[Free] Download New Latest (November) Juniper JN0-632 Actual Tests Topic 2, Volume B part 04

Ensurepass

QUESTION 101  (Topic 2)

 

You are asked to configure an IPsec tunnel to securely connect from the headquarters office to a remote office.

 

You are required to use ESP and to disable NAT traversal between offices.

 

What will accomplish this task?

 

A.

set security ipsec vpn vpn-name ike no-nat-traversal

B.

set security ike no-nat-t raversal

C.

set security ike gateway gateway-name no-nat-traversal

D.

set security ipsec no-nat-traversal

 

Answer: C

 

 

QUESTION 102  (Topic 2)

 

Click the Exhibit button.

 

clip_image002

 

Your company uses a custom-built FTP application. You have configured an application definition to support it on your SRX Series device as shown in the exhibit, and applied the application to the relevant security policy.

 

Which statement is true about the application definition?

 

A.

The source-port parameter must be specified.

B.

The inactivity timeout value is too low.

C.

The application-protocol parameter must be specified

D.

The application definition is configured correctly.

 

 

 

 

 

Answer: D

 

 

QUESTION 103  (Topic 2)

 

You initiated the download of the attack database. The system indicates that it will run asynchronous and returns you to a command prompt in the CLI. You want to know if the download has completed.

 

Which command do you run to confirm this?

 

A.

request security idp security-package install status

B.

request system software idp security-package download status

C.

request security idp security-package download status

D.

request security idp security-package install

 

Answer: C

 

 

Explanation: “request security idp security-package download status” command is used to verify the download status.

 

Reference: O’Reilly. Junos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, James Quinn, August 2010, p. 434

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15806&actp=search&viewlocale =en_US&searchid=1320424816614#

 

 

QUESTION 104  (Topic 2)

 

You are using certificates for IPsec VPNs and want the SRX Series device to verify that the certificates are valid.

 

When configuring the SRX device, which protocol is supported for retrieving the CRL?

 

A.

RADIUS

B.

TACACS+

C.

LDAP

D.

FTP

 

 

 

 

 

Answer: C

 

 

QUESTION 105  (Topic 2)

 

You have a branch location connected to a virtual-router type of routing-instance. To provide Internet access, one requirement is to provide connectivity to an interface and its direct route, which belongs to the default inet.0 routing-instance.

 

Which statement is true?

 

A.

The scenario is not possible; the interfaces must both be in the same routing-instance.

B.

You must configure a non-forwarding routing-instance.

C.

You must configure interface-routes with a share rib-group.

D.

You must configure a policy in the forwarding-options configuration hierarchy.

 

Answer: C

 

 

Explanation: You have to import interface routes from inet.0 table into routing-instance. This is done by configuring routing-options interface-routes rib-group command.

 

Reference:

http://www.juniper.net/techpubs/en_US/junos10.3/topics/reference/configuration- statement/rib-group-edit-routing-options.html?searchid=1320424816614

 

 

QUESTION 106  (Topic 2)

 

For RG 1, Node 0 has priority 200; Node 1 has priority 100. Preempt has been configured. Node 0 has been rebooted; therefore, Node 1 is primary for RG 1.

 

What happens when Node 0 comes back up?

 

A.

Node 0 is still secondary for RG 1 because preempt is configured

B.

All redundancy groups failover to Node 0.

C.

Node 0 becomes primary for RG 1.

D.

Node 0 will preempt Node 1 from becoming primary for RG 1.

 

Answer: C

 

 

 

 

Explanation: Each node is given a priority within a redundancy group. The higher-priority device is given mastership over the redundancy group. This depends on a few options, and one of them, by default, is that a node with a higher priority will not preempt the device with the lower priority. The result is that if a lower-priority node were to have ownership of a redundancy group and then a node with the higher priority were to come online, it would not give ownership to the higher-priority device. To enable this, the preempt option would need to be enabled, and the device with the higher priority would take ownership of the redundancy group when it was healthy to do so.

 

Reference: Reference: O’Reilly. Junos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, James Quinn, August 2010, p. 572.

 < /span>

 

QUESTION 107  (Topic 2)

 

Click the Exhibit button.

 

clip_image004

 

Referring to the exhibit, Company A and Company B are using the same IP address space

 

Which NAT configuration allows device A and device B to communicate?

 

 

 

 

 

 

 

 

 

A.

Option A

B.

Option B

 

 

 

 

C.

Option C

D.

Option D

 

Answer: B

Explanation:

To habdle this situation double NAT is required. First of all you create two one-to-one maping for translation of destination IPs:

Q4

1.1.0/24 172.31.1.0/24 for packets that go from Company B to Company A and

 

Answer:

 

Q5

1.1.0/24 172.31.2.0/24 fro packets that go from Company A to Company B

 

Then on each router you create destination addrress translation for packets coming from untrusted zone.

 

 

QUESTION 108  (Topic 2)

 

An IPSec tunnel has just gone down in your network and you have been asked to troubleshoot and resolve the issue.

 

Which three reasons might be the cause of this issue? (Choose three.)

 

A.

network connectivity issues

B.

encapsulation mismatches

C.

identical preshared keys

D.

MTU mismatch on tunnel endpoints

E.

authentication mismatches

 

Answer: ABE

 

 

Reference:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21899&actp=search&viewlocale =en_US&searchid=1320424816614#

 

 

QUESTION 109  (Topic 2)

 

 

 

 

Which two make up the context of an IPS attack signature? (Choose two.)

 

A.

service binding

B.

application

C.

scope

D.

application subset

 

Answer: BD

 

 

Explanation: To aid in the accuracy and performance of IPS inspection, the SRX uses a concept called contexts to match an attack in the specific place where it occurs in the application protocol. This helps to ensure that performance is optimized by not searching for attacks where they would not occur, and it limits false positives.

 

Reference: O’Reilly. Junos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, James Quinn, August 2010, p. 405

 

 

QUESTION 110  (Topic 2)

 

When fragmented traffic is processed by the IPS engine, two steps are performed. First, the IPS engine identifies IP fragments.

 

What is the second step?

 

A.

detecting fragment chains

B.

checking fragments for overlaps, duplicates, or fragmented packets of the wrong length

C.

reassembling packets and serializing them in the correct order for further inspection

D.

checking a TCP packet’s length and TTL

 

Answer: C

 

 

Explanation: For further processing fragments of IP packet must be reassembled and serialized

 

Free VCE & PDF File for Juniper JN0-632 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-632 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.