Certbus > Juniper > JNCIS > JN0-332 > JN0-332 Online Practice Questions and Answers

JN0-332 Online Practice Questions and Answers

Questions 4

Which two statements regarding external authentication servers for firewall user authentication are true? (Choose two.)

A. Up to three external authentication server types can be used simultaneously.

B. Only one external authentication server type can be used simultaneously.

C. If the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is bypassed.

D. If the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is rejected.

Browse 519 Q&As
Questions 5

Which statement describes an ALG?

A. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to deny the traffic.

B. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.

C. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to deny the traffic.

D. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.

Browse 519 Q&As
Questions 6

Which two statements about Junos software packet handling are correct? (Choose two.)

A. The Junos OS applies service ALGs only for the first packet of a flow.

B. The Junos OS uses fast-path processing only for the first packet of a flow.

C. The Junos OS performs policy lookup only for the first packet of a flow.

D. The Junos OS applies SCREEN options for both first and consecutive packets of a flow.

Browse 519 Q&As
Questions 7

Which statement is true regarding NAT?

A. NAT is not supported on SRX Series devices.

B. NAT requires special hardware on SRX Series devices.

C. NAT is processed in the control plane.

D. NAT is processed in the data plane.

Browse 519 Q&As
Questions 8

Which two statements are true about the relationship between static NAT and proxy ARP? (Choose two.)

A. It is necessary to forward ARP requests to remote hosts.

B. It is necessary when translated traffic belongs to the same subnet as the ingress interface.

C. It is not automatic and you must configure it.

D. It is enabled by default and you do not need to configure it.

Browse 519 Q&As
Questions 9

Click the Exhibit button.

[A] establishes an IPsec tunnel with

[B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.

On which port is the IKE SA established?

A. TCP 500

B. UDP 500

C. TCP 4500

D. UDP 4500

Browse 519 Q&As
Questions 10

Click the Exhibit button.

Referring to the exhibit, which statement contains the correct gateway parameters?

A. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }

B. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }

C. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }

D. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }

Browse 519 Q&As
Questions 11

Click the Exhibit button.

In the configuration shown in the exhibit, you decided to eliminate the junos-ftp application from the match condition of the policy My Traffic.

What will happen to the existing FTP and BGP sessions?

A. The existing FTP and BGP sessions will continue.

B. The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.

C. The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.

D. The existing FTP sessions will continue and only the existing BGP sessions will be dropped.

Browse 519 Q&As
Questions 12

Under which configuration hierarchy is an access profile configured for firewall user authentication?

A. [edit access]

B. [edit security access]

C. [edit firewall access]

D. [edit firewall-authentication]

Browse 519 Q&As
Questions 13

Exhibit.

[edit security policies]

user@host# show

from-zone trust to-zone untrust {

policy AllowHTTP{

match {

source-address HOSTA;

destination-address any;

application junos-ftp;

}

then {

permit;

}}

policy AllowHTTP2{

match {

source-address any;

destination-address HOSTA;

application junos-http;

}

then {

permit;

}}

policy AllowHTTP3{

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}}}

A flow of HTTP traffic needs to go from HOSTA to HOSTB. Assume that traffic will initiate from HOSTA

and that HOSTA is in zone trust and HOSTB is in zone untrust.

What will happen to the traffic given the configuration in the exhibit?

A. The traffic will be permitted by policy AllowHTTP.

B. The traffic will be permitted by policy AllowHTTP3.

C. The traffic will be permitted by policy AllowHTTP2.

D. The traffic will be dropped as no policy match will be found.

Browse 519 Q&As
Questions 14

Which three algorithms are used by an SRX Series device to validate the integrity of the data exchanged through an IPsec VPN? (Choose three.)

A. 3DES

B. MD5

C. NHTB

D. SHA1

E. SHA2

Browse 519 Q&As
Questions 15

Which two statements are correct regarding reth interfaces? (Choose two.)

A. Child interfaces must be in the same slot on both nodes

B. Child interfaces do not need to be in the same slot on both nodes.

C. Child interfaces must be the same Ethernet interface type.

D. Child interfaces can be a mixture of Ethernet interface types.

Browse 519 Q&As
Questions 16

You are asked to establish a chassis cluster between two branch SRX Series devices. You must ensure that no single point of failure exists.

What would prevent a single point of failure?

A. dual data plane links

B. redundant routing tables

C. redundant cluster IDs

D. dual control plane links

Browse 519 Q&As
Questions 17

To which depth of compressed (Zip) files can the Junos full antivirus feature scan?

A. 1 layer of compression

B. 2 layer of compression

C. 3 layer of compression

D. 4 layer of compression

Browse 519 Q&As
Questions 18

You must examine input and output bytes for a particular zone on an SRX Series device. Which operational mode command would complete this task?

A. show interfaces extensive

B. show security flow statistics

C. show security policies

D. show security zones

Browse 519 Q&As
Exam Code: JN0-332
Exam Name: Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
Last Update: Mar 24, 2024
Questions: 519 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99