Comics

JUNIPER JN0-332 EXAM QUESTIONS & ANSWERS

Description
JUNIPER JN0-332 EXAM QUESTIONS & ANSWERS Number: JN0-332 Passing Score: 800 Time Limit: 120 min File Version: JUNIPER JN0-332 EXAM QUESTIONS & ANSWERS Exam Name: uniper
Categories
Published
of 43
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
JUNIPER JN0-332 EXAM QUESTIONS & ANSWERS Number: JN0-332 Passing Score: 800 Time Limit: 120 min File Version: JUNIPER JN0-332 EXAM QUESTIONS & ANSWERS Exam Name: uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC) Exam A QUESTION 1 Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change? A. policy-rematch B. policy-evaluate C. rematch-policy D. evaluate-policy Correct Answer: A /Reference: QUESTION 2 Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH? (Choose three.) A. data integrity B. data confidentiality C. data authentication D. outer IP header confidentiality E. outer IP header authentication Correct Answer: ACE /Reference: QUESTION 3 You must configure a SCREEN option that would protect your router from a session table flood.which configuration meets this requirement? A. [edit security screen] ids-option protectfromflood { icmp { ip-sweep threshold 5000; flood threshold 2000; B. [edit security screen] ids-option protectfromflood { tcp { syn-flood { attack-threshold 2000; destination-threshold 2000; C. [edit security screen] ids-option protectfromflood { udp { flood threshold 5000; D. [edit security screen] ids-option protectfromflood { limit-session { source-ip-based 1200; destination-ip-based 1200; Correct Answer: D /Reference: QUESTION 4 Which security or functional zone name has special significance to the Junos OS? A. self B. trust C. untrust D. junos-global Correct Answer: D /Reference: QUESTION 5 Which command do you use to display the status of an antivirus database update? A. show security utm anti-virus status B. show security anti-virus database status C. show security utm anti-virus database D. show security utm anti-virus update Correct Answer: A /Reference: QUESTION 6 Which statement contains the correct parameters for a route-based IPsec VPN? A. [edit security ipsec] proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; policy ipsec1-policy { perfect-forward-secrecy { keys group2; proposals ike1-proposal; vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; establish-tunnels immediately; B. [edit security ipsec] proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; policy ipsec1-policy { perfect-forward-secrecy { keys group2; proposals ike1-proposal; vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; establish-tunnels immediately; C. [edit security ipsec] proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; policy ipsec1-policy { perfect-forward-secrecy { keys group2; proposals ike1-proposal; vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; establish-tunnels immediately; D. [edit security ipsec] proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; policy ipsec1-policy { perfect-forward-secrecy { keys group2; proposals ike1-proposal; vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; establish-tunnels immediately; Correct Answer: D /Reference: QUESTION 7 Which three statements are true regarding IDP? (Choose three.) A. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy. B. IDP inspects traffic up to the Application Layer. C. IDP searches the data stream for specific attack patterns. D. IDP inspects traffic up to the Presentation Layer. E. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected. Correct Answer: BCE /Reference: QUESTION 8 Which two statements regarding symmetric key encryption are true? (Choose two.) A. The same key is used for encryption and decryption. B. It is commonly used to create digital certificate signatures. C. It uses two keys: one for encryption and a different key for decryption. D. An attacker can decrypt data if the attacker captures the key used for encryption. Correct Answer: AD /Reference: QUESTION 9 Which UTM feature requires a license to function? A. integrated Web filtering B. local Web filtering C. redirect Web filtering D. content filtering Correct Answer: A /Reference: QUESTION 10 Which two UTM features require a license to be activated? (Choose two.) A. antispam B. antivirus (full AV) C. content filtering D. Web-filtering redirect Correct Answer: AB /Reference: QUESTION 11 Which three components can be leveraged when defining a local whitelist or blacklist for antispam on a branch SRX Series device? (Choose three.) A. spam assassin filtering score B. sender country C. sender IP address D. sender domain E. sender address Correct Answer: CDE /Reference: QUESTION 12 What is the correct syntax for applying