[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-332 Dumps with VCE and PDF Download 281-290

Ensurepass.com : Ensure you pass the IT Exams 2018 Jan Juniper Official New Released JN0-332
100% Free Download! 100% Pass Guaranteed!

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 281 – (Topic 3)

You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?

  1. You must enable SPC detect within the configuration.

  2. You must enable active-active failover for redundancy.

  3. You must ensure all SPCs use the same slot placement.

  4. You must configure auto-negotiation on the control ports of both devices.

Answer: C

Question No: 282 – (Topic 3)

What is the function of NAT?

  1. It performs Layer 3 routing.

  2. It evaluates and redirects matching traffic into secure tunnels.

  3. It provides translation between public and private IP addresses.

  4. It performs Layer 2 switching.

Answer: C Explanation:

Historically, the NAT concept was born because of the shortage of public IPv4 addresses. Many organizations moved to deploy so-called private addresses using the IPv4 private addressing space, as identified in RFC 1918. These addresses include the following ranges:

鈥? ( prefix);

鈥? ( prefix); and

鈥? ( prefix).

Because private addresses are not routable within the public domain, edge network devices can deploy the NAT feature to replace private, nonroutable addresses with public addresses prior to sending traffic to the public network and vice versa. Translation consists of replacing the IP address (NAT), port numbers (PAT), or both, depending on the configuration.

While primarily deployed to translate private addresses to public addresses, NAT can translatefromany addresstoany other address, including public to public and private to private addresses.

Question No: 283 – (Topic 3)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

All system services have been enabled.

Given the configuration shown in the exhibit, which interface allows both ping and SSH traffic?

A. ge-0/0/0.0 B. ge-0/0/1.0 C. ge-0/0/2.0 D. ge-0/0/3.0

Answer: A

Question No: 284 – (Topic 3)

You have packet loss on an IPsec VPN using the default maximum transmission unit (MTU) where the packets have the DF-bit (do not fragment) set.

Which configuration solves this problem?

  1. Set an increased MTU value on the physical interface.

  2. Set a reduced MSS value for VPN traffic under the [edit security flow tcp-mss] hierarchy.

  3. Set a reduced MTU value for VPN traffic under the [edit security flow] hierarchy.

  4. Set an increased MSS value on the st0 interface.

Answer: B

Question No: 285 – (Topic 3)

What do you use to group interfaces with similar security requirements?

  1. zones

  2. policies

  3. address book

  4. NAT configuration

Answer: A

Question No: 286 – (Topic 3)

Which two configuration elements are required for a route-based VPN? (Choose two.)

  1. secure tunnel interface

  2. security policy to permit the IKE traffic

  3. a route for the tunneled transit traffic

  4. tunnel policy for transit traffic referencing the IPsec VPN

Answer: A,C

Question No: 287 – (Topic 3)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

host_a is in subnet_a and host_b is in subnet_b.

Given the configuration shown in the exhibit, which two statements are true about traffic from host_a to host_b?(Choose two.)?

  1. DNS traffic is denied.

  2. Telnet traffic is denied.

  3. SMTP traffic is denied.

  4. Ping traffic is denied.

Answer: B,D

Question No: 288 – (Topic 3)

What are two valid match conditions for source NAT? (Choose two.)

  1. port range

  2. source port

  3. source address

  4. destination address

Answer: C,D

Question No: 289 – (Topic 3)

Which two security policy actions are valid? (Choose two.)

  1. deny

  2. discard

  3. reject

  4. close

Answer: A,C

Question No: 290 – (Topic 3)

Regarding secure tunnel (st) interfaces, which statement is true?

  1. You cannot assign st interfaces to a security zone.

  2. You cannot apply static NAT on an st interface logical unit.

  3. st interfaces are optional when configuring a route-based VPN.

  4. A static route can reference the st interface logical unit as the next-hop.

Answer: D

100% Ensurepass Free Download!
Download Free Demo:JN0-332 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-332 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.