Security Profesional (JNCIP-SEC) â†˜
Question: 1 You want to implement an IPS rule base action in which matching traffic is dropped. Which configuration parameter meets this requirement? A. no-action B. drop-packet C. accept D. notification
Question: 2 You are asked to set up a multi-tenant configuration on your SRX Series device. Several remote branch locations are connected to the device. You will connect each remote site to a separate logical interface. You want to implement segmentation between the branch locations using security zones and routing-instances.Which two statements are true? (Choose two.) A. Multiple branch locations can be assigned to the same zone but different routing-instances. B. Multiple branch locations can be assigned to the same routing-instance but different zones. C. If you use the interfaces all configuration option under a zone, different interfaces in the same zone can be assigned to multiple routing instances. D. If you use the interfaces all configuration option under a zone, different interfaces must be assigned to the same routing instance.
Question: 3 You are working at a service provider that offers only residential access to DSL subscribers. Your company has decided to make customer traffic subject to further inspection. When you install a new IPS machine in the network, where should you place it?
A. as close as possible to the server farm that runs the company's Web and DNS servers B. between the dual-homed upstream routers and the firewalls C. as close to the B-RAS devices as possible D. in the middle of the network
Question: 4 You want to deploy an SRX Series cluster for a distributed data center between two remote locations. The carrier will provide you with dark fiber capable of the following: a 100 km reach, 125 ms propagation delay, and a packet loss of 1 out of 10,000,000 packets. You plan to connect the fiber directly to the SRX Series devices without any switches in between, and you plan to configure the SRX Series devices with a straightforward cluster configuration. One of the NOC engineers expresses doubts that this design will work.How do you respond? A. You explain that everything will work as expected. B. You agree to install switches in between the SRX Series clusters in both sites for increased availability of the network. C. You agree with the argument that dark fiber is not the best choice and choose a managed SDH/SONET solution, running Ethernet over SDH/SONET. D. You agree with the NOC engineer that the heartbeat interval timers for the cluster must be adjusted to accommodate the 125 ms delay.
Question: 5 In a group VPN topology, you have three members A, B, and C. You want A to communicate with B using a different encryption key from the one it uses to communicate with C.How do you achieve this?
A. You put A, B, and C in three different groups. B. You put A, B, and C in the same group, but you define a different match-policy for communication between A and B and for communication between A and C. C. You define a different SA and a different match-policy for communication between A and B and for communication between A and C. D. In a group VPN, all members of a group must use the same key to communicate with each other.
Question: 6 You have set up a chassis cluster in an active-active state. While monitoring the fabric link during a failover scenario, you noticed the utilization is higher than expected.What are two possible causes of the higher utilization? (Choose two.) A. An upstream link failure has resulted in Internet-bound traffic ingressing the primary node and egressing the secondary node. B. The failover from the primary node to the secondary node has resulted in increased heartbeat and RTO traffic. C. A LAN interface failure has resulted in Internet-bound traffic ingressing the secondary node and egressing the primary node. D. The failover from the primary node to the secondary node has resulted in a graceful restart scenario in which all traffic must use the fabric link.
Question: 7 Click the Exhibit button.High availability chassis clustering has been configured. The SRX 5800-A is in passive mode, while the SRX 5800-B is in active mode. The administrator has configured the controllink-recovery feature. A unidirectional fabric link causes the SRX 5800-A to see the SRX 5800-B's probes, but the SRX 5800-B cannot see the SRX 5800-A's probes.What will happen in this situation? A. Traffic from R2 toward R4 flows through the SRX 5800-B to the SRX 5800-A. B. Traffic from R2 toward R4 flows through the SRX 5800-A reth3 interface to R3. C. Traffic from R2 toward R4 flows through the SRX 5800-B reth2 interface. D. Traffic from R2 toward R4 flows through the SRX 5800-A reth2 interface to R3.
Question: 8 Click the Exhibit button.The NHTB configuration excerpt shown in the exhibit is applied on an SRX Series device that is a hub in a hub-and-spoke VPN.Which statement is true about this configuration? A. The spoke devices can be any IPsec VPN gateway. B. The spoke devices must be SRX Series devices. C. The spoke devices must support NHTB protocol. D. The spoke devices require multipoint configured on the st0 interface.
Question: 9 You have implemented a chassis cluster that spans a Layer 2 network between two office campuses. You are using dual fabric links. Some of the RTOs are getting lost.What are two reasons why this happens? (Choose two.) A. The switches interconnecting the fabric links do not support jumbo frames. B. The switches are not configured with the proper VLAN tags used by RTO traffic. C. The Layer 2 network contains 10 Gigabit links. D. There is a 500 millisecond latency between the SRX Series devices.
Question: 10 You have been asked to configure a signature to block an attack released by a security vulnerability reporting agency.Which two characteristics of the attack must you understand to configure the attack object? (Choose two.) A. the source IP address of the attacker B. the protocol the attack is transported in C. a string or regular expression that occurs within the attack D. IPv4 routing header
You will not find better practice material than testsexpert PDf questions with answers on the web because it provides real exams preparation environment. Our practice tests and PDF question, answers are developed by industry leading experts according to the real exam scenario. At the moment we provides only question with detailed answers at affordable cost. You will not find comparative material elsewhere on the web at this price. We offer Cisco, Microsoft, HP, IBM, Adobe, Comptia, Oracle exams training material and many more.
We also provide PDF Training Material for: Cisco CCNA CCNP CCIP CCIE CCVP CCSP CXFF CCENT CCDE
Microsoft MCTS MCSE MCITP MBS MCPD MCAD MCAS MCSA MCDBA
HP AIS APC APS ASE CSA MASE APP CSD CSE
IBM Adobe Comptia Oracle Lotus CS4 A+ 11g DBA WebSphere CS3 Security+ 10g DBA Mastery ACE Server+ OSA 10g SOA CS5 Network+ OCA 9i Storage CS2 Linux+ 11i Rational Captivate iNet+ 9i Forms Tivoli Flex Project+ Weblogic IBM DB2 CSM RFID+ Oracle 8i IBM XML MX7 HTI+ PTADCE
We provide latest exams preparation material only. Contact US at: firstname.lastname@example.org Join Us at Twitter: www.twitter.com/testsexpert FaceBook: www.facebook.com/testsexpert
Published on Jan 20, 2012
Published on Jan 20, 2012
JN0-632 JUNIPER exam asnwers free download JN0-632 detailed JN0-632 test answers sample. Buy JUNIPER JN0-632 study materials.