node-specific parameters to each node in a chassis cluster? A. set apply-groups node$ B. set apply-groups (node) C. set apply-groups $(node) D. set apply-groups (node)all Correct Answer: C /Reference: QUESTION 13 You must configure a SCREEN option that would protect your device from a session table flood.which configuration meets this requirement? A. [edit security screen] ids-option protectfromflood { icmp { ip-sweep threshold 5000; flood threshold 2000; B. [edit security screen] ids-option protectfromflood { tcp { syn-flood { attack-threshold 2000; destination-threshold 2000; C. [edit security screen] ids-option protectfromflood { udp { flood threshold 5000; D. [edit security screen] ids-option protectfromflood { limit-session { source-ip-based 1200; destination-ip-based 1200; Correct Answer: D /Reference: QUESTION 14 Which three methods of source NAT does the Junos OS support? (Choose three.) A. interface-based source NAT B. source NAT with address shifting C. source NAT using static source pool D. interface-based source NAT without PAT E. source NAT with address shifting and PAT Correct Answer: ABC /Reference: QUESTION 15 Which three firewall user authentication objects can be referenced in a security policy? (Choose three.) A. access profile B. client group C. client D. default profile E. external Correct Answer: ABC /Reference: QUESTION 16 What is the default session timeout for TCP sessions? A. 1 minute B. 15 minutes C. 30 minutes D. 90 minutes Correct Answer: C /Reference: QUESTION 17 Which statement is true regarding the Junos OS for security platforms? A. SRX Series devices can store sessions in a session table. B. SRX Series devices accept all traffic by default. C. SRX Series devices must operate only in packet-based mode. D. SRX Series devices must operate only in flow-based mode. Correct Answer: A /Reference: QUESTION 18 At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? (Choose two.) A. [edit security idp] B. [edit security zones security-zone trust interfaces ge-0/0/0.0] C. [edit security zones security-zone trust] D. [edit security screen] Correct Answer: BC /Reference: QUESTION 19 The SRX device receives a packet and determines that it does not match an existing session.after SCREEN options are evaluated, what is evaluated next? A. source NAT B. destination NAT C. route lookup D. zone lookup Correct Answer: B /Reference: QUESTION 20 Which zone type can be specified in a policy? A. security B. functional C. user D. system Correct Answer: A /Reference: QUESTION 21 Which Web-filtering technology can be used at the same time as integrated Web filtering on a single branch SRX Series device? A. Websense redirect Web filtering B. local Web filtering (blacklist or whitelist) C. firewall user authentication D. ICAP Correct Answer: B /Reference: QUESTION 22 An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? (Choose two.) A. Only main mode can be used for IKE negotiation. B. A local-identity must be defined. C. It must be the initiator for IKE. D. A remote-identity must be defined. Correct Answer: BC /Reference: QUESTION 23 Which two statements about the use of SCREEN options are correct? (Choose two.) A. SCREEN options are deployed at the ingress and egress sides of a packet flow. B. Although SCREEN options are very useful, their use can result in more session creation. C. SCREEN options offer protection against various attacks at the ingress zone of a packet flow. D. SCREEN options examine traffic prior to policy processing, thereby resulting in fewer resources used for malicious packet processing. Correct Answer: CD /Reference: QUESTION 24 When using UTM features in an HA cluster, which statement is true for installing the licenses on the cluster members? A. One UTM cluster license will activate UTM features on both members. B. Each device will need a UTM license generated for its serial number. C. Each device will need a UTM license generated for the cluster, but licenses can be applied to either member. D. HA clustering automatically comes with UTM licensing, no additional actions are needed. Correct Answer: B /Reference: Exam B QUESTION 1 Which statement is true regarding NAT? A. NAT is not supported on SRX Series devices. B. NAT requires special hardware on SRX Series devices. C. NAT is processed in the control plane. D. NAT is processed in the data plane. Correct Answer: D /Reference: QUESTION 2 Which two functions of the Junos OS are handled by the data plane? (Choose two.) A. NAT B. OSPF C. SNMP D. SCREEN options Correct Answer: AD /Reference: QUESTION 3 Which statement is correct about HTTP trickling? A. It prevents the HTTP client or server from timing-out during an antivirus update. B. It