[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-661 Dumps with VCE and PDF 341-350

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-661
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-661.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 341 – (Topic 4)

What are two valid network prefixes in address books? (Choose two.)

A. 172.16.3.11/29 B. 172.16.0.0/16 C. 172.16.3.11/32 D. 172.16.3.11/24

Answer: B,C

Question No: 342 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Referring to the exhibit, you need to allow ping traffic into interface ge-0/0/1. Which configuration step will accomplish this task?

  1. set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system- services ping

  2. set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system- services ping

  3. set security zones security-zone trust interfaces vlan-trust host-inbound-traffic system- services ping

  4. set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system- services ping

Answer: D

Question No: 343 – (Topic 4)

Which Junos NAT implementation requires the use of proxy ARP?

  1. destination NAT using a pool outside the IP network of the device#39;s interface

  2. source NAT using the device#39;s egress interface

  3. source NAT using a pool in the same IP network as the device#39;s interface

  4. source NAT using a pool outside the IP network of the device#39;s interface

Answer: C

Question No: 344 – (Topic 4)

Which antivirus protection feature uses virus patterns and a malware database that are located on external servers?

  1. full file-based

  2. Kaspersky

  3. Sophos

  4. express scan

Answer: C

Question No: 345 – (Topic 4)

You have deployed enhanced Web filtering on an SRX Series device. A user requests a URL that is not in the URL filtering cache.

What happens?

  1. The request is permitted immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests.

  2. The request is blocked immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests.

  3. The SRX device requests the category from the configured server. Once the response is received, the SRX device processes the request against the policy based on the information received and caches the response.

  4. The SRX device will either permit or deny the request immediately depending on the configuration in the UTM policy. The SRX device then requests the category from the central server and caches the response for use with subsequent requests.

Answer: C

Question No: 346 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

You are implementing a new route-based IPsec VPN on an SRX Series device andthe

tunnel will not establish.

What needs to be modified in the configuration shown in the exhibit?

  1. Change the bind-interface from st0.0 to ge-0/0/0.0.

  2. Add st0.0 to a security zone.

  3. Add esp under host-inbound-traffic on zone untrust.

  4. Add ike under host-inbound-traffic on zone trust.

Answer: B

Question No: 347 – (Topic 4)

You are asked to change the behavior of the system-default policy from the default setting on an SRX Series device.

What would be the result of this change?

  1. Traffic matching the default policy will be permitted.

  2. Traffic matching the default policy will be denied.

  3. Traffic matching the default policy will be rejected.

  4. Traffic matching the default policy will be queued.

Answer: A

Question No: 348 – (Topic 4)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

A server in the DMZ of your company is under attack. The attacker is opening a large number of TCP connections to your server which causes resource utilization problems on the server. All of the connections from the attacker appear to be coming from a single IP address.

Referring to the exhibit, which Junos Screen option should you enable to limit the effects of the attack while allowing legitimate traffic?

  1. Apply the Junos Screen option limit-session source-based-ip to the Untrust security zone.

  2. Apply the Junos Screen option limit-session source-based-ip to the DMZ security zone.

  3. Apply the Junos Screen option limit-session destination-based-ip to the Untrust security zone.

  4. Apply the Junos Screen option limit-session destination-based-ip to the DMZ security zone.

Answer: A

Question No: 349 – (Topic 4)

Which two actions occur during IKE Phase 1? (Choose two.)

  1. A secure channel is established between two peers.

  2. The proxy ID is used to identify which security association is referenced for the VPN.

  3. The Diffie-Hellman key exchange algorithm establishes a shared key for encryption.

  4. The security association is identified by a unique security parameter index value.

Answer: A,C

Question No: 350 – (Topic 4)

You need to apply the Junos Screen protect-zone to the public zone. Which configuration meets this requirement?

  1. [edit security zones security-zone public] user@host# show

    address-book {

    address host-1 192.168.1.1/32;

    }

    screen protect-zone; host-inbound-traffic { system-services { all;

    }

    }

    interfaces { ge-0/0/0.0;

    }

  2. [edit security zones security-zone public] user@host# show

    address-book {

    address host-1 192.168.1.1/32;

    }

    host-inbound-traffic { screen protect-zone; system-services { all;

    }

    }

    interfaces { ge-0/0/0.0;

    }

  3. [edit security zones security-zone public] user@host# show

    address-book {

    address host-1 192.168.1.1/32;

    }

    host-inbound-traffic { system-services { all;

    }

    }

    interfaces { ge-0/0/0.0;

    screen-protect-zone;

    }

  4. [edit security zones security-zone public] user@host# show

address-book {

address host-1 192.168.1.1/32;

}

screen all;

host-inbound-traffic { system-services { all;

}

}

interfaces { ge-0/0/0.0;

}

Answer: A

100% Ensurepass Free Download!
Download Free Demo:JN0-661 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-661 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-661 Latest Exam (Jan 2018) and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.