[Free] 2018(Jan) EnsurePass Testinsides Juniper JN0-332 Dumps with VCE and PDF 311-320

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-332
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-332.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 311 – (Topic 4)

While reviewing the logs on your SRX240 device, you notice SYN floods coming from a host out on the Internet towards several hosts on your trusted network.

Which Junos Screen option would protect against these denial-of-service (DoS) attacks?

  1. [edit security screen] user@host# show

    ids-option no-flood { limit-session {

    destination-ip-based 150;

    }

    }

  2. [edit security screen] user@host# show

    ids-option no-flood { tcp {

    syn-fin;

    }

    }

  3. [edit security screen] user@host# show

    ids-option no-flood { limit-session {

    source-ip-based 150;

    }

    }

  4. [edit security screen] user@host# show

ids-option no-flood { icmp {

flood threshold 10;

}

}

Answer: C

Question No: 312 – (Topic 4)

Which two parameters are configurable under the [edit security zones security-zone zoneA] stanza? (Choose two.)

  1. the TCP RST feature

  2. the security policies for intrazone communication

  3. the zone-specific address book

  4. the default policy action for firewall rules in this zone

Answer: A,C

Question No: 313 – (Topic 4)

Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?

  1. [edit security nat source rule-set internal] user@host# show

    from zone trust; to zone untrust;

    rule internet-access { match {

    source-address 0.0.0.0/0;

    }

    then {

    source-nat interface;

    }

    }

    rule server-access { match {

    destination-address 10.10.10.0/24;

    }

    then {

    source-nat off;

    }

    }

  2. [edit security nat source rule-set internal] user@host# show

    from zone trust; to zone untrust;

    rule internet-access { match {

    source-address 0.0.0.0/0;

    }

    then {

    source-nat interface;

    }

    }

    rule server-access { match {

    source-address 10.10.10.0/24;

    }

    then {

    source-nat off;

    }

    }

  3. [edit security nat source rule-set internal] user@host# show

    from zone trust; to zone untrust;

    rule server-access { match {

    destination-address 10.10.10.0/24;

    }

    then {

    source-nat off;

    }

    }

    rule internet-access { match {

    source-address 0.0.0.0/0;

    }

    then {

    source-nat interface;

    }

    }

  4. [edit security nat source rule-set internal] user@host# show

from zone trust; to zone untrust;

rule internet-access { match {

source-address 0.0.0.0/0;

}

then { accept;

}

}

rule server-access { match {

destination-address 10.10.10.0/24;

}

then { reject;

}

}

Answer: C

Question No: 314 – (Topic 4)

What are two functions of the junos-host zone? (Choose two.)

  1. storing global address book entries

  2. controlling self-generated traffic

  3. controlling host inbound traffic

  4. controlling global Junos Screen settings

Answer: B,C

Question No: 315 – (Topic 4)

Which statement is correct about zone and interface dependencies?

  1. A logical interface can be assigned to multiple zones.

  2. A zone can be assigned to multiple routing instances.

  3. Logical interfaces are assigned to a zone.

  4. A logical interface can be assigned to multiple routing instances.

Answer: C

Question No: 316 – (Topic 4)

When using chassis clustering, which link is responsible for configuration synchronization?

  1. fxp0

  2. fxp1

  3. fab0

  4. fab1

Answer: B

Question No: 317 – (Topic 4)

What are two system-defined zones? (Choose two.)

  1. null zone

  2. system zone

  3. Junos host zone

  4. functional zone

Answer: A,C

Question No: 318 – (Topic 4)

Which two statements are correct about IPsec security associations? (Choose two.)

  1. established during IKE Phase 1 negotiations

  2. security associations are unidirectional

  3. established during IKE Phase 2 negotiations

  4. security associations are bidirectional

Answer: B,C

Question No: 319 – (Topic 4)

You are deploying a branch site which connects to two hub locations over an IPsec VPN. The branch SRX Series device should send all traffic to the first hub unless it is unreachable and should then direct traffic to the second hub. You must use static routes to send traffic towards the hub site.

Which two technologies should you use to fail over from a primary to a secondary tunnel in less than 60 seconds? (Choose two.)

  1. dead peer detection

  2. VPN monitoring

  3. floating static routes

  4. IP monitoring

Answer: B,D

Question No: 320 – (Topic 4)

During packet flow on an SRX Series device, which two processes occur before route lookup? (Choose two.)

  1. static NAT

  2. destination NAT

  3. source NAT

  4. reverse static NAT

Answer: A,B

100% Ensurepass Free Download!
Download Free Demo:JN0-332 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-332 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-332 Latest Exam (Jan 2018) and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.