prevents the HTTP client or server from timing-out during antivirus scanning. C. It is an attack. D. It is used to bypass antivirus scanners. Correct Answer: B /Reference: QUESTION 4 What is the proper sequence of evaluation for the SurfControl integrated Web filter solution? A. whitelists, blacklists, SurfControl categories B. blacklists, whitelists, SurfControl categories C. SurfControl categories, whitelists, blacklists D. SurfControl categories, blacklists, whitelists Correct Answer: B /Reference: QUESTION 5 A network administrator is using source NAT for traffic from source network /8. The administrator must also disable NAT for any traffic destined to the /24 network.which configuration would accomplish this task? A. [edit security nat source rule-set test] from zone trust; to zone untrust; rule A { source-address /24; source-nat { pool { A; rule B { destination-address /8; source-nat { off; B. [edit security nat source] rule-set test from zone trust; to zone untrust; rule 1 { destination-address /24; source-nat { off; rule 2 { source-address /8; source-nat { pool { A; C. [edit security nat source rule-set test] from zone trust; to zone untrust; rule A { source-address /8; source-nat { pool { A; rule B { destination-address /24; source-nat { off; D. [edit security nat source rule-set test] from zone trust; to zone untrust; rule A { source-address /8; source-nat { pool { A; Correct Answer: B /Reference: QUESTION 6 Which two statements are true with regard to policy ordering? (Choose two.) A. The last policy is the default policy, which allows all traffic. B. The order of policies is not important. C. New policies are placed at the end of the policy list. D. The insert command can be used to change the order. Correct Answer: CD /Reference: QUESTION 7 Regarding fast path processing, when does the system perform the policy check? A. The policy is determined after the SCREEN options check. B. The policy is determined only during the first packet path, not during fast path. C. The policy is determined after the zone check. D. The policy is determined after the SYN TCP flag. Correct Answer: B /Reference: QUESTION 8 How do you apply UTM enforcement to security policies on the branch SRX series? A. UTM profiles are applied on a security policy by policy basis. B. UTM profiles are applied at the global policy level. C. Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis. D. Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level. Correct Answer: A /Reference: QUESTION 9 Which configuration shows a pool-based source NAT without PAT? A. [edit security nat source] pool A { address { /32 to /32; rule-set 1A { from zone trust; to zone untrust; rule 1 { source-address /24; source-nat pool A; port no-translation; B. [edit security nat source] pool A { address { /32 to /32; overflow-pool interface; rule-set 1A { from zone trust; to zone untrust; rule 1 { source-address /24; source-nat pool A; port no-translation; C. [edit security nat source] pool A { address { /32 to /32; port no-translation; rule-set 1A { from zone trust; to zone untrust; rule 1 { source-address /24; source-nat pool A; D. [edit security nat source]. pool A { address { /32 to /32; overflow-pool interface; rule-set 1A { from zone trust; to zone untrust; rule 1 { source-address /24; source-nat pool A; Correct Answer: C /Reference: QUESTION 10 Which two statements are true regarding IDP? (Choose two.) A. IDP can be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy. B. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy. C. IDP inspects traffic up to the Presentation Layer. D. IDP inspects traffic up to the Application Layer. Correct Answer: AD /Reference: QUESTION 11 Which three statements are true when working with high-availability clusters? (Choose three.) A. The valid cluster-id range is between 0 and 255. B. Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled. C. If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster. D. A reboot is required if the cluster-id or node value is changed. E. Junos OS security devices can belong to one cluster only. Correct Answer: CDE /Reference: QUESTION 12 A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.which configuration statement would correctly accomplish this task? A. from-zone UNTRUST to-zone TRUST { policy DenyServer { source-address any; destination-address any; application any; deny; from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { source-address the10net; destination-address Server; application junos-telnet; permit; B. from-zone TRUST to-zone UNTRUST { policy DenyServer { source-address Server; destination-address any; application any; deny; from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { