[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-643 Dumps with VCE and PDF 71-80

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-643.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 71 – (Topic 1)

The Junos OS blocks an HTTP request due to a Websense server response. Which form of Web filtering is being used?

  1. redirect Web filtering

  2. integrated Web filtering

  3. categorized Web filtering

  4. local Web filtering

Answer: A

Question No: 72 – (Topic 1)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Assume the default-policy has not been configured. Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? (Choose two.)

  1. DNS traffic is denied.

  2. HTTP traffic is denied.

  3. FTP traffic is permitted.

  4. SMTP traffic is permitted.

Answer: A,C

Question No: 73 – (Topic 1)

Which statement contains the correct parameters for a route-based IPsec VPN?

  1. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp;

    authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc;

    lifetime-seconds 3200;

    }

    policy ipsec1-policy { perfect-forward-secrecy { keys group2;

    }

    proposals ike1-proposal;

    }

    vpn VpnTunnel { interface ge-0/0/1.0; ike {

    gateway ike1-gateway; ipsec-policy ipsec1-policy;

    }

    establish-tunnels immediately;

    }

  2. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp;

    authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc;

    lifetime-seconds 3200;

    }

    policy ipsec1-policy { perfect-forward-secrecy { keys group2;

    }

    proposals ike1-proposal;

    }

    vpn VpnTunnel { interface st0.0; ike {

    gateway ike1-gateway; ipsec-policy ipsec1-policy;

    }

    establish-tunnels immediately;

    }

  3. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp;

    authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc;

    lifetime-seconds 3200;

    }

    policy ipsec1-policy { perfect-forward-secrecy { keys group2;

    }

    proposals ike1-proposal;

    }

    vpn VpnTunnel {

    bind-interface ge-0/0/1.0; ike {

    gateway ike1-gateway; ipsec-policy ipsec1-policy;

    }

    establish-tunnels immediately;

    }

  4. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp;

authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc;

lifetime-seconds 3200;

}policy ipsec1-policy { perfect-forward-secrecy { keys group2;

}

proposals ike1-proposal;

}

vpn VpnTunnel { bind-interface st0.0; ike {

gateway ike1-gateway; ipsec-policy ipsec1-policy;

}

establish-tunnels immediately;

}

Answer: D

Question No: 74 – (Topic 1)

Under which Junos hierarchy level are security policies configured?

  1. [edit security]

  2. [edit protocols]

  3. [edit firewall]

  4. [edit policy-options]

Answer: A

Question No: 75 – (Topic 1)

Which three statements are true regarding IDP? (Choose three.)

  1. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.

  2. IDP inspects traffic up to the Application Layer.

  3. IDP searches the data stream for specific attack patterns.

  4. IDP inspects traffic up to the Presentation Layer.

  5. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.

Answer: B,C,E

Question No: 76 – (Topic 1)

Whichstatement describes an ALG?

  1. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to deny the traffic.

  2. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.

  3. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to deny the traffic.

  4. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.

Answer: B

Question No: 77 – (Topic 1)

A network administrator has configured source NAT, translating to an address that is on a locally connected subnet. The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?

  1. The host needs to open the telnet port.

  2. The host needs a route for the translated address.

  3. The administrator must use a proxy-arp policy for the translated address.

  4. The administrator must use a security policy, which will allow communication between the zones.

Answer: C

Question No: 78 – (Topic 1)

By default, how is traffic evaluated when the antivirus database update is in progress?

  1. Traffic is scanned against the old database.

  2. Traffic is scanned against the existing portion of the currently downloaded database.

  3. All traffic that requires antivirus inspection is dropped and a log message generated displaying the traffic endpoints.

  4. All traffic that requires antivirus inspection is forwarded with no antivirus inspection and a log message generated displaying the traffic endpoints.

Answer: D

Question No: 79 – (Topic 1)

Which zone type can be specified in a policy?

  1. security

  2. functional

  3. user

  4. system

Answer: A Explanation:

QUESTIONNO: 41

Which two statements about Junos software packet handlingare correct? (Choose two.)

  1. The Junos OS applies service ALGs only for the first packet of a flow.

  2. The Junos OS uses fast-path processing only for the first packet of a flow.

  3. The Junos OS performs policy lookup only for the first packet of a flow.

  4. The Junos OS applies SCREEN options for both first and consecutive packets of a flow. Answer: C, D

Question No: 80 – (Topic 1)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Your IKE SAs are up, but the IPsec SAs are not up.Referring to the exhibit, what is the problem?

  1. One or more of the phase 2 proposals such as authentication algorithm, encryption algorithm do not match.

  2. The tunnel interface is down.

  3. The proxy IDs do not match.

  4. The IKE proposals do not match the IPsec proposals.

Answer: C

100% Ensurepass Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-643 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-643 Latest Exam (Jan 2018) and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.