[Free] 2018(Jan) EnsurePass Braindumps Juniper JN0-1330 Dumps with VCE and PDF 21-30

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-1330
100% Free Download! 100% Pass Guaranteed!

Security Design, Specialist (JNCDS-SEC)

Question No: 21

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

You are asked to provide a proposal for security elements in the service provider network shown in the exhibit. You must provide DDoS protection for Customer A from potential upstream attackers.

Which statements is correct in this scenario?

  1. You should implement DDoS protection on R4, R5 and R6

  2. You should implement DDoS protection on R1 and R6.

  3. You should implement DDoS protection on R1.

  4. You should implement DDoS protection on R2 and R3

Answer: A

Question No: 22

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

Referring to the network shown in the exhibit, a SYN flood attacks is initiated by an attacker that has a public IP address from ISP B within the prefix The attacker Is sending SYN packets to the victim, connected to ISP A, with destination address of using spoofed source addresses at random from the 192 1680.0/16 prefix.

Which two design best practices would prevent this attack from working? (Choose two)

  1. ISP A should implement an ingress firewall filler on router R2 lo discard traffic originating from the prefix

  2. ISP A should implement an ingress firewall filer on router R3 to discard traffic originating from the 192. 168.0.0/16,172 16.0.0/12, and prefixes

  3. ISP A should implement an ingress firewall filter on router R3 to discard traffic originating from the200.200.10.0/24 prefix

  4. ISP B should implement an ingress firewall filer on the router R5 interface connecting to the attacker that discards packets with a source address not matching the 200.200.10 0/24 prefix.

Answer: B,D

Question No: 23

Your customer is purchasing another company. They must establish communication between the two corporate networks, which use an overlapping IPv4 address space. The customer knows they must deploy some of Network Address Translation (NAT).

  1. destination

  2. source

  3. persistent

  4. static

Answer: D

Question No: 24

An auditor reviewed your company#39;s firewall configurations and is requiring that IPsec VPN connections must not expose IKE identities during IKE negotiations Which two methods satisfy this requirement? (Choose two)

  1. Use main mode for the IKE policy.

  2. Use aggressive mode for the IKE policy.

  3. Use IKEv2 instead of IKEvI.

  4. Configure GRE over IPsec.

Answer: A

Question No: 25

You are asked to implement a new application to share documents with trusted external organizations while minimizing the risk of an attack that would enable access to other enterprise systems.

In this scenario, which two locations would you recommend to deploy the application? (Choose two)

  1. public cloud

  2. management VLAN

  3. enterprise LAN

  4. enterprise DMZ

Answer: A,D

Question No: 26

Which three methods secure the payload across the WAN? (Choose three.)

  1. leased-line service utilizing routing protocol authentication.

  2. J r group VPN sever Layer 3 VPN service

  3. iPsec tunneling over leased-line service

  4. 802.1X-enabled Internet gateway

  5. GRE over IPsec tunneling

Answer: B,C,E

Question No: 27

Click the Exhibit.

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Your customer needs to make Server#39;s HTTP service and Server2#39;s SMTP service available to the internet behind a single public IP address. Referring to the exhibit, which type of NAT will satisfy the customer requirement?

  1. persistent

  2. destination

  3. source

  4. static

Answer: B

Question No: 28

You are designing a WAN solution for a small service provider. The service their customers.

Which two solutions should you include in your proposal? (Choose two.)

  1. BGP flowspec

  2. remote triggered back hole

  3. intrusion prevent en system

  4. unified threat management

Answer: A,B

Question No: 29

You are asked to provide user-based network access through an SRX Series device The implementation must use Active Directory credentials for user account validation

Which two solutions satisfy these requirements? (Choose two )

  1. TACACS authentication

  2. Unified Access Control

  3. firewall authentication

  4. integrated user firewall

Answer: D

Question No: 30

You ate designing the security improvements needed to protect an Application that your company is about to deploy The only traffic that the application can receive is valid HTTP traffic on TCP port 8080 that was inspected for Application Layer attacks.

Which three SRX Series device features will satisfy the requirements#39;? (Choose three)

  1. intrusion prevention system

  2. AppSecure

  3. screens

  4. security policy

  5. antivirus

Answer: A,B,D

100% Ensurepass Free Download!
Download Free Demo:JN0-1330 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-1330 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.