Академический Документы
Профессиональный Документы
Культура Документы
Vendor: Juniper
QUESTION 251
Click the Exhibit button.
[edit security policies]
user@host# show
from-zone trust to-zone untrust {
policy AllowHTTP{
match {
source-address HOSTA;
destination-address any;
application junos-ftp;
}
then {
permit;
}}
policy AllowHTTP2{
match {
source-address any;
destination-address HOSTA;
application junos-http;
}
then {
permit;
}}
policy AllowHTTP3{
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}}}
A flow of HTTP traffic needs to go from HOSTA to HOSTB. Assume that traffic will initiate from
HOSTA and that HOSTA is in zone trust and HOSTB is in zone untrust.
What will happen to the traffic given the configuration in the exhibit?
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
D. The traffic will be dropped as no policy match will be found.
Answer: B
QUESTION 252
Which two security policy actions are valid? (Choose two.)
A. deny
B. discard
C. reject
D. close
Answer: AC
QUESTION 253
Click the Exhibit button.
[edit schedulers]
user@host# show
scheduler now {
monday all-day;
tuesday exclude;
wednesday {
start-time 07:00:00 stop-time 18:00:00;
}
thursday {
start-time 07:00:00 stop-time 18:00:00;
}}
[edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}}}
scheduler-name now;
}
Based on the configuration shown in the exhibit, what will happen to the traffic matching the security
policy?
A. The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
B. The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.
C. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays
between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.
D. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays
between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
Answer: C
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
QUESTION 254
Click the Exhibit button.
[edit security policies from-zone HR to-zone trust]
user@host# show
policy two {
match {
source-address subnet_a;
destination-address host_b;
application [ junos-telnet junos-ping ];
}
then {
reject;
}} policy one {
match {
source-address host_a;
destination-address subnet_b;
application any;
}
then {
permit;
}}
host_a is in subnet_a and host_b is in subnet_b.
Given the configuration shown in the exhibit, which statement is true about traffic from host_a to
host_b?
Answer: B
QUESTION 255
Which statement is true about interface-based source NAT?
A. PAT is a requirement.
B. It requires you to configure address entries in the junos-nat zone.
C. It requires you to configure address entries in the junos-global zone.
D. The IP addresses being translated must be in the same subnet as the egress interface.
Answer: A
QUESTION 256
Which two statements are true about pool-based destination NAT? (Choose two.)
Answer: AC
QUESTION 257
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
Which statement is true about source NAT?
Answer: D
QUESTION 258
Which two statements are true about overflow pools? (Choose two.)
Answer: CD
QUESTION 259
Which statement is true regarding proxy ARP?
Answer: D
QUESTION 260
You are creating a destination NAT rule-set.
Which two are valid for use with the from clause? (Choose two.)
A. security policy
B. interface
C. routing-instance
D. IP address
Answer: BC
QUESTION 261
Regarding an IPsec security association (SA), which two statements are true? (Choose two.)
A. IKE SA is bidirectional.
B. IPsec SA is bidirectional.
C. IKE SA is established during phase 2 negotiations.
D. IPsec SA is established during phase 2 negotiations.
Answer: AC
QUESTION 262
Which operational mode command displays all active IPsec phase 2 security associations?
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
Answer: D
QUESTION 263
Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the
negotiation contains the phase 1 proposal for the peers?
A. message 1 and 2
B. message 3 and 4
C. message 5 and 6
D. message 7 and 8
Answer: A
QUESTION 264
Which attribute is required for all IKE phase 2 negotiations?
A. proxy-ID
B. preshared key
C. Diffie-Hellman group key
D. main or aggressive mode
Answer: A
QUESTION 265
Which attribute is optional for IKE phase 2 negotiations?
A. proxy-ID
B. phase 2 proposal
C. Diffie-Hellman group key
D. security protocol (ESP or AH)
Answer: C
QUESTION 266
A route-based VPN is required for which scenario?
Answer: D
QUESTION 267
A policy-based IPsec VPN is ideal for which scenario?
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
A. when you want to conserve tunnel resources
B. when the remote peer is a dialup or remote access client
C. when you want to configure a tunnel policy with an action of deny
D. when a dynamic routing protocol such as OSPF must be sent across the VPN
Answer: B
QUESTION 268
Regarding a route-based versus policy-based IPsec VPN, which statement is true?
Answer: A
QUESTION 269
Which two configuration elements are required for a route-based VPN? (Choose two.)
Answer: AC
QUESTION 270
Click the Exhibit button.
[edit security]
user@host# show
ike {
policy ike-policy1 {
mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$GFjm5OBEclM5QCuO1yrYgo"; ## SECRET-DATA
}
gateway remote-ike {
ike-policy ike-policy1;
address 172.19.51.170;
external-interface ge-0/0/3.0;
}}
ipsec {
policy vpn-policy1 {
proposal-set standard;
}
vpn remote-vpn {
ike {
gateway remote-ike;
ipsec-policy vpn-policy1;
}}}
Assuming you want to configure a route-based VPN, which command is required to bind the VPN
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
to secure tunnel interface st0.0?
Answer: A
QUESTION 271
Regarding secure tunnel (st) interfaces, which statement is true?
Answer: D
QUESTION 272
What are three benefits of using chassis clustering? (Choose three.)
Answer: ACE
QUESTION 273
You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which
requirement must be met for a successful installation?
Answer: C
QUESTION 274
Click the Exhibit button.
