You are designing a data center security solution for a customer. The customer asks that you provide a DDoS solution. Several IPsec tunnels will be terminated at the data center gateway.
Which type of security is your customer asking you to implement?
A. compliance
B. segmentation
C. intra-data center policy enforcement
D. perimeter protection
正解:D
質問 2:
You are designing a data center security architecture. The design requires automated scaling of security services according to real-time traffic flows.
Which two design components will accomplish this task? (Choose two.)
A. VNF security devices deployed on x86 servers
B. telemetry with an SDN controller
C. JFlow traffic monitoring with event scripts
D. VRF segmentation on high-capacity physical security appliances
正解:B,C
質問 3:
You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites. Which feature will secure the traffic?
A. OSPF
B. IPsec
C. BFD
D. GRE
正解:B
質問 4:
You work for an ISP that wants to implement remote-triggered black hole (RTBH) filters.
What are three considerations in this scenario? (Choose three.)
A. Source RTBH can block legitimate traffic on the network
B. Destination RTBH essentially completes the attack on the victim's IP
C. BGP FlowSpec improves the RTBH model by implementing dynamic firewall filters
D. Destination RTBH requires uRPF to be implemented on the service provider's network edge
E. Source RTBH requires uRPF to be implemented on the service provider's network core
正解:A,C,E
質問 5:
Policy Enforcer provides which benefit?
A. command and control protection
B. log management
C. centralized management of security devices
D. IPsec encryption
正解:C
質問 6:
You are required to design a university network to meet the conditions shown below.
* Users connected to the university network should be able to access the Internet and the research department lab network.
* The research department lab network should not be able to reach the Internet.
Which three actions satisfy the design requirements? (Choose three.)
A. Use the default deny security policy for the research lab
B. Use a static NAT rule between the internal zones for the research lab
C. Use separate security zones for each department
D. Use a global deny security policy for the research lab
E. Use a global permit policy for Internet traffic
正解:C,D,E
Tajima -
おお ありがとうございます!
Pass4Testの問題集は助かりました。JN0-1331の本場試験に合格致しました。