Juniper JN0-332 Dumps

Exam: Juniper Networks Certified Specialist Security (JNCIS-SEC)

Play Juniper JN0-332 VCE files with Avanset VCE Simulator
 

Juniper JN0-332 Exam Tutorial

Showing 1-20 of 517 Questions   (Page 1 out of 26)


Question No : 1 - Topic 1

Click the Exhibit button.
Juniper JN0-332 question 1
Your IKE SAs are up, but the IPsec SAs are not up.Referring to the exhibit, what is the
problem?

A. One or more of the phase 2 proposals such as authentication algorithm, encryption algorithm do not match.
B. The tunnel interface is down.
C. The proxy IDs do not match.
D. The IKE proposals do not match the IPsec proposals.


Question No : 2 - Topic 1

Which two statements about staticNAT are true? (Choose two.)

A. Static NAT can only be used with destination NAT.
B. Static NAT rules take precedence over overlapping dynamic NAT rules.
C. NAT rules take precedence over overlapping static NAT rules.
D. A reverse mapping is automatically created.


Question No : 3 - Topic 1

Which security or functional zone name has special significance to the Junos OS?

A. self
B. trust
C. untrust
D. junos-global


Question No : 4 - Topic 1

Which three statements are true regarding IDP? (Choose three.)

A. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.
B. IDP inspects traffic up to the Application Layer.
C. IDP searches the data stream for specific attack patterns.
D. IDP inspects traffic up to the Presentation Layer.
E. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.


Question No : 5 - Topic 1

Which IDP policy action closes the connection and sends an RST packet to both the client
and the server?

A. close-connection
B. terminate-connection
C. close-client-and-server
D. terminate-session


Question No : 6 - Topic 1

Which three components can be leveraged when defining a local whitelist or blacklist for
antispam on a branch SRX Series device? (Choose three.)

A. spam assassin filtering score
B. sender country
C. sender IP address
D. sender domain
E. sender e-mail address


Question No : 7 - Topic 1

Which statement describes the UTM licensing model?

A. Install the license key and all UTM features will be enabled for the life of the product.
B. Install one license key per feature and the license key will be enabled for the life of the product.
C. Install one UTM license key, which will activate all UTM features; the license will need to be renewed when it expires.
D. Install one UTM license key per UTM feature; the licenses will need to be renewed when they expire.


Question No : 8 - Topic 1

What is the default session timeout for TCP sessions?

A. 1 minute
B. 15 minutes
C. 30 minutes
D. 90 minutes


Question No : 9 - Topic 1

Which two statements in a source NAT configuration are true regarding addresses, rule-
sets, or rulesthat overlap? (Choose two.)

A. Addresses used for NAT pools should never overlap.
B. If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.
C. If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.
D. Dynamic source NAT rules take precedence over static source NAT rules.


Question No : 10 - Topic 1

How many IDP policies can be active at one time on an SRX Series device by means of
the set security idp active-policyconfiguration statement?

A. 1
B. 2
C. 4
D. 8


Question No : 11 - Topic 1

Which three methods of source NAT does the Junos OS support? (Choose three.)

A. interface-based source NAT
B. source NAT with address shifting
C. source NAT using static source pool
D. interface-based source NAT without PAT
E. source NAT with address shifting and PAT


Question No : 12 - Topic 1

Click the Exhibit button.
Juniper JN0-332 question 12
System services SSH, Telnet, FTP, and HTTP are enabled on the SRX Series device.
Referring to the configuration shown in the exhibit, which two statements are true? (Choose
two.)

A. A user can use SSH to interface ge-0/0/0.0 and ge-0/0/1.0.
B. A user can use FTP to interface ge-0/0/0.0 and ge-0/0/1.0.
C. A user can use SSH to interface ge-0/0/0.0.
D. A user can use SSH to interface ge-0/0/1.0.


Question No : 13 - Topic 1

Which command would you use to enable chassis cluster on an SRX device, setting the
clusterID to 1 and node to 0?

A. user@host# set chassis cluster cluster-id 1 node 0 reboot
B. user@host> set chassis cluster id 1 node 0 reboot
C. user@host> set chassis cluster cluster-id 1 node 0 reboot
D. user@host# set chassis cluster id 1 node 0 reboot


Question No : 14 - Topic 1

Click the Exhibit button.
Juniper JN0-332 question 14
Assume the default-policy has not been configured. Given the configuration shown in the
exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust
zone are true? (Choose two.)

A. DNS traffic is denied.
B. HTTP traffic is denied.
C. FTP traffic is permitted.
D. SMTP traffic is permitted.


Question No : 15 - Topic 1

You want to allow your device to establish OSPF adjacencies with a neighboring device
connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under
which configuration hierarchy must you permit OSPF traffic?

A. [edit security policies from-zone HR to-zone HR]
B. [edit security zones functional-zone management protocols]
C. [edit security zones protocol-zone HR host-inbound-traffic]
D. [edit security zones security-zone HR host-inbound-traffic protocols]


Question No : 16 - Topic 1

In a chassis cluster with two SRX 5800 devices, the interface ge-13/0/0 belongs to which
device?

A. This interface is a system-created interface.
B. This interface belongs to node 0 of the cluster.
C. This interface belongs to node 1 of the cluster.
D. This interface will not exist because SRX 5800 devices have only 12 slots.


Question No : 17 - Topic 1

A user wants to establish an FTP session to a server behind an SRX device but must
authenticate to a Web page on the SRX device for additional authentication. Which type of
user authentication is configured?

A. pass-through
B. WebAuth
C. WebAuth with Web redirect
D. pass-through with Web redirect


Question No : 18 - Topic 1

Which two statements regarding firewall user authentication client groups are true?
(Choose two.)

A. A client group is a list of clients associated with a group.
B. A client group is a list of groups associated with a client.
C. Client groups are referenced in security policy in the same manner in which individual clients are referenced.
D. Client groups are used to simplify configuration by enabling firewall user authentication without security policy.


Question No : 19 - Topic 1

Click the Exhibit button.
Juniper JN0-332 question 19
In the exhibit, a new policy named DenyTelnet was created. You notice that Telnet traffic is
still allowed.
Which statement will allow you to rearrange the policies for the DenyTelnet policy to be
evaluated before your Allow policy?

A. insert security policies from-zone A to-zone B policy DenyTelnet before policy Allow
B. set security policies from-zone B to-zone A policy DenyTelnet before policy Allow
C. insert security policies from-zone A to-zone B policy DenyTelnet after policy Allow
D. set security policies from-zone B to-zone A policy Allow after policy DenyTelnet


Question No : 20 - Topic 1

What are two rule base types within an IPS policy on an SRX Series device? (Choose two.)

A. rulebase-ips
B. rulebase-ignore
C. rulebase-idp
D. rulebase-exempt


Showing 1-20 of 517 Questions   (Page 1 out of 26)

Close

Close
LIMITED OFFER: 30% DISCOUNT

Exam-Labs PREMIUM Files

Get 30% Discount on all Exam-Labs.com PREMIUM files!



Enter Your Email Address to Receive Your 30% Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.