← Back to exam page

JPR-961 Juniper Networks Certified Internet Expert (JNCIE-SP)

Loading demo links...

Showing 1–3 of 10 questions

Question 1

You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server. All network servers run Windows Server and all client computers run Windows XP Professional.

The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours.

You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations.

How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? (Choose three.)

Select all that apply, then click Submit answer.

  • By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.

  • By having the ABC_SERVERS.inf template imported into SERVER-GPO.

  • By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the Default Domain Policy GPO.

  • By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf settings during off-peak hours.

  • By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.

  • By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.

  • By having SERVER-GPO and CLIENT-GPO linked to the domain.
Question 2

Andrew works as a Network Administrator for ABC.com. The company has a Windows domain-based network. The company has two Windows servers and 150 Windows Professional client computers. The company has a Windows server named NATSERV that has a dial-up connection to the Internet.

NATSERV has two network interfaces named EthernetA and EthernetB .

EthernetA is connected to the LAN and has an IP address of 192.168.1.121. EthernetB is connected to the Internet and has an IP address of 132.103.102.71. The client computers on the LAN connect to the Internet by using NATSERV. NAT also has Routing and Remote Access installed.

Andrew enables the NAT/Basic Firewall routing protocol on NATSERV. The configuration of the NAT/Basic Firewall routing on NATSERV is shown in the image below:

The client computers on the network are unable to connect to the Internet. When Andrew tries to ping

132.103.102.71 from the client computers on the local network, he receives a message as shown in the image below:

Andrew wants to ensure that the client computers on the local network are able to connect to the Internet.

What will he do to accomplish this?

Each correct answer represents a part of the solution. (Choose two.)

Select all that apply, then click Submit answer.

  • For EthernetB, configure Outbound Filters under Static packet filters.

  • For EthernetA, configure Inbound Filters under Static packet filters.

  • For EthernetA, configure NAT/Basic Firewall as 'Private interface connected to private network'.

  • For EthernetB, configure NAT/Basic Firewall as 'Public interface connected to the Internet'.
Question 3

You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. There are currently 120 Web servers running Windows Server and are contained in an Organizational Unit (OU) named ABC_WebServers

ABC.com management took a decision to uABCrade all Web servers to Windows Server. You disable all services on the Web servers that are not required. After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server.

How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? (Choose two.)

Select all that apply, then click Submit answer.

  • Set up a GPO that will change the startup type for the services to Automatic.

  • By linking the GPO to the ABC_WebServers OU.

  • Set up a GPO with the Hisecws.inf security template imported into the GPO.

  • By linking the GPO to the domain.

  • Set up a GPO in order to set the startup type of the redundant services to Disabled.

  • By linking the GPO to the Domain Controllers OU.

  • Set up a GPO in order to apply a startup script to stop the redundant services.