[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-643 Dumps with VCE and PDF 31-40

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-643.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 31 – (Topic 1)

A user wants to establish an HTTP session to a server behind an SRX device but is being pointed to Web page on the SRX device for additional authentication. Which type of user authentication is configured?

  1. pass-through with Web redirect

  2. WebAuth with HTTP redirect

  3. WebAuth

  4. pass-through

Answer: C Explanation:

Web authentication is valid for all types of traffic. With Web authentication configured, users must first directly access the Junos security platform using HTTP. The user enters the address or hostname of the device into a Web browser and then receives a prompt for a username and password. If authentication is successful, the user can then access the restricted resource directly. Subsequent traffic from the same source IP address is automatically allowed access to the restricted resource, as long as security policy allows for it.

Question No: 32 – (Topic 1)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Given the configuration shown in the exhibit, which protocol(s) are allowed to communicate with the device on ge-0/0/0.0?

  1. RIP

  2. OSPF

  3. BGP and RIP

  4. RIP and PIM

Answer: A

Question No: 33 – (Topic 1)

Which two statements about staticNAT are true? (Choose two.)

  1. Static NAT can only be used with destination NAT.

  2. Static NAT rules take precedence over overlapping dynamic NAT rules.

  3. NAT rules take precedence over overlapping static NAT rules.

  4. A reverse mapping is automatically created.

Answer: B,D

Question No: 34 – (Topic 1)

What is the proper sequence of evaluation for the SurfControl integrated Web filter solution?

  1. whitelists, blacklists, SurfControl categories

  2. blacklists, whitelists, SurfControl categories

  3. SurfControl categories, whitelists, blacklists

  4. SurfControl categories, blacklists, whitelists

Answer: B

Question No: 35 – (Topic 1)

A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?

  1. It enables an attacker to perform an IP sweep of devices.

  2. It enables a hacker to know which operating system the system is running.

  3. It can overflow the session table to its limit, which can result in rejection of legitimate traffic.

  4. It creates a ping of death and can cause the entire network to be infected with a virus.

Answer: C

Question No: 36 – (Topic 1)

Which three parameters are configured in the IKE policy? (Choose three.)

  1. mode

  2. preshared key

  3. external interface

  4. security proposals

  5. dead peer detection settings

Answer: A,B,D

Question No: 37 – (Topic 1)

Which statementis true regarding NAT?

  1. NAT is not supported on SRX Series devices.

  2. NAT requires special hardware on SRX Series devices.

  3. NAT is processed in the control plane.

  4. NAT is processed in the data plane.

Answer: D Explanation:

The data plane on Junos security platforms, implemented on IOCs, NPCs, and SPCs for high-end devices and on CPU cores and PIMs for branch devices, consists of Junos OS packet-handling modules compounded with a flow engine and session management like that of the ScreenOS software. Intelligent packet processing ensures that one single thread exists for packet flow processing associated with a single flow. Real-time processes enable the Junos OS to perform session-based packet forwarding.

Question No: 38 – (Topic 1)

You have configured a UTM profile called Block-Spam, which has the appropriate antispam configuration to block undesired spam e-mails. Which configuration would protect an SMTP server in the dmz zone from spam originating in the untrust zone?

  1. set security policies from-zone dmz to-zone untrust policy anti-spam then permit application-services utm-policy Block-Spam

  2. set security policies from-zone untrust to-zone dmz policy anti-spam then permit application-services utm-policy Block-Spam

  3. set security policies from-zone untrust to-zone dmz policy anti-spam then permit

    application-services anti-spam-policy Block-Spam

  4. set security policies from-zone untrust to-zone dmz policy anti-spam then permit application-services Block-Spam

Answer: B

Question No: 39 – (Topic 1)

Which two statements regarding external authentication servers for firewall user authentication are true? (Choose two.)

  1. Up to three external authentication server types can be used simultaneously.

  2. Only one external authentication server type can be used simultaneously.

  3. If the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is bypassed.

  4. If the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is rejected.

Answer: B,D

Question No: 40 – (Topic 1)

Which three advanced permit actions within security policiesare valid? (Choose three.)

  1. Mark permitted traffic for firewall user authentication.

  2. Mark permitted traffic for SCREEN options.

  3. Associate permitted traffic with an IPsec tunnel.

  4. Associate permitted traffic with a NAT rule.

  5. Mark permitted traffic for IDP processing.

Answer: A,C,E

100% Ensurepass Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-643 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-643 Latest Exam (Jan 2018) and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.