[edit chassis]
user@host# show
cluster {
reth-count 3;
redundancy-group 1 {
node 0 priority 1;
node 1 priority 100;
}}
When applying the configuration in the exhibit and initializing a chassis cluster, which statement is
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
correct?
Answer: D
QUESTION 275
What is a redundancy group in JUNOS Software?
Answer: D
QUESTION 276
When devices are in cluster mode, which new interfaces are created?
Answer: C
QUESTION 277
What are two interfaces created when enabling a chassis cluster? (Choose two.)
A. st0
B. fxp1
C. fab0
D. reth0
Answer: BC
QUESTION 278
Which statement is true regarding redundancy groups?
A. The preempt option determines the primary and secondary roles for redundancy group 0 during a
failure and recovery scenario.
B. When priority settings are equal and the members participating in a cluster are initialized at the same
time, the primary role for redundancy group 0 is assigned to node 1.
C. The primary role can be shared for redundancy group 0 when the active-active option is enabled.
D. Redundancy group 0 manages the control plane failover between the nodes of a cluster.
Answer: D
QUESTION 279
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
Which IDP policy action drops a packet before it can reach its destination, but does not close the
connection?
A. discard-packet
B. drop-traffic
C. discard-traffic
D. drop-packet
Answer: D
QUESTION 280
You have been tasked with performing an update to the IDP attack database. Which three
requirements are included as part of this task? (Choose three.)
Answer: ACD
QUESTION 281
You are implementing an IDP policy template from Juniper Networks. Which three steps are
included in this process? (Choose three.)
Answer: ADE
QUESTION 282
Which statement regarding the implementation of an IDP policy template is true?
A. IDP policy templates are automatically installed as the active IDP policy.
B. IDP policy templates are enabled using a commit script.
C. IDP policy templates can be downloaded without an IDP license.
D. IDP policy templates are included in the factory-default configuration.
Answer: B
QUESTION 283
Which two statements are true regarding firewall user authentication? (Choose two.)
A. Firewall user authentication is performed only for traffic that is accepted by a security policy.
B. Firewall user authentication is performed only for traffic that is denied by a security policy.
C. Firewall user authentication provides an additional method of controlling user access to the JUNOS
security device itself.
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
D. Firewall user authentication provides an additional method of controlling user access to remote networks.
Answer: AD
QUESTION 284
Which statement accurately describes firewall user authentication?
Answer: A
QUESTION 285
Which two firewall user authentication objects can be referenced in a security policy? (Choose two.)
A. access profile
B. client group
C. client
D. default profile
Answer: BC
QUESTION 286
Which high availability feature is supported only on Junos security platforms?
A. Virtual Chassis
B. VRRP
C. chassis clustering
D. graceful restart
Answer: C
QUESTION 287
What is a security policy?
A. a set of rules that controls traffic from a specified source to a specified destination using a specified service
B. a collection of one or more network segments sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks
Answer: A
QUESTION 288
What is a zone?
A. a set of rules that controls traffic from a specified source to a specified destination using a specified service
B. a collection of one or more network segments sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
Answer: B
QUESTION 289
What is the function of NAT?
Answer: C
QUESTION 290
Which statement correctly describes the default state of a high-end SRX Series Services Gateway?
Answer: A
QUESTION 291
Which Junos security feature helps protect against spam, viruses, trojans, and malware?
Answer: D
QUESTION 292
When the first packet in a new flow is received, which high-end SRX component is responsible for
setting up the flow?
A. Routing Engine
B. I/O card
C. network processing card
D. services processing card
Answer: B
QUESTION 293
Which three elements are contained in a session-close log message? (Choose three.)
A. source IP address
B. DSCP value
C. number of packets transferred
D. policy name
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
E. MAC address
Answer: CDE
QUESTION 294
Which card performs flow lookup on incoming packets on high-end SRX Series devices?
Answer: A
QUESTION 295
How is the control plane separated from the data plane on branch SRX Series devices?
Answer: B
QUESTION 296
Which three parameters does the Junos OS attempt to match against during session lookup?
(Choose three.)
A. session token
B. ingress interface
C. protocol number
D. source port number
E. egress interface
Answer: ACD
QUESTION 297
You have packet loss on an IPsec VPN using the default maximum transmission unit (MTU) where
the packets have the DF-bit (do not fragment) set.
Which configuration solves this problem?
Answer: B
QUESTION 298
The branch SRX Series Services Gateways implement the data plane on which two components?
(Choose two.)
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html
Free VCE and PDF Exam Dumps from PassLeader
A. IOCs
B. SPCs
C. CPU cores
D. PIMs
Answer: CD
QUESTION 299
Which configuration must be completed to use both packet-based and session-based forwarding
on a branch SRX Series Services Gateway?
A. A stateless firewall filter must be used on the ingress interface to match traffic to be processed
as session based.
B. A security policy rule must be used on the ingress interface to match traffic to be processed as
session based.
C. A global security policy rule must be used on the ingress interface to match traffic to be processed
as packet based.
D. A stateless firewall filter must be used on the ingress interface to match traffic to be processed as
packet based.
Answer: D
QUESTION 300
Which branch SRX Series Services Gateway model has a hardware-based, modular Routing
Engine?
A. SRX1400
B. SRX650
C. SRX110
D. SRX240
Answer: B
JN0-332 Exam Dumps JN0-332 Exam Questions JN0-332 PDF Dumps JN0-332 VCE Dumps
http://www.passleader.com/jn0-332.html