Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

Juniper JN0-332 Dumps

Juniper
Juniper Networks Certified Specialist Security (JNCIS-SEC)
Juniper
Juniper Networks Certified Specialist Security (JNCIS-SEC)

Questions & Answers for Juniper JN0-332

Showing 1-15 of 517 Questions

Question #1 - Topic 1

Click the Exhibit button.

Your IKE SAs are up, but the IPsec SAs are not up.Referring to the exhibit, what is the
problem?

A. One or more of the phase 2 proposals such as authentication algorithm, encryption algorithm do not match.

B. The tunnel interface is down.

C. The proxy IDs do not match.

D. The IKE proposals do not match the IPsec proposals.

Question #2 - Topic 1

Which two statements about staticNAT are true? (Choose two.)

A. Static NAT can only be used with destination NAT.

B. Static NAT rules take precedence over overlapping dynamic NAT rules.

C. NAT rules take precedence over overlapping static NAT rules.

D. A reverse mapping is automatically created.

Question #3 - Topic 1

Which security or functional zone name has special significance to the Junos OS?

A. self

B. trust

C. untrust

D. junos-global

Question #4 - Topic 1

Which three statements are true regarding IDP? (Choose three.)

A. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.

B. IDP inspects traffic up to the Application Layer.

C. IDP searches the data stream for specific attack patterns.

D. IDP inspects traffic up to the Presentation Layer.

E. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.

Question #5 - Topic 1

Which IDP policy action closes the connection and sends an RST packet to both the client
and the server?

A. close-connection

B. terminate-connection

C. close-client-and-server

D. terminate-session

Question #6 - Topic 1

Which three components can be leveraged when defining a local whitelist or blacklist for
antispam on a branch SRX Series device? (Choose three.)

A. spam assassin filtering score

B. sender country

C. sender IP address

D. sender domain

E. sender e-mail address

Question #7 - Topic 1

Which statement describes the UTM licensing model?

A. Install the license key and all UTM features will be enabled for the life of the product.

B. Install one license key per feature and the license key will be enabled for the life of the product.

C. Install one UTM license key, which will activate all UTM features; the license will need to be renewed when it expires.

D. Install one UTM license key per UTM feature; the licenses will need to be renewed when they expire.

Question #8 - Topic 1

What is the default session timeout for TCP sessions?

A. 1 minute

B. 15 minutes

C. 30 minutes

D. 90 minutes

Question #9 - Topic 1

Which two statements in a source NAT configuration are true regarding addresses, rule-
sets, or rulesthat overlap? (Choose two.)

A. Addresses used for NAT pools should never overlap.

B. If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.

C. If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.

D. Dynamic source NAT rules take precedence over static source NAT rules.

Question #10 - Topic 1

How many IDP policies can be active at one time on an SRX Series device by means of
the set security idp active-policyconfiguration statement?

A. 1

B. 2

C. 4

D. 8

Question #11 - Topic 1

Which three methods of source NAT does the Junos OS support? (Choose three.)

A. interface-based source NAT

B. source NAT with address shifting

C. source NAT using static source pool

D. interface-based source NAT without PAT

E. source NAT with address shifting and PAT

Question #12 - Topic 1

Click the Exhibit button.

System services SSH, Telnet, FTP, and HTTP are enabled on the SRX Series device.
Referring to the configuration shown in the exhibit, which two statements are true? (Choose
two.)

A. A user can use SSH to interface ge-0/0/0.0 and ge-0/0/1.0.

B. A user can use FTP to interface ge-0/0/0.0 and ge-0/0/1.0.

C. A user can use SSH to interface ge-0/0/0.0.

D. A user can use SSH to interface ge-0/0/1.0.

Question #13 - Topic 1

Which command would you use to enable chassis cluster on an SRX device, setting the
clusterID to 1 and node to 0?

A. user@host# set chassis cluster cluster-id 1 node 0 reboot

B. user@host> set chassis cluster id 1 node 0 reboot

C. user@host> set chassis cluster cluster-id 1 node 0 reboot

D. user@host# set chassis cluster id 1 node 0 reboot

Question #14 - Topic 1

Click the Exhibit button.

Assume the default-policy has not been configured. Given the configuration shown in the
exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust
zone are true? (Choose two.)

A. DNS traffic is denied.

B. HTTP traffic is denied.

C. FTP traffic is permitted.

D. SMTP traffic is permitted.

Question #15 - Topic 1

You want to allow your device to establish OSPF adjacencies with a neighboring device
connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under
which configuration hierarchy must you permit OSPF traffic?

A. [edit security policies from-zone HR to-zone HR]

B. [edit security zones functional-zone management protocols]

C. [edit security zones protocol-zone HR host-inbound-traffic]

D. [edit security zones security-zone HR host-inbound-traffic protocols]

×