Jump to content

Thundercats

Members
  • Content Count

    85
  • Joined

  • Last visited

Community Reputation

271 Excellent

About Thundercats

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling
  • Location
    CCIE World
  1. Found below torrent by google search and includes ver 16.3.2 plus others. Torrent is working but I haven't tested any images. [hide][Hidden Content]]
  2. Thanks for posting the torrent. I am unable to unrar "CEHv10 Lab Prerequisites" as part of the torrent it keep on saying files are missing... Can someone separately upload this...
  3. Can Anyone share KB Work book please
  4. Can someone please upload 17.2 qcow2 image again... Thanks
  5. Hi Mahbub808, I still thinks there are some Questions which require correction or discussion. I will post them below: Q6 Refer to exhibit: Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.111 using HTTP? A. The client will be denied by policy p2. B. The client will be denied by policy p1. C. The client will be permitted by policy p2. D. The client will be permitted by policy p1. Correct Answer: D Correct Answer should be C as in policy P1, the destination-address-excluded is used which means those addresses in address-book dns-svrs will be bi-pased from the match Q7 Refer to the exhibit: Which feature is enabled with destination NAT as shown in the exhibit? A. NAT overload B. block allocation C. port translation D. NAT hairpinning Correct Answer: D I think the answer is C port translation as with NAT hairpinning we translate both source and destination IP addresses. Q13 Refer to exhibit: You have configured NAT on your network so that Host A can communicate with Server B. You want to ensure that Host C can initiate communication with Host A using Host A’s reflexive address. Referring to the exhibit, which parameter should you configure on the SRX Series device to satisfy this requirement? A. Configure persistent NAT with the target-host parameter. B. Configure persistent NAT with the target-host-port parameter. C. Configure persistent NAT with the any-remote-host parameter. D. Configure persistent NAT with the port-overloading parameter. Correct Answer: A I think asnwer should be C Target host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external host’s IP address. Any remote host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. Any external host can send a packet to the internal host by sending the packet to the reflexive transport address. There is no mentioning in the question that "The internal host must have previously sent a packet to the external host’s IP address." Q27 Refer to exhibit: Users at a remote office are unable to access an FTP server located at the remote corporate data center as expected. The remote FTP server is listening on the non-standard TCP port 2121. Referring to the exhibit, what is causing the problem? A. The FTP clients must be configured to listen on non-standard client ports for the FTP data channel negotiations to succeed. B. Two custom FTP applications must be defined to allow bidirectional FTP communication through the SRX Series device. C. The custom FTP application definition does not have the FTP ALG enabled. D. A new security policy must be defined between the untrust and trust zones. Correct Answer: D According to me Correct answer should be C as FTP ALG needed to be enabled as below: applications { + application custom-ftp { + application-protocol ftp; + destination-port 2121; + } + } Withouft FTP ALG how would SRX knows for which type of traffic port 2121 will be used ? QUESTION 38 A link from the branch SRX Series device chassis cluster to the Internet requires more bandwidth. In this scenario, which command would you issue to begin provisioning a second link? A. set chassis cluster reth-count 2 B. set interfaces fab0 fabric-options member-interfaces ge-0/0/1 C. set interfaces ge-0/0/1 gigether-options redundant-parent reth1 D. set chassis cluster redundancy-group 1 node 1 priority 1 Correct Answer: B Shouldnt the answer be C to add another link to reth1 Q39 Refer to exhibit: Referring to the exhibit, what does proxy ARP allow? A. the internal network to ARP for the internal address of the server B. the external network to ARP for the internal address of the server C. the internal network to ARP for the public address of the server D. the external network to ARP for the public address of the server Correct Answer: A Ans should be D as external network need to do ARP for ip 1.1.1.200/32 which is on external interface. Q66 Refer to exhibit: A. Interface ge-0/0/0 will not accept SSH connections. B. Interfaces ge-0/0/0.0 and ge-0/0/1.0 will allow SSH connections. C. Interface ge-0/0/0.0 will respond to pings. D. Interface ge-0/0/1.0 will respond to pings. Correct Answer: BD Answer should be B and C D is incorrect because D has interface based host-inbound-traffic specified which will take precedence over zone-based so it only allow ssh not pings. On the other hand ge-0/0/0.0 don't have any interface specfic host-inbound-traffic so it will inherit from the zone. QUESTION 69 What are the maximum number of supported interfaces on a vSRX hosted in a VMware environment? A. 12 B. 3 C. 10 D. 4 Dumps says Answer is A. Do we have any reference that 12 interfaces are supported in VMWARE environment. According toe below link 10Vnics are supported: [Hidden Content] QUESTION 71 Click the Exhibit button. You are configuring an OSPF session between two SRX Series devices. The session will not come up. Referring to the exhibit, which configuration change will solve this problem? A. Configure a loopback interface and add it to the trust zone. B. Configure the host-inbound-traffic protocols ospf parameter in the trust security zone. C. Configure the application junos-ospf parameter in the allow-trusted-traffic security policy. D. Configure the host-inbound-traffic system-services any-service parameter in the trust security zone. Correct Answer: A Correct answer should be B as we need to allow host-inbound-traffic protocols ospf for ospf to work QUESTION 70 Click the Exhibit button. You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172.25.11.0/24 subnet to the Internet. You create a policy named permit – http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit. Which two actions would correct the error? (Choose two.) A. Create a custom application named http at the [edit applications] hierarchy. B. Execute the Junos commit full command to override the error and apply the configuration. C. Modify the security policy to use the built-in junos-http application. D. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again. Correct Answer: BC Answer should be A and C + applications { + application http { + application-protocol http; + destination-port 8080; + } + } [edit] root# commit check configuration check succeeds Can someone please verify the above Questins as it will help all of us working towards this certification. Cheers
  6. Q 27 Refer to exhibit: Users at a remote office are unable to access an FTP server located at the remote corporate data center as expected. The remote FTP server is listening on the non-standard TCP port 2121. Referring to the exhibit, what is causing the problem? A. The FTP clients must be configured to listen on non-standard client ports for the FTP data channel negotiations to succeed. B. Two custom FTP applications must be defined to allow bidirectional FTP communication through the SRX Series device. C. The custom FTP application definition does not have the FTP ALG enabled. D. A new security policy must be defined between the untrust and trust zones. Correct Answer: D According to me Correct answer should be C as FTP ALG needed to be enabled as below: applications { + application custom-ftp { + application-protocol ftp; + destination-port 2121; + } + } Withouft FTP ALG how would SRX knows for which type of traffic port 2121 will be used ? Any Ideas ? Q 38 A link from the branch SRX Series device chassis cluster to the Internet requires more bandwidth. In this scenario, which command would you issue to begin provisioning a second link? A. set chassis cluster reth-count 2 B. set interfaces fab0 fabric-options member-interfaces ge-0/0/1 C. set interfaces ge-0/0/1 gigether-options redundant-parent reth1 D. set chassis cluster redundancy-group 1 node 1 priority 1 Correct Answer: B Shouldnt the answer be C to add another link to reth1.
  7. QUESTION 69 What are the maximum number of supported interfaces on a vSRX hosted in a VMware environment? A. 12 B. 3 C. 10 D. 4 Dumps says Answer is A. Do we have any reference that 12 interfaces are supported in VMWARE environment. According toe below link 10Vnics are supported: [Hidden Content]
  8. Anyone gave exam in August please update Cheers
×
×
  • Create New...