JNCIS-ES pre-accessment questions exam
JNCIS-SEC: Pre-assessment Exam
)what are the common elements that JUNOS Software with enhanced services uses for a flow’s first and subsequent packets? C
Select the best answer then click the forward arrow to submit
A) zones, policy, servie ALG’s and NAT
B) route, policy, NAT,and SCREEN options
C) NAT, SCREEN options, and services ALG’s
D) fast-path processing, route, NAT, and services ALG’s
2)Regarding a route-based versus policy-based IPSec VPN, which statement is true? D
Select the best answer then click the forward arrow to submit
A) A route-based VPN generally uses more resources than a policy-based VPN
B) A route-based VPN cannot have a deny action in a policy;a policy-based VPN can have a deny action in a policy.
C) A route-based VPN uses a policy referencing the IPSec VPN; a policy-based VPN policy does not use a policy referencing the IPSec VPN.
D) A route-based VPN can support OSPF across the tunnel; a policy-based VPN cannot support OSPF across the tunnel.
3)What is the default behavior if incoming transit traffic does not match any configured security policy? B
Select the best answer then click the forward arrow to submit
A) Default policy is applied and the traffic is looged.
B) Default policy is applied and the traffic is dropped.
C) The device checks the junos-global policy list and traffic is permitted or denied accordingly.
D) The device checks the host-inbound-traffic service list and traffic is permitted or denied accordingly.
4) which command determines if snmpd is running? D
Select the best answer then click the forward arrow to submit
A) user@host> show system cpu|match snmpd
B) user@host> show system log|match snmpd
C) user@host> show system snmp|match snmpd
D) user@host> show system processes|match snmpd
5)you want to configure a policy that allows traffic to a particular host.
which step must you perform before committing a configuration with thw policy? C
Select the best answer then click the forward arrow to submit
A)Define a static route to the host
B)Ensure that the router can ping the host
C)Define an address book entry for the host.
D)Ensure that the router has an ARP entry for the host.
6)Which statement accurately describes suspicious packet attacks? D
Select the best answer then click the forward arrow to submit
A)Suspicious packet attacks are a form of DoS attacks and are used to bypass firewalls.
B)Suspicious packet attaks are used in OS probes to learn the traget’s operating system.
C)Suspicious packet attacks involve ICMP echo requests and UDP flood overloading the targets.
D)Suspicious packet attacks involve specially crafter packets, which could involve SYN fragments, bad IP options, unknown protocols, ICMP abnormalities, or IP packet fragments.
7) Which two policy actions are valid? A D
Select all of the correct answers then click the forward arrow to submit
A)NAT
B)ALG application.
C)IP options setting.
D)firewall authentication
8) which configuration keyword ensures that all-in progress sessions are re-evaluated upon committing a policy change? A
Select the best answer then click the forward arrow to submit
A)policy-rematch;
B)policy-evaluate;
C)rematch-policy;
D)evaluate-policy;
9) Which two statements regarding symmetric key encryption are true? B C
Select all of the correct answers then click the forward arrow to submit
A)The same key is used for encryption and decryption
B)It is commonly used to create digital certificate signatures.
C)It uses two keys:one for encryption and a different key for decryption.
D)An attacker can decrypt data if the attacker captures the key used for encryption
10) Which security of functional zone name has special significance to the JUNOS software with enhanced services? D
Select the best answer then click the forward arrow to submit
A)self
B)trust
C)untrust
D)junos-global
11)Which two statements are true about policy-based destination NAT? A C
Select all of the correct answers then click the forward button to submit
A) It also supports PAT.
B) It supports one-to-many translations.
C) It requires you to configure a securirty zone.
D) It requires you to configure an address in the junos-global zone.
12) Which packet type would match the session in the table entry? D
user@host>show security flow session Session ID: 1495, Policy name:default-permit/7, Timeout;
1778
in:172.19.51.162/52071—> 10.1.10.10/23;tcp, if : ge-0/0/0.0
Out: 10.10.10.10/23 —> 172.19.51.162/52071;tcp, if:ge-0/0/3.0
Select the best answer then click the forward arrow to submit
A) ESP packet from 172.19.51.162 to 10.1.10.10
B) ICMP packet from 172.19.51.162 to 10.1.10.10
C) HTTP packet from 172.19.51.162 to 10.1.10.10
D) Telnet packet from 172.19.51.162 to 10.1.10.10
13) Which interface is used to Config Sync, RTO Sync, and forwarding traffic between the devices in a cluster?D
Select the best answer then click the forward arrow to submit
A) the sp interface
B) the reth interface
C) the fxp1 and fxp0 interfaces
D) the fab0 and fab1 interfaces.
14) Which VRRP interface configuration option allows the router to respond to ICMP echo requestes sent to the VRRP addresses?D
Select the best answer then click the forward arrow to submit
A) allow-ping;
B) allow-data;
c) accept-ping;
d) accept-data;
15)How do you group interfaces with similar security requirements?A
Select the best answer then click the forward arrow to submit
A) zones
B) policies
C) address book
D) NAT configuration
16) Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by ESP?A B C
Select the best answer then click the forward arrow to submit
A) data integrity
B) data confidentiality
C) data authentication
D) outer IP header confidentiality
E) outer IP header authentication.
17) which statement is true?A
Select the best answer then click the forward arrow to submit
A) A logical interface can be assigned to a functional zone.
B) A security zone must contain two or more logical interaces.
C) A logical interface can be assigned to multiple security zones.
D) A logical interface can be assigned to a functional zone and a security zone simultaneously.
18) which two statements are true about overflow pools? B,D
Select the best answer then click the forward arrow to submit
A) Overflow pools do not support PAT.
B) overflow pools can be used only when source NAT with PAT is configured.
C) Overflow pools can be used only when source NAT without PAT is configured.
D) overflow pools can contain the interface IP address or separate IP addresses.
19)Host A opens a Telent connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections.
How many sessions exist between Host A and Host B? B
Select the best answer then click the forward arrow to submit.
A) 1
b) 2
C) 3
D) 4
)what are the common elements that JUNOS Software with enhanced services uses for a flow’s first and subsequent packets? C
Select the best answer then click the forward arrow to submit
A) zones, policy, servie ALG’s and NAT
B) route, policy, NAT,and SCREEN options
C) NAT, SCREEN options, and services ALG’s
D) fast-path processing, route, NAT, and services ALG’s
2)Regarding a route-based versus policy-based IPSec VPN, which statement is true? D
Select the best answer then click the forward arrow to submit
A) A route-based VPN generally uses more resources than a policy-based VPN
B) A route-based VPN cannot have a deny action in a policy;a policy-based VPN can have a deny action in a policy.
C) A route-based VPN uses a policy referencing the IPSec VPN; a policy-based VPN policy does not use a policy referencing the IPSec VPN.
D) A route-based VPN can support OSPF across the tunnel; a policy-based VPN cannot support OSPF across the tunnel.
3)What is the default behavior if incoming transit traffic does not match any configured security policy? B
Select the best answer then click the forward arrow to submit
A) Default policy is applied and the traffic is looged.
B) Default policy is applied and the traffic is dropped.
C) The device checks the junos-global policy list and traffic is permitted or denied accordingly.
D) The device checks the host-inbound-traffic service list and traffic is permitted or denied accordingly.
4) which command determines if snmpd is running? D
Select the best answer then click the forward arrow to submit
A) user@host> show system cpu|match snmpd
B) user@host> show system log|match snmpd
C) user@host> show system snmp|match snmpd
D) user@host> show system processes|match snmpd
5)you want to configure a policy that allows traffic to a particular host.
which step must you perform before committing a configuration with thw policy? C
Select the best answer then click the forward arrow to submit
A)Define a static route to the host
B)Ensure that the router can ping the host
C)Define an address book entry for the host.
D)Ensure that the router has an ARP entry for the host.
6)Which statement accurately describes suspicious packet attacks? D
Select the best answer then click the forward arrow to submit
A)Suspicious packet attacks are a form of DoS attacks and are used to bypass firewalls.
B)Suspicious packet attaks are used in OS probes to learn the traget’s operating system.
C)Suspicious packet attacks involve ICMP echo requests and UDP flood overloading the targets.
D)Suspicious packet attacks involve specially crafter packets, which could involve SYN fragments, bad IP options, unknown protocols, ICMP abnormalities, or IP packet fragments.
7) Which two policy actions are valid? A D
Select all of the correct answers then click the forward arrow to submit
A)NAT
B)ALG application.
C)IP options setting.
D)firewall authentication
8) which configuration keyword ensures that all-in progress sessions are re-evaluated upon committing a policy change? A
Select the best answer then click the forward arrow to submit
A)policy-rematch;
B)policy-evaluate;
C)rematch-policy;
D)evaluate-policy;
9) Which two statements regarding symmetric key encryption are true? B C
Select all of the correct answers then click the forward arrow to submit
A)The same key is used for encryption and decryption
B)It is commonly used to create digital certificate signatures.
C)It uses two keys:one for encryption and a different key for decryption.
D)An attacker can decrypt data if the attacker captures the key used for encryption
10) Which security of functional zone name has special significance to the JUNOS software with enhanced services? D
Select the best answer then click the forward arrow to submit
A)self
B)trust
C)untrust
D)junos-global
11)Which two statements are true about policy-based destination NAT? A C
Select all of the correct answers then click the forward button to submit
A) It also supports PAT.
B) It supports one-to-many translations.
C) It requires you to configure a securirty zone.
D) It requires you to configure an address in the junos-global zone.
12) Which packet type would match the session in the table entry? D
user@host>show security flow session Session ID: 1495, Policy name:default-permit/7, Timeout;
1778
in:172.19.51.162/52071—> 10.1.10.10/23;tcp, if : ge-0/0/0.0
Out: 10.10.10.10/23 —> 172.19.51.162/52071;tcp, if:ge-0/0/3.0
Select the best answer then click the forward arrow to submit
A) ESP packet from 172.19.51.162 to 10.1.10.10
B) ICMP packet from 172.19.51.162 to 10.1.10.10
C) HTTP packet from 172.19.51.162 to 10.1.10.10
D) Telnet packet from 172.19.51.162 to 10.1.10.10
13) Which interface is used to Config Sync, RTO Sync, and forwarding traffic between the devices in a cluster?D
Select the best answer then click the forward arrow to submit
A) the sp interface
B) the reth interface
C) the fxp1 and fxp0 interfaces
D) the fab0 and fab1 interfaces.
14) Which VRRP interface configuration option allows the router to respond to ICMP echo requestes sent to the VRRP addresses?D
Select the best answer then click the forward arrow to submit
A) allow-ping;
B) allow-data;
c) accept-ping;
d) accept-data;
15)How do you group interfaces with similar security requirements?A
Select the best answer then click the forward arrow to submit
A) zones
B) policies
C) address book
D) NAT configuration
16) Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by ESP?A B C
Select the best answer then click the forward arrow to submit
A) data integrity
B) data confidentiality
C) data authentication
D) outer IP header confidentiality
E) outer IP header authentication.
17) which statement is true?A
Select the best answer then click the forward arrow to submit
A) A logical interface can be assigned to a functional zone.
B) A security zone must contain two or more logical interaces.
C) A logical interface can be assigned to multiple security zones.
D) A logical interface can be assigned to a functional zone and a security zone simultaneously.
18) which two statements are true about overflow pools? B,D
Select the best answer then click the forward arrow to submit
A) Overflow pools do not support PAT.
B) overflow pools can be used only when source NAT with PAT is configured.
C) Overflow pools can be used only when source NAT without PAT is configured.
D) overflow pools can contain the interface IP address or separate IP addresses.
19)Host A opens a Telent connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections.
How many sessions exist between Host A and Host B? B
Select the best answer then click the forward arrow to submit.
A) 1
b) 2
C) 3
D) 4
