[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 1, Volume A part 04

Ensurepass

QUESTION 31  (Topic 1)

 

Which type of Web filtering by default builds a cache of server actions associated with each URL it has checked?

 

A.

Websense Redirect Web filtering

B.

integrated Web filtering

C.

local Web filtering

D.

enhanced Web filtering

 

Answer: B

 

 

 

 

 

QUESTION 32  (Topic 1)

 

What is the purpose of a chassis cluster?

 

A.

Chassis clusters are used to aggregate routes.

B.

Chassis clusters are used to create aggregate interfaces.

C.

Chassis clusters are used to group two chassis into one logical chassis.

D.

Chassis clusters are used to group all interfaces into one cluster interface.

 

Answer: C

 

 

Explanation: The Junos OS achieves high availability on Junos security platforms using chassis clustering. Chassis clustering provides network node redundancy by grouping two like devices into a cluster. The two nodes back each other up with one node acting as the primary and the other as the secondary node, ensuring the stateful failover of processes and services in the event of system or hardware failure. A control link between services processing cards (SPCs) or revenue ports and an Ethernet data link between revenue ports connect two like devices. Junos security platforms must be the same model, and all SPCs, network processing cards (NPCs), and input/output cards (IOCs) on high-end platforms must have the same slot placement and hardware revision. The chassis clustering feature in the Junos OS is built on the high availability methodology of Juniper Networks M Series and T Series platforms and the TX Matrix platform, including multichassis clustering, active-passive Routing Engines (REs) , active-active Packet Forwarding Engines (PFEs), and graceful RE switchover capability.

 

 

QUESTION 33  (Topic 1)

 

Which two statements about static NAT are true? (Choose two.)

 

A.

Static NAT can only be used with destination NAT.

B.

Static NAT rules take precedence over overlapping dynamic NAT rules.

C.

NAT rules take precedence over overlapping static NAT rules.

D.

A reverse mapping is automatically created.

 

Answer: BD

 

 

 

 

 

QUESTION 34  (Topic 1)

 

Click the Exhibit button.

 

clip_image002

 

In the exhibit, a new policy named DenyTelnet was created. You notice that Telnet traffic is still allowed.

 

Which statement will allow you to rearrange the policies for the DenyTelnet policy to be evaluated before your Allow policy?

 

A.

insert security policies from-zone A to-zone B policy DenyTelnet before policy Allow

B.

set security policies from-zone B to-zone A policy DenyTelnet before policy Allow

C.

insert security policies from-zone A to-zone B policy DenyTelnet after policy Allow

D.

set security policies from-zone B to-zone A policy Allow after policy DenyTelnet

 

Answer: A

 

 

QUESTION 35  (Topic 1)

 

 

 

 

What is the maximum number of layers of decompression that juniper-express-engine (express AV) can decompress for the HTTP protocol?

 

A.

0

B.

1

C.

4

D.

8

 

Answer: B

 

 

QUESTION 36  (Topic 1)

 

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the
administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?

 

A.

from-zone UNTRUST to-zone TRUST {

policy DenyServer {

match {

source-address any;

destination-address any;

application any;

}

then {

deny;

}