ExamGecko
Search Search Login
Home Home / Juniper / JN0-351
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Exhibit. You are using OSPF to advertise the subnets that are used by the Denver and Dallas offices. The routers that are directly connected to the Dallas and Denver subnets are not advertising the connected subnets. Referring to the exhibit, which two statements are correct? (Choose two.)
What is the default keepalive time for BGP?
Which statement about aggregate routes is correct?
In RSTP, which three port roles are associated with the discarding state? (Choose three.)
Exhibit. You want to verify prefix information being sent from 10.36.1.4. Which two statements are correct about the output shown in the exhibit? (Choose two.)
Exhibit. The ispi _ inet. 0 route table has currently no routes in it. What will happen when you commit the configuration shown on the exhibit?
Exhibit Which command displays the output shown in the exhibit?
An update to your organization's network security requirements document requires management traffic to be isolated in a non-default routing-instance. You want to implement this requirement on your Junos-based devices. Which two commands enable this behavior? (Choose two.)
You have DHCP snooping enabled but no entries are automatically created in the snooping database for an interface on your EX Series switch. What are two reasons for the problem? (Choose two.)
You are a network operator who wants to add a second ISP connection and remove the default route to the existing ISP You decide to deploy the BGP protocol in the network. What two statements are correct in this scenario? (Choose two.)

Question 36 - JN0-351 discussion

Report
Export

You are concerned about spoofed MAC addresses on your LAN.

Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)

A.
dynamic ARP inspection
Answers
A.
dynamic ARP inspection
B.
IP source guard
Answers
B.
IP source guard
C.
DHCP snooping
Answers
C.
DHCP snooping
D.
static ARP
Answers
D.
static ARP
Suggested answer: A, C

Explanation:

Ais correct because dynamic ARP inspection (DAI) is a Layer 2 security feature that prevents ARP spoofing attacks. ARP spoofing is a technique that allows an attacker to send fake ARP messages to associate a spoofed MAC address with a legitimate IP address. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks.DAI validates ARP packets by checking the source MAC address and IP address against a trusted database, which is usually built by DHCP snooping1.DAI discards any ARP packets that do not match the database or have invalid formats1.

Cis correct because DHCP snooping is a Layer 2 security feature that prevents DHCP spoofing attacks. DHCP spoofing is a technique that allows an attacker to act as a rogue DHCP server and offer fake IP addresses and other network parameters to unsuspecting clients. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DHCP snooping filters DHCP messages by classifying switch ports as trusted or untrusted.Trusted ports are allowed to send and receive any DHCP messages, while untrusted ports are allowed to send only DHCP requests and receive only valid DHCP replies from trusted ports2.DHCP snooping also builds a database of MAC addresses, IP addresses, lease times, and binding types for each client2.

Show Answer
asked 18/09/2024
Roberto Garavaglia
45 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms