Security, Specialist (JNCIS-SEC) v7.0

Page:    1 / 5   
Exam contains 64 questions

Which type of VPN provides a secure method of transporting encrypted IP traffic?

  • A. IPsec
  • B. Layer 3 VPN
  • C. VPLS
  • D. Layer 2 VPN


Answer : A

Which interface is used exclusively to forward Ethernet-switching traffic between two chassis cluster nodes?

  • A. swfab0
  • B. fxp0
  • C. fab0
  • D. me0


Answer : A

What are three valid virtual interface types for a vSRX? (Choose three.)

  • A. SR-IOV
  • B. fxp0
  • C. eth0
  • D. VMXNET 3
  • E. virtio


Answer : A,B,D

A link from the branch SRX Series device chassis cluster to the Internet requires more bandwidth.
In this scenario, which command would you issue to begin provisioning a second link?

  • A. set chassis cluster reth-count 2
  • B. set interfaces fab0 fabric-options member-interfaces ge-0/0/1
  • C. set interfaces ge-0/0/1 gigether-options redundant-parent reth1
  • D. set chassis cluster redundancy-group 1 node 1 priority 1


Answer : B

You want to implement IPsec on your SRX Series devices, but you do not want to use a preshared key.
Which IPsec implementation should you use?

  • A. public key infrastructure
  • B. next-hop tunnel binding
  • C. tunnel mode
  • D. aggressive mode


Answer : A

Click the Exhibit button.


You are monitoring traffic, on your SRX300 that was configured using the factory default security parameters. You notice that the SRX300 is not blocking traffic between Host A and
Host B as expected.
Referring to the exhibit, what is causing this issue?

  • A. Host B was not assigned to the Untrust zone.
  • B. You have not created address book entries for Host A and Host B.
  • C. The default policy has not been committed.
  • D. The default policypermits intrazone traffic within the Trust zone.


Answer : D

Click the Exhibit button.


Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.111 using HTTP?

  • A. The client will be denied by policy p2.
  • B. The client will be denied by policy p1.
  • C. The client will be permitted by policy p2.
  • D. The client will be permitted by policy p1.


Answer : D

Which statement is true about functional zones?

  • A. Functional zones are a collection of regulated transit network segments.
  • B. Functional zones provide a means of distinguishing groups of hosts and their resources from oneanother.
  • C. Functional zones are used for management.
  • D. Functional zones are the building blocks for security policies.


Answer : C

Click the Exhibit button.


Referring to the exhibit, which statement is true?

  • A. TCP packets entering the interface are failing the TCP sequence check.
  • B. Packets entering the interface are being dropped due to a stateless filter.
  • C. Packets entering the interface are gettingdropped because there is no route to the destination.
  • D. Packets entering the interface matching an ALG are getting dropped.


Answer : C

You must verify if destination NAT is actively being used by users connecting to an internal server from the Internet.
Which action will accomplish this task on an SRX Series device?

  • A. Examine the destination NAT translations table.
  • B. Examine the installed routes in the packet forwarding engine.
  • C. Examine the NAT translation table.
  • D. Examinethe active security flow sessions.


Answer : A

What is the function of redundancy group 0 in a chassis cluster?

  • A. Redundancy group 0 identifies the node controlling the cluster management interface IP addresses.
  • B. The primary node for redundancy group 0 identifies the first member node in a chassis cluster.
  • C. The primary node for redundancy group 0 determines the interface naming for all chassis cluster nodes.
  • D. The node on which redundancy group 0 is primary determineswhich Routing Engine is active in the cluster.


Answer : D

You have configured source NAT with port address translation. You also need to guarantee that the same IP address is assigned from the source NAT pool to a specific host for multiple concurrent sessions.
Which NAT parameter would meet this requirement?

  • A. port block-allocation
  • B. port range twin-port
  • C. address-persistent
  • D. address-pooling paired


Answer : D

Which SRX5400 component is responsible for performing first pass security policy inspection?

  • A. Routing Engine
  • B. Switch Control Board
  • C. Services Processing Unit
  • D. Modular Port Concentrator


Answer : C

Click the Exhibit button.


Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.3 using HTTP?

  • A. The client will be denied by policy p2.
  • B. The client will be permitted by the global policy.
  • C. The client will be permitted by policy p1.
  • D. The client will be denied by policy p3.


Answer : C

You are changing the default vCPU allocation on a vSRX.
How are the additional vCPUs allocated in this scenario?

  • A. The vCPU are allocated equally across the Junos control plane and packet forwarding engine.
  • B. One dedicated vCPU is allocated for the Junos control plane and the remaining vCPUs for the packet forwardingengine.
  • C. One dedicated vCPU is allocated for the packet forwarding engine, one for the Junos control plane, and the remaining vCPUs are equally balanced.
  • D. One dedicated vCPU is allocated for the packet forwarding engine and the remaining vCPUs for theJunos plane.


Answer : B

Page:    1 / 5   
Exam contains 64 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.