多选题Which three functions are provided by JUNOS Software for security platforms？（）AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels （Layer 4 and above）

第1题：

Which statement is true regarding proxy ARP？（）

• A、Proxy ARP is enabled by default on stand-alone JUNOS security devices.
• B、Proxy ARP is enabled by default on chassis clusters.
• C、JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.
• D、JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled

第2题：

Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router？（）

• A、JUNOS Software for security platforms supports NAT and PAT； a traditional router does not support NAT or PAT.
• B、JUNOS Software for security platforms does not forward traffic by default； a traditional router forwards traffic by default.
• C、JUNOS Software for security platforms uses session-based forwarding； a traditional router uses packet-based forwarding.
• D、JUNOS Software for security platforms performs route lookup for every packet； a traditional router performs route lookup only for the first packet.

第3题：

You are responsible for increasing the security within the Company LAN. Of the following choices  listed below，  which is true regarding layer 2 security and mitigation techniques？ （）

• A、 Enable root guard to mitigate ARP address spoofing attacks.
• B、 Configure DHCP spoofing to mitigate ARP address spoofing attacks.
• C、 Configure PVLANs to mitigate MAC address flooding attacks.
• D、 Enable root guard to mitigate DHCP spoofing attacks.
• E、 Configure dynamic APR inspection （DAI） to mitigate IP address spoofing on DHCP untrusted  ports.
• F、 Configure port security to mitigate MAC address flooding  
• G、 None of the other alternatives apply

第4题：

Which three statements are true about DAI？（）

• A、DAI intercept all ARP packets on untrusted ports
• B、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.
• C、DAI is used to prevent against a DHCP Snooping attack.
• D、DAI forwards all ARP packets received on a trusted interface without any checks.
• E、DAI forwards all ARP packets on untrusted ports.
• F、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.

第5题：

Which two statements are true regarding proxy ARP？（）

• A、Proxy ARP is enabled by default.
• B、Proxy ARP is not enabled by default.
• C、JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.
• D、JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled

第6题：

Which three functions are provided by the Junos OS for security platforms?（）(Choose three.)

• A、VPN establishment
• B、stateful ARP lookups
• C、Dynamic ARP inspection
• D、Network Address Translation
• E、inspection of packets at higher levels (Layer 4 and above)

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Which statement is true regarding the Junos OS?（）

• A、All platforms running the Junos OS separate the functions of learning and flooding.
• B、All platforms running the Junos OS separate the functions of control and forwarding.
• C、All platforms running the Junos OS separate the functions of routing and bridging.
• D、All platforms running the Junos OS separate the functions of management and routing.

第14题：

Which three statements are true regarding IDP？（）

• A、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options，zones， and security policy.
• B、IDP inspects traffic up to the Application layer.
• C、IDP searches the data stream for specific attack patterns.
• D、IDP inspects traffic up to the Presentation layer.
• E、IDP can drop packets， close sessions， prevent future sessions， and log attacks for review by network administrators when an attack is detected.

第15题：

The Company security administrator is concerned with layer 2 network attacks.  Which two  statements about these attacks are true？ （）

• A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a  false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
• B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  message with a forged identity to a transmitting host.
• C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
• D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  packet that contains the forged address of the next hop router.
• E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port  with all MAC addresses in the VLAN.

第16题：

Which two statements are true regarding IDP？（）

• A、IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options，zones， and security policy.
• B、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options， zones， and security policy.
• C、IDP inspects traffic up to the Presentation layer.
• D、IDP inspects traffic up to the Application layer.

第17题：

What are three functions associated with JUNOS software class of service?（）

• A、Log incoming traffic.
• B、Classify incoming packets.
• C、Manage outbound bandwidth.
• D、Manage congestion by intelligently dropping traffic.
• E、Classify ATM QoS packets into an equivalent IP CoS environment.

第18题：

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：