227 – (Topic 3)

Which two statements are true about overflow pools? (Choose two.)

  1. Overflow pools do not support PAT.

  2. Overflow pools can not use the egress interface IP address for NAT.

  3. Overflow pools must use PAT.

  4. Overflow pools can contain the egress interface IP address or separate IP addresses.

Answer: C,D

Question No: 228 – (Topic 3)

Which branch SRX Series Services Gateway model has a hardware-based, modular Routing Engine?

  1. SRX1400

  2. SRX650

  3. SRX110

  4. SRX240

Answer: B

Question No: 229 – (Topic 3)

Which attribute is optional for IKE phase 2 negotiations?

  1. proxy-ID

  2. phase 2 proposal

  3. Diffie-Hellman group key

  4. security protocol (ESP or AH)

Answer: C

Question No: 230 – (Topic 3)

Which statement is true about interface-based source NAT?

  1. PAT is a requirement.

  2. It requires you to configure address entries in the junos-nat zone.

  3. It requires you to configure address entries in the junos-global zone.

  4. The IP addresses being translated must be in the same subnet as the egress interface.

Answer: A

100% Ensurepass Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-643 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-643 Latest Exam (Jan 2018) and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.