[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 1, Volume A part 03

Ensurepass

QUESTION 21  (Topic 1)

 

You must configure a SCREEN option that would protect your device from a session table flood. Which configuration meets this requirement?

 

A.

[edit security screen]

user@host# show

ids-option protectFromFlood {

icmp {

ip-sweep threshold 5000;

flood threshold 2000;

}

}

B.

[edit security screen]

user@host# show

ids-option protectFromFlood {

tcp {

syn-flood {

attack-threshold 2000;

destination-threshold 2000;

}

}

}

C.

[edit security screen]

user@host# show

ids-option protectFromFlood {

udp {

flood threshold 5000;

}

}

 

 

 

 

D.

[edit security screen]

user@host# show

ids-option protectFromFlood {

limit-session {

source-ip-based 1200;

destination-ip-bas
ed 1200;

}

}

 

Answer: D

 

 

QUESTION 22  (Topic 1)

 

If both nodes in a chassis cluster initialize at different times, which configuration example will allow you to ensure that the node with the higher priority will become primary for your RGs other than RG0?

 

A.

[edit chassis cluster]

user@host# show

redundancy-group 1 {

node 0 priority 200;

node 1 priority 150;

preempt;

}

B.

[edit chassis cluster]

user@host# show

redundancy-group 1 {

node 0 priority 200;

node 1 priority 150;

monitoring;

}

C.

[edit chassis cluster]

user@host# show

redundancy-group 1 {

node 0 priority 200;

node 1 priority 150;

control-link-recovery;

}

D.

[edit chassis cluster]

user@host# show

redundancy-group 1 {

node 0 priority 200;

node 1 priority 150;

 

 

 

 

strict-priority;

}

 

Answer: A

 

 

QUESTION 23  (Topic 1)

 

When using UTM features in an HA cluster, which statement is true for installing the licenses on the cluster members?

 

A.

One UTM cluster license will activate UTM features on both members.

B.

Each device will need a UTM license generated for its serial number.

C.

Each device will need a UTM license generated for the cluster, but licenses can be app
lied to either member.

D.

HA clustering automatically comes with UTM licensing, no additional actions are needed.

 

Answer: B

 

 

QUESTION 24  (Topic 1)

 

What is the default session timeout for UDP sessions?

 

A.

30 seconds

B.

1 minute

C.

5 minutes

D.

30 minutes

 

Answer: B

 

 

QUESTION 25  (Topic 1)

 

Which command do you use to display the status of an antivirus database update?

 

A.

show security utm anti-virus status

B.

show security anti-virus database status

C.

show security utm anti-virus database

 

 

 

 

D.

show security utm anti-virus update

 

Answer: A

 

 

QUESTION 26  (Topic 1)

 

What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?

 

A.

set apply-groups node$

B.

set apply-groups (node)

C.

set apply-groups $(node)

D.

set apply-groups (node)all

 

Answer: C

 

 

QUESTION 27  (Topic 1)

 

Click the Exhibit button.

 

clip_image002

 

What are two valid reasons for the output shown in the exhibit? (Choose two.)

 

A.

The local Web-filtering daemon is not enabled or is not running.

B.

The integrated Web-filtering policy server is not reachable.

C.

No DNS is configured on the SRX Series device.

D.

No security policy is configured to use Web filtering.

 

Answer: BC

 

 

QUESTION 28  (Topic 1)

 

In a chassis cluster with two SRX 5800 devices, the interface ge-13/0/0 belongs to which

 

 

 

 

device?

 

A.

This interface is a system-created interface.

B.

This interface belongs to node 0 of the cluster.

C.

This interface belongs to node 1 of the cluster.

D.

This interface will not exist because SRX 5800 devices have only 12 slots.

 

Answer: C

 

 

QUESTION 29  (Topic 1)

 

Which two statements in a source NAT configuration are true regarding addresses, rule- sets, or rules that overlap? (Choose two.)

 

A.

Addresses used for NAT pools should never overlap.

B.

If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.

C.

If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.

D.

Dynamic source NAT rules take precedence over static source NAT rules.

 

Answer: AB

 

 

QUESTION 30  (Topic 1)

 

Which statement contains the correct parameters for a route-based IPsec VPN?

 

A.

[edit security ipsec]

user@host# show

proposal ike1-proposal {

protocol esp;

authentication-algorithm hmac-md5-96;

encryption-algorithm 3des-cbc;

lifetime-seconds 3200;

}

policy ipsec1-policy {

perfect-forward-secrecy {

keys group2;

}

 

 

 

 

proposals ike1-proposal;

}

vpn VpnTunnel {

interface ge-0/0/1.0;

ike {

gateway ike1-gateway;

ipsec-policy ipsec1-policy;

}

establish-tunnels immediately;

}

B.

[edit security ipsec]

user@host# show

proposal ike1-proposal {

protocol esp;

authentication-algorithm hmac-md5-96;

encryption-algorithm 3des-cbc;

lifetime-seconds 3200;

}

policy ipsec1-policy {

perfect-forward-secrecy {

keys group2;

}

proposals ike1-proposal;

}

vpn VpnTunnel {

interface st0.0;

ike {

gateway ike1-gateway;

ipsec-policy ipsec1-policy;

}

establish-tunnels immediately;

}

C.

[edit security ipsec]

user@host# show

proposal ike1-proposal {

protocol esp;

authentication-algorithm hmac-md5-96;

encryption-algorithm 3des-cbc;

lifetime-seconds 3200;

}

policy ipsec1-policy {

perfect-forward-secrecy {

keys group2;

}

proposals ike1-proposal;

}

 

 

 

 

vpn VpnTunnel {

bind-interface ge-0/0/1.0;

ike {

gateway ike1-gateway;

ipsec-policy ipsec1-policy;

}

establish-tunnels immediately;

}

D.

[edit security ipsec]

user@host# show

proposal ike1-proposal {

protocol esp;

authentication-algorithm hmac-md5-96;

encryption-algorithm 3des-cbc;

lifetime-seconds 3200;

}policy ipsec1-policy {

perfect-forward-secrecy {

keys group2;

}

proposals ike1-proposal;

}

vpn VpnTunnel {

bind-interface st0.0;

ike {

gateway ike1-gateway;

ipsec-policy ipsec1-policy;

}

establish-tunnels immediately;

}

 

Answer: D

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.