Security, Professional (JNCIP-SEC) v1.0

Page:    1 / 7   
Exam contains 93 questions
Expand All

Click the Exhibit button.

Which two statements are correct about the output shown in the exhibit? (Choose two.)

  • A. The data shown requires a traceoptions flag of host-traffic.
  • B. The data shown requires a traceoptions flag of basic-datapath.
  • C. The packet is dropped by a configured security policy.
  • D. The packet is dropped by the default security policy.


Answer : CD

Which role does an SRX Series device play in a DS-Lite deployment?

  • A. softwire concentrator
  • B. softwire initiator
  • C. STUN client
  • D. STUN server


Answer : A

Which two statements are true when setting up an SRX Series device to operate in mixed mode? (Choose two.)

  • A. A physical interface can be configured to be both a Layer 2 and a Layer 3 interface at the same time.
  • B. The SRX must be rebooted after configuring at least one Layer 3 and one Layer 2 interface.
  • C. Packets from Layer 2 interfaces are switched within the same bridge domain.
  • D. User logical systems support Layer 2 traffic processing.


Answer : AC

Click the Exhibit button.

You have deployed an SRX Series device as shown in the exhibit. The devices in the Local zone have recently been added but their SRX interfaces have not been configured. You must configure the SRX to meet the following requirements: devices in the 10.1.1.0/24 network can communicate with other devices in the same network, but not with other networks or the SRX. you must be able to apply security policies to traffic flows between devices in the Local zone.
Which three configuration elements will be required as part of your configuration? (Choose three.)

  • A. set protocols 12-learning global-mode switching
  • B. set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-members 10
  • C. set security zones security-zone Local interfaces ge-0/0/1.0
  • D. set protocols 12-learning global-mode transparent-bridge
  • E. set security zones security-zone Local interfaces irb.10


Answer : BCE

Click the Exhibit button.

Referring to the exhibit, in which mode is the SRX Series device?

  • A. transparent
  • B. packet
  • C. mixed
  • D. Ethernet switching


Answer : A

You are asked to connect two hosts that are directly connected to an SRX Series device. The traffic should flow unchanged as it passes through the SRX, and routing or switch lookups should not be performed. However, the traffic should still be subjected to security policy checks.
What will provide this functionality?

  • A. transparent mode
  • B. secure wire
  • C. MACsec
  • D. mixed mode


Answer : A

How does an SRX Series device examine exception traffic?

  • A. The device examines the host-outbound traffic for the ingress interface and zone.
  • B. The device examines the host-inbound traffic for the ingress interface and zone.
  • C. The device examines the host-outbound traffic for the egress interface and zone.
  • D. The device examines the host-inbound traffic for the egress interface and zone.


Answer : B

Click the Exhibit button.

Referring to the exhibit, what do you use to dynamically secure traffic between the Azure and AWS clouds?

  • A. You can dynamically secure traffic between the clouds by using security tags in the security policies.
  • B. You can dynamically secure traffic between the clouds by using URL filtering in the security policies.
  • C. You can dynamically secure traffic between the clouds by using user identities in the security policies.
  • D. You can dynamically secure traffic between the clouds by using advanced connection tracking in the security policies.


Answer : A

Click the Exhibit button.

You have configured a CoS-based VPN that is not functioning correctly.
Referring to the exhibit, which action will solve the problem?

  • A. You must change the loss priorities of the forwarding classes to low.
  • B. You must delete one forwarding class.
  • C. You must change the code point for the DB-data forwarding class to 10000.
  • D. You must use inet precedence instead of DSCP.


Answer : C

You configure two Ethernet interfaces on your SRX Series device as Layer 2 interfaces and add them to the same VLAN. The SRx is using the default 12-learning setting. You do not add the interfaces to a security zone.
Which two statements are true in this scenario? (Choose two.)

  • A. You cannot add Layer 2 interfaces to a security zone.
  • B. You are unable to apply stateful security features to traffic that is switched between the two interfaces.
  • C. The interfaces will not forward traffic by default.
  • D. You are able to apply stateful security features to traffic that enters and exits the VLAN.


Answer : BD

You are enabling advanced policy-based routing. You have configured a static route that has a next hop from the inet0 routing table. Unfortunately, this static route is not active in your routing instance.
In this scenario, which solution is needed to use this next hop?

  • A. Use filter-based forwarding.
  • B. Use policies.
  • C. Use RIB groups.
  • D. Use transparent mode.


Answer : C

Click the Exhibit button.

Referring to the exhibit, which statement is true?

  • A. SRG1 is configured in hybrid mode.
  • B. The ICL is encrypted.
  • C. If SRG1 moves to peer 2, peer 1 will forward packets sent to the SRG1 interfaces.
  • D. If SRG1 moves to peer 2, peer 1 will drop packets sent to the SRG1 interfaces.


Answer : D

Click the Exhibit button.

Host A shown in the exhibit is attempting to reach the Web1 webserver, but the connection is failing. Troubleshooting reveals that when Host A attempts to resolve the domain name of the server (web.acme.com), the request is resolved to the private address of the server rather than its public IP.
Which feature would you configure on the SRX Series device to solve this issue?

  • A. double NAT
  • B. STUN protocol
  • C. DNS doctoring
  • D. persistent NAT


Answer : C

Your IPsec tunnel is configured with multiple security associations (SAs). Your SRX Series devices supports the CoS-based IPsec VPNs with multiple IPsec SAs feature. You are asked to configure CoS for this tunnel.
Which two statements are true in this scenario? (Choose two.)

  • A. A maximum of four forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.
  • B. The local and remote gateways do not need the forwarding classes to be defined in the same order.
  • C. A maximum of eight forwarding classes can be configured for a VPN with the –multi-sa forwarding-classes– statement.
  • D. The local and remote gateways must have the forwarding classes defined in the same order.


Answer : CD

You have deployed an SRX Series device at your network edge to secure Internet-bound sessions for your local hosts using source NAT. You want to ensure that your users are able to interact with applications on the Internet that require more than one TCP session for the same application session.
Which two features would satisfy this requirement? (Choose two.)

  • A. persistent NAT
  • B. address persistence
  • C. STUN
  • D. double NAT


Answer : AB

Page:    1 / 7   
Exam contains 93 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy