多选题Which three functions are provided by JUNOS Software for security platforms？（）AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels （Layer 4 and above）

第1题：

第2题：

Which statement is true regarding proxy ARP？（）

• A、Proxy ARP is enabled by default on stand-alone JUNOS security devices.
• B、Proxy ARP is enabled by default on chassis clusters.
• C、JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.
• D、JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled

第3题：

第4题：

You are responsible for increasing the security within the Company LAN. Of the following choices  listed below，  which is true regarding layer 2 security and mitigation techniques？ （）

• A、 Enable root guard to mitigate ARP address spoofing attacks.
• B、 Configure DHCP spoofing to mitigate ARP address spoofing attacks.
• C、 Configure PVLANs to mitigate MAC address flooding attacks.
• D、 Enable root guard to mitigate DHCP spoofing attacks.
• E、 Configure dynamic APR inspection （DAI） to mitigate IP address spoofing on DHCP untrusted  ports.
• F、 Configure port security to mitigate MAC address flooding  
• G、 None of the other alternatives apply

第5题：

Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router？（）

• A、JUNOS Software for security platforms supports NAT and PAT； a traditional router does not support NAT or PAT.
• B、JUNOS Software for security platforms does not forward traffic by default； a traditional router forwards traffic by default.
• C、JUNOS Software for security platforms uses session-based forwarding； a traditional router uses packet-based forwarding.
• D、JUNOS Software for security platforms performs route lookup for every packet； a traditional router performs route lookup only for the first packet.

第6题：

Which three functions are provided by JUNOS Software for security platforms？（）

• A、VPN establishment
• B、stateful ARP lookups
• C、Dynamic ARP inspection
• D、Network Address Translation
• E、inspection of packets at higher levels （Layer 4 and above）

第7题：

Which statement is true regarding the Junos OS?（）

• A、All platforms running the Junos OS separate the functions of learning and flooding.
• B、All platforms running the Junos OS separate the functions of control and forwarding.
• C、All platforms running the Junos OS separate the functions of routing and bridging.
• D、All platforms running the Junos OS separate the functions of management and routing.

第8题：

第9题：

Which three statements are true regarding IDP？（）

• A、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options，zones， and security policy.
• B、IDP inspects traffic up to the Application layer.
• C、IDP searches the data stream for specific attack patterns.
• D、IDP inspects traffic up to the Presentation layer.
• E、IDP can drop packets， close sessions， prevent future sessions， and log attacks for review by network administrators when an attack is detected.

第10题：

The Company security administrator is concerned with layer 2 network attacks.  Which two  statements about these attacks are true？ （）

• A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a  false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
• B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  message with a forged identity to a transmitting host.
• C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
• D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  packet that contains the forged address of the next hop router.
• E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port  with all MAC addresses in the VLAN.