[Free] Download New Latest (November) Juniper JN0-632 Actual Tests Topic 2, Volume B part 01

Ensurepass

QUESTION 71  (Topic 2)

 

While performing routine monitoring of your network, you notice an unusual increase in activity. You check the logs and notice a specific set of flows from a single source IP address. In analyzing these flows you determine that a remote host has sent several packets to your server with no TCP flags set.

 

Which scan is being used?

 

A.

The attacker is using an XMAS tree scan.

B.

The attacker is using a SYN scan.

C.

The attacker is using a NULL scan.

D.

The attacker is using a FIN scan.

 

Answer: C

 

 

QUESTION 72  (Topic 2)

 

In which order are the stages of an attack?

 

A.

reconnaissance, host probes, evasion, host access

B.

host probes, host access, evasion, reconnaissance

C.

evasion, reconnaissance, host probes, host access

D.

reconnaissance, host access, evasion, host probes

 

Answer: A

 

 

Explanation: An attacker usually precedes an attack by performing reconnaissance on the target. Before launching an exploit, attackers might try to probe the targeted host to learn its operating system (OS).Whether gathering information or launching an attack, it is generally expected that the attacker avoids detection. Although some IP address and port scans are blatant and easily detectable, more wily attackers use a variety of means to conceal their activity. Techniques such as using FIN scans instead of SYN scans–which attackers know most firewalls and intrusion detection programs detect–indicate an evolution of reconnaissance and exploit techniques for evading detection and successfully accomplishing their tasks.

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos-

 

 

 

 

security10.0/junos-security-swconfig-security/id-93100.html

 

http://www.juniper.net/techpubs/en_US/junos11.2/topics/concept/attack-detection- prevention-overview.html

 

http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfig- security/understanding-operating-system-probes.html

 

 

QUESTION 73  (Topic 2)

 

You are having problems with SYN flood attacks against your network. You administered the TCP syn-flood options on your SRX device to block these attacks, but internal hosts are still seeing floods that fall just under the threshold you have set for blocking SYN floods. You cannot set the threshold any lower without impacting legitimate traffic.

 

What are two SYN flood protection commands that you can use to resolve the problem? (Choose two.)

 

A.

set security flow syn-flood-protection-mode syn-proxy

B.

disable security flow syn-flood-protection-mode syn-flood

C.

set security flow syn-flood-protection-mode [syn-proxy syn-cookie]

D.

set security flow syn-flood-protection-mode syn-cookie

 

Answer: AD

 

 

Explanation: When syn-proxy is configured the first SYN packets are allowed through. Once the attack threshold is met, the SRX proxies the connection, sending a SYN/ACK back to the source. This is used to determine if it is a legitimate request or just a drone flooding SYN requests. In the source- and destination-based SYN flooding protections, the SYN packets are not proxied but dropped to the floor. Anything above that configured threshold is dropped. This is a dangerous setting, and you must be cautious when designing these thresholds.

SYN cookie protection is a stateless SYN proxy that you can use to defend against SYN floods from spoofed source IP addresses. A SYN cookie doesn’t add much value if the source IP addresses are legitimate and reply to the SYN/ACK packet.

 

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB3268

 

 

 

 

 

 

QUESTION 74  (Topic 2)

 

In the sequence of IPS inspection steps, protocol anomaly detection is performed after which step?

 

A.

after fragments are reassembled

B.

after packets in sessions are tracked

C.

after applications and decode protocols are identified

D.

after packet signatures are checked

 

Answer: C

 

 

Explanation: Anomaly detection can be performed only after application and protocol are idetified.

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.2/junos-security-swconfig-security/topic-42473.html

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security- swconfig-security/topic-42478.html?searchid=1320438879836

 

 

QUESTION 75  (Topic 2)

 

Click the exhibit.

 

 

 

 

 

clip_image002

 

The exhibit contains the full routing-instances and interface configuration present on your

 

 

 

 

SRX Series device. Customer A hosts are attached to the ge-0/0/3 interface and belong to the 10.0.0.0/24 network. Customer B hosts are attached to the ge-0/0/4 interface and belong to the 20.0.0.0/24 network. Assume the appropriate security configuration is in place.

 

Which statement is correct when a host with the IP address 10.0.0.100 pings a host with the IP address 20.0.0.100?

 

A.

The SRX Series device will drop the packets because interface routes are not shared within a rib-group.

B.

The SRX Series device will drop the packets because filter-based forwarding is not configured.

C.

The SRX Series device will forward the traffic because filter-based forwarding is configured.

D.

The SRX Series device will forward the traffic using the logical tunnel interfaces.

 

Answer: D

 

 

QUESTION 76  (Topic 2)

 

Click the Exhibit button

 

clip_image004

 

You have been asked to configure a virtual-router routing-instance (or a group of internal users. To grant the internal users Internet access, you create a static route for all unknown traffic to be routed to the main instance inet.0 table, as shown in the exhibit.

 

What is required for the return traffic from the Internet to be allowed back through the SRX?

 

A.

You must configure a rib-group to move routes from the Juniper routing-instance route table into the inet.0 table for the return traffic to be routed back through.

 

 

 

 

B.

The return traffic uses fast path processing to bypass routing in the inet.0 routing table.

C.

You must configure a group to move routes from inet.0 table into the Juniper routing- instance route table for the return traffic to be routed back through.

D.

The return traffic uses first packet processing to bypass routing in the inet.0 routing table.

 

Answer: A

 

 

Explanation: Without exporting routes from routing-instance Juniper to inet.0 the traffic from internet to the networks in routing-instance Juniper is dropped. When a packet enters the SRX, the flow daemon (flowd) performs a session lookup. It does this to see whether the packet is already part of an existing session. If the packet is part of an existing session, it takes what is referred to as the fast path . If it is not found to be part of an existing session, it goes down the slow path . The fast path has fewer steps involved in checking the packet, and as a result, it is much faster at processing the packet.

 

http://www.juniper.net/techpubs/en_US/junos11.3/topics/reference/configuration- statement/rib-groups-edit-routing-options.html

 

 

QUESTION 77  (Topic 2)

 

You need to establish a new point-to-point IPSec VPN to a recently acquired remote site. The remote site is currently using the same network space with many overlapping IP addresses. You have been asked to implement an interim solution until there is time to migrate the remote site to a different network space.

 

Which solution accomplishes this task?

 

A.

Implement source NAT on the remote gateway device.

B.

Implement destination NAT on the local gateway device.

C.

Implement static NAT on the local gateway device.

D.

Implement static NAT on both gateway devices.

 

Answer: D

 

 

Explanation: Because both networks use the same internal IP addressing, it is not possible to simply build a tunnel between the two sites. However, if the tunnel endpoints on both sides are Juniper services routers, it is possible to configure a tunnel between these sites with an advanced configuration using NAT. It is important to understand this basic routing dilemma. If a host is attached to a network, say 10.0.0.0/24, and the other device

 

 

 

 

 

on the remote end is attached to a network using the same IP address subnet, it is not possible to build a tunnel and route the traffic to the other device without some sort of address translation. This is because all packets are routed based on the destination IP address. Before routing occurs, a determination must be made as to whether the destination IP is on the same (local) network or not. If the destination IP is on the same network, say 10.0.0.10, the destination device is found using Address Resolution Protocol (ARP). However, if the destination IP resides on a different network, the packet is sent to the next-hop router based on the device’s routing table. Because both the local and remote networks share the same IP addressing scheme, the packets will be handled locally and never route to the VPN tunnel. To work around this, we can perform static NAT on the source IP and destination IP of all traffic destined for the remote network at the other end of the tunnel. For this reason, a route based approach to IPsec VPNs makes sense, because the creation of a “virtual” network interface on each services router by way of a “secure tunnel” or “st0” interface is required. It is important to note that in this case the both source and destination addresses are translated as the packet traverses the VPN tunnel to the end host. Thus the services routers at each end of the tunnel must contact each other using a newly created IP network.

 

Reference:

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/JSRX_VPN_ with_Overlapping_Subnetsv2_0.pdf

 

 

QUESTION 78  (Topic 2)

 

How many components can a compound attack object contain?

 

A.

8

B.

16

C.

24

D.

32

 

Answer: D

 

 

QUESTION 79  (Topic 2)

 

You want to deploy an SRX Series cluster for a distributed data center between two remote

 

 

 

 

locations. The earner will provide you with dark fiber capable of the following: a 100 km reach. 125 ms propagation delay, and a packet loss of 1 out of 10.000.000 packets. You plan to connect the fiber directly to the SRX Series devices without any switches in between, and you plan to configure the SRX Series devices with a straightforward cluster configuration. One of the NOC engineers expresses doubts that this design will work.

 

How do you respond?

 

A.

You explain that everything will work as expected.

B.

You agree to install switches in between the SRX Series clusters in both sites for increased availability of the network.

C.

You agree with the argument that dark fiber is not the best choice and choose a managed SDH/SONET solution, running Ethernet over SDH/SONET.

D.

You agree with the NOC engineer that the heartbeat interval timers for the cluster must be adjusted to accommodate the 125 ms delay.

 

Answer: D

 

 

Explanation: JUNOS Software transmits heartbeat signals over the control link at a configured interval. The system uses heartbeat transmissions to determine the “health” of the control link. If the number of missed heartbeats has reached the configured threshold, the system assesses whether a failure condition exists. You specify the heartbeat threshold and heartbeat interval when you configure the chassis cluster. In a chassis cluster configuration on an SRX100, SRX210, SRX240, or SRX650 device, the default values of the heartbeat-threshold and heartbeat-interval options in the [edit chassis cluster] hierarchy are 8 beats and 2000 ms respectively. These values cannot be changed on these devices.

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.1/junos-security-swconfig-security/topic-43696.html?searchid=1320415514489

 

http://www.juniper.net/techpubs/en_US/junos10.2/information-products/topic- collections/release-notes/10.2/topic-45729.html?searchid=1320415514489

 

 

QUESTION 80  (Topic 2)

 

What can cause a node in an SRX Series chassis cluster to be in the disabled state?

 

A.

The primary node loses all power.

B.

Both the control and fabric links between the two nodes go down at the same time.

 

 

 

 

C.

The number of missed heartbeats reaches the configured threshold.

D.

The backup node is configured to go into a disabled state until the active node has a failure

 

Answer: C

 

 

Explanation: JUNOS Software transmits heartbeat signals over the control link at a configured interval. The system uses heartbeat transmissions to determine the “health” of the control link. If the number of missed heartbeats has reached the configured threshold, the system assesses whether a failure condition exists. For a chassis cluster with one control link, if the control link goes down, all redundancy groups on the secondary node go to the ineligible state and eventually to the disabled state.

 

Refe
rence:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15421&actp=search&viewlocale =en_US&searchid=1320424816614#

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security- swconfig-security/topic-43696.html

 

Free VCE & PDF File for Juniper JN0-632 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-632 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.