source-address the10net; destination-address Server; application junos-telnet; permit; C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { source-address the10net; destination-address Server; application junos-ftp; permit; D. from-zone TRUST to-zone UNTRUST { policy DenyServer { source-address Server; destination-address any; application any; permit; from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { source-address the10net; destination-address Server; application junos-telnet; permit; Correct Answer: B /Reference: QUESTION 13 Which command do you use to manually remove antivirus patterns? A. request security utm anti-virus juniper-express-engine pattern-delete B. request security utm anti-virus juniper-express-engine pattern-reload C. request security utm anti-virus juniper-express-engine pattern-remove D. delete security utm anti-virus juniper-express-engine antivirus-pattern Correct Answer: A /Reference: QUESTION 14 Which two statements are true about the relationship between static NAT and proxy ARP? (Choose two.) A. It is necessary to forward ARP requests to remote hosts. B. It is necessary when translated traffic belongs to the same subnet as the ingress interface. C. It is not automatic and you must configure it. D. It is enabled by default and you do not need to configure it. Correct Answer: BC /Reference: QUESTION 15 If both nodes in a chassis cluster initialize at different times, which configuration example will allow you to ensure that the node with the higher priority will become primary for your RGs other than RG0? A. [edit chassis cluster] redundancy-group 1 { node 0 priority 200; node 1 priority 150; preempt; B. [edit chassis cluster] redundancy-group 1 { node 0 priority 200; node 1 priority 150; monitoring; C. [edit chassis cluster] redundancy-group 1 { node 0 priority 200; node 1 priority 150; control-link-recovery; D. [edit chassis cluster] redundancy-group 1 { node 0 priority 200; node 1 priority 150; strict-priority; Correct Answer: A /Reference: QUESTION 16 By default, how is traffic evaluated when the antivirus database update is in progress? A. Traffic is scanned against the old database. B. Traffic is scanned against the existing portion of the currently downloaded database. C. All traffic that requires antivirus inspection is dropped and a log message generated displaying the traffic endpoints. D. All traffic that requires antivirus inspection is forwarded with no antivirus inspection and a log message generated displaying the traffic endpoints. Correct Answer: D /Reference: QUESTION 17 Which statement is true regarding IPsec VPNs? A. There are five phases of IKE negotiation. B. There are two phases of IKE negotiation. C. IPsec VPN tunnels are not supported on SRX Series devices. D. IPsec VPNs require a tunnel PIC in SRX Series devices. Correct Answer: C /Reference: QUESTION 18 Which three are necessary for antispam to function properly on a branch SRX Series device? (Choose three.) A. an antispam license B. DNS servers configured on the SRX Series device C. SMTP services on SRX D. a UTM profile with an antispam configuration in the appropriate security policy E. antivirus (full or express) Correct Answer: ABD /Reference: QUESTION 19 Which two statements regarding firewall user authentication client groups are true? (Choose two.) A. A client group is a list of clients associated with a group. B. A client group is a list of groups associated with a client. C. Client groups are referenced in security policy in the same manner in which individual clients are referenced. D. Client groups are used to simplify configuration by enabling firewall user authentication without security policy. Correct Answer: BC /Reference: QUESTION 20 Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.which configuration meets this requirement? A. [edit security policies from-zone Private to-zone External] policy allowtransit { source-address PrivateHosts; destination-address ExtServers; application ExtApps; permit { tunnel { ipsec-vpn VPN; log { session-init; B. [edit security policies from-zone Private to-zone External] policy allowtransit { source-address PrivateHosts; destination-address ExtServers; application ExtApps; permit { tunnel { ipsec-vpn VPN; count { session-close; C. [edit security policies from-zone Private to-zone External] showpolicy allowtransit { source-address PrivateHosts; destination-address ExtServers; application ExtApps; permit { tunnel { ipsec-vpn VPN; log { session-close; D. [edit security policies from-zone Private to-zone External] policy allowtransit { source-address PrivateHosts; destination-address Ex
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks