Which three functions are provided by JUNOS Software for security platforms?()A、VPN establishmentB、stateful ARP lookupsC、Dynamic ARP inspectionD、Network Address TranslationE、inspection of packets at higher levels (Layer 4 and above)
Which three functions are provided by JUNOS Software for security platforms?()
- A、VPN establishment
- B、stateful ARP lookups
- C、Dynamic ARP inspection
- D、Network Address Translation
- E、inspection of packets at higher levels (Layer 4 and above)
相关考题:
Which three functions are provided by the Junos OS for security platforms?()(Choose three.) A. VPN establishmentB. stateful ARP lookupsC. Dynamic ARP inspectionD. Network Address TranslationE. inspection of packets at higher levels (Layer 4 and above)
A traditional router is better suited than a firewall device for which function? () A. VPN establishmentB. packet-based forwardingC. stateful packet processingD. network address translation
Which three mechanisims support the forwarding plane of a Layer 3 VPN in JUNOS software? () A. MPLS LSPB. ATM tunnelC. GRE tunnelD. IPSEC tunnelE. L2TPv3 session
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.
Which of the following would be BEST to use when identifying HTTP traffic running on TCP port53?()A、Network layer firewallB、Stateful inspection firewallC、Zone aware firewallD、Application layer firewall
Which statement is true regarding proxy ARP?()A、Proxy ARP is enabled by default on stand-alone JUNOS security devices.B、Proxy ARP is enabled by default on chassis clusters.C、JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.D、JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled
Which statement is true regarding the Junos OS?()A、All platforms running the Junos OS separate the functions of learning and flooding.B、All platforms running the Junos OS separate the functions of control and forwarding.C、All platforms running the Junos OS separate the functions of routing and bridging.D、All platforms running the Junos OS separate the functions of management and routing.
A traditional router is better suited than a firewall device for which function?()A、VPN establishmentB、packet-based forwardingC、stateful packet processingD、Network Address Translation
Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()A、JUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.B、JUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default.C、JUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding.D、JUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet.
Which three statements are true regarding IDP?()A、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.B、IDP inspects traffic up to the Application layer.C、IDP searches the data stream for specific attack patterns.D、IDP inspects traffic up to the Presentation layer.E、IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
You are responsible for increasing the security within the Company LAN. Of the following choices listed below, which is true regarding layer 2 security and mitigation techniques? ()A、 Enable root guard to mitigate ARP address spoofing attacks.B、 Configure DHCP spoofing to mitigate ARP address spoofing attacks.C、 Configure PVLANs to mitigate MAC address flooding attacks.D、 Enable root guard to mitigate DHCP spoofing attacks.E、 Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.F、 Configure port security to mitigate MAC address flooding G、 None of the other alternatives apply
On a Company switch named R1 you configure the following: iparp inspection vlan 10-12, 15 What is the purpose of this global configuration command made on R1?()A、 Discards ARP packets with invalid IP-to-MAC address bindings on trusted portsB、 Validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15C、 Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindingsD、 Intercepts all ARP requests and responses on trusted portsE、 None of the other alternatives apply
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
Which three statements are true about DAI?()A、DAI intercept all ARP packets on untrusted portsB、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.C、DAI is used to prevent against a DHCP Snooping attack.D、DAI forwards all ARP packets received on a trusted interface without any checks.E、DAI forwards all ARP packets on untrusted ports.F、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
In JUNOS software, unclassified packets are associated with which forwarding class?()A、network controlB、best effortC、assured forwardingD、expedited forwarding
Which three JUNOS software features allow for increased security on your network?()A、firewall filtersB、data encryptionC、routing protocol authenticationD、support for BGP path mtu discoveryE、automatic discovery for IPSEC neighbors
Which two statements are true regarding proxy ARP?()A、Proxy ARP is enabled by default.B、Proxy ARP is not enabled by default.C、JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.D、JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled
Which three functions are provided by the Junos OS for security platforms?()(Choose three.)A、VPN establishmentB、stateful ARP lookupsC、Dynamic ARP inspectionD、Network Address TranslationE、inspection of packets at higher levels (Layer 4 and above)
Which three mechanisims support the forwarding plane of a Layer 3 VPN in JUNOS software? ()A、MPLS LSPB、ATM tunnelC、GRE tunnelD、IPSEC tunnelE、L2TPv3 session
多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)
多选题Which three mechanisims support the forwarding plane of a Layer 3 VPN in JUNOS software? ()AMPLS LSPBATM tunnelCGRE tunnelDIPSEC tunnelEL2TPv3 session
单选题On a Company switch named R1 you configure the following: iparp inspection vlan 10-12, 15 What is the purpose of this global configuration command made on R1?()A Discards ARP packets with invalid IP-to-MAC address bindings on trusted portsB Validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15C Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindingsD Intercepts all ARP requests and responses on trusted portsE None of the other alternatives apply
单选题The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B Port scanners are the most effective defense against dynamic ARP inspection.C MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E DHCP snooping sends unauthorized replies to DHCP queries.F ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G None of the other alternatives apply.
多选题Which three functions are provided by the Junos OS for security platforms?()(Choose three.)AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)
多选题Which three JUNOS software features allow for increased security on your network?()Afirewall filtersBdata encryptionCrouting protocol authenticationDsupport for BGP path mtu discoveryEautomatic discovery for IPSEC neighbors
多选题Which three statements are true about DAI?()ADAI intercept all ARP packets on untrusted portsBDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.CDAI is used to prevent against a DHCP Snooping attack.DDAI forwards all ARP packets received on a trusted interface without any checks.EDAI forwards all ARP packets on untrusted ports.FDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
单选题Which statement is true regarding proxy ARP?()AProxy ARP is enabled by default on stand-alone JUNOS security devices.BProxy ARP is enabled by default on chassis clusters.CJUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.DJUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled