Download Security, Expert (JNCIE-SEC).JPR-934.VCEplus.2021-06-25.61q.vcex

Vendor: Juniper
Exam Code: JPR-934
Exam Name: Security, Expert (JNCIE-SEC)
Date: Jun 25, 2021
File Size: 358 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. 
There are currently 120 Web servers running Windows Server and are contained in an Organizational Unit (OU) named ABC_WebServers ABC.com management took a decision to uABCrade all Web servers to Windows Server. You disable all services on the Web servers that are not required. 
After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server.  
How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? (Choose two.)
  1. Set up a GPO that will change the startup type for the services to Automatic.
  2. By linking the GPO to the ABC_WebServers OU.
  3. Set up a GPO with the Hisecws.inf security template imported into the GPO.
  4. By linking the GPO to the domain.
  5. Set up a GPO in order to set the startup type of the redundant services to Disabled.
  6. By linking the GPO to the Domain Controllers OU.
  7. Set up a GPO in order to apply a startup script to stop the redundant services.
Correct answer: BE
Question 2
You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. 
To this end you operate by testing new application deployment in a test environment prior to deployment on the production network.  
The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. 
Further requirements of this application also include shared folders and installation of software on client computers. 
You install the application on a Windows Server Web Edition computer and install the application on 30 test client computers.  
During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. 
You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application. How would you ensure that all client computers can connect to the server and run the application?
  1. By running a second instance of the application on the server.
  2. By increasing the Request Queue Limit on the Default Application Pool.
  3. By modifying the test server operating system to Window Server Standard Edition.
  4. By increasing the amount of RAM in the server to 4GB.
Correct answer: C
Question 3
The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server.  
ABC.com contains a Development department. ABC.com contains a domain controller named ABC-SR24 which is also configured as a DNS Server. 
A ABC.com employee named Clive Wilson works in the Development department. 
One morning Clive Wilson complains that he cannot connect to another network server.  
During investigation, you notice that nslookup queries sometimes take a long time and sometimes fail altogether.  
You suspect that there is a problem with ABC-SR24.   
How would you configure monitoring on ABC-SR24 so that you can review individual name resolution queries?
  1. Use System Monitor to monitor host resolution queries on ABC-SR24.
  2. Use Event Viewer to view the DNS event log on ABC-SR24.
  3. Select the Log packets for debugging option on the Debug Logging tab in the DNS server properties on ABC-SR24.
  4. Use Network Monitor to capture DNS query packets on ABC-SR24.
Correct answer: C
Question 4
You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. 
The ABC.com network contains a DMZ that contains a two-node Network 
Load Balancing cluster, which is located in a data centre that is physically impenetrable to unauthorized persons.  
The cluster servers run Windows Server Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.  
What can you do to mitigate the cluster’s most obvious security vulnerability?
  1. Configure the cluster to require IPSec.
  2. Configure the network cards to use packet filtering on all inbound traffic to the cluster.
  3. Use EFS on the server hard disks.
  4. Configure intrusion detection the servers on the DMZ.
  5. Configure Mac addressing on the servers in the DMZ.  
Correct answer: B
Question 5
You are working for an administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. 
All the servers on the network run Windows Server servers. You have configured four servers in a network load balancing cluster. 
You need to enable the cluster in unicast mode although each server only has one network card. After your configuration, the NLB cluster has successfully converged.  
You discover that you can optimize the use of the cluster by moving a specific application to each node of the cluster. 
However for this application to execute, all the nodes of the cluster must be configured by a Network Load Balancing Port Rule.  
When you open Network Load Balancing Manager on one of the NLB nodes, you receive a message saying that Network Load Balancing Manager is unable to see the other nodes in the cluster. How can you add a port rule to the cluster nodes?
  1. By opening Network Load Balancing Manager on a different host.
  2. By creating an additional virtual IP address on the cluster.
  3. By modifying the Network Connection Properties on every host.
  4. By removing each host from the cluster before creating the port rule.
Correct answer: C
Question 6
The ABC.com network consists of a single Active Directory domain named ABC.com. All computers on the ABC.com network are members of the ABC.com domain.  
You install a new server named ABC-CA1 and configure it as a Certification Authority for the ABC.com domain.  
How would you enable an Active Directory global group named CA-Admins to issue, revoke and approve certificates without assigning more permissions than necessary?
  1. Make the CA-Admins group also members of the Domain Admins group in the domain.
  2. Make the CA-Admins group also members of the local Administrators group on ABC-CA1.
  3. Grant the CA-Admins group Full Control permission to the Certificated Template container in the Active Directory.
  4. Make the CA-Admins group members of the Cert Publishers group in Active Directory.
  5. Grant the Certificate Managers role to the CA-Admins group.
Correct answer: E
Question 7
The ABC.com network consists of a single Active Directory domain named ABC.com.  
You want to improve the security on the Windows Server domain controllers by configuring enahnced password policies and audit settings.  
Which security template should you apply to the domain controllers?
  1. Setup security.inf.  
  2. Hisecws.inf.
  3. DC security.inf.
  4. Securews.inf.
  5. Securedc.inf.
  6. Compatws.inf.
  7. Rootsec.inf.
Correct answer: E
Question 8
The ABC.com network consists of a single Active Directory domain named ABC.com. ABC.com has its headquarters in Chicago and several branch offices at various locations throughout the country. All servers on the ABC.com network run Windows Server.  
You are in the process of configuring a VPN connection between the Chicago office and a branch office in Dallas using Windows Server computers running Routing and Remote Access (RRAS).  
A ABC.com written security policy states that the requirements below must be met: 
  • Data transmitted over the VPN must be encrypted with end to end encryption.  
  • The VPN connection authentication should be at the computer level rather than at user level and with no credential information transmitted over the internet.
How should you configure the VPN? (Choose two.)
  1. Use a PPTP connection.
  2. Use EAP-TLS authentication.
  3. Use a PPP connection.
  4. Use MS-CHAP v2 authentication. 
  5. Use MS-CHAP authentication.
  6. Use PAP authentication.
  7. Use an L2TP/IPSec connection.
Correct answer: BG
Question 9
The ABC.com network consists of a single Active Directory domain named ABC.com.  
You deploy an enterprise certification authority (CA) on a Windows Server computer named ABC-CA1. 
The primary purpose of the CA is issue company users with digital certificates to enable them to authenticate with the new company Intranet website.  
You create a new certificate template named Web Authentication. You enable the Web Authentication certificate template on ABC-CA1 and configure the default domain group policy so that users who log on to the domain receive a Web Authentication certificate.  
The following morning users complain that they do not have certificates which can be used to authenticate to the Intranet Web site.  
How can you ensure the users are issued with a certificate?
  1. By configuring ABC-CA1 to be an Enterprise Subordinate CA of a public CA such as Verisign.
  2. By modifying the permissions of the Web Authentication certificate template to give the Domain Users group the Allow – Autoenroll permission.
  3. By adding your Domain Admin user account to the Cert Managers group in Active Directory.
  4. By configuring the Default Domain Controllers GPO to assign the certificates to users when they log on.  
Correct answer: B
Question 10
The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server. 
The ABC.com network also contains a file server named ABC-SR10.  
A ABC.com user named Rory Allen complains that when connecting to ABC-SR10, it often takes quite some time to respond. 
Other users report the same problem. Your investigations reveal that the network interface on ABC-SR10 has a large load during times when the server is slow to respond. 
You suspect that one of the network computers is causing the problem.  
How would you identify the problematic machine?
  1. By examining the event logs on ABC-SR10.
  2. By viewing the Local Area Connection status on ABC-SR10.
  3. By using Network Monitor to inspect the network traffic on the client computers.
  4. By using System Monitor to inspect the performance monitor counters on ABC-SR10.
  5. By examining the event logs on the client computers.
  6. By using System Monitor to inspect the performance monitor counters on the client computers.
  7. By using Network Monitor to inspect the network traffic on ABC-SR10.
Correct answer: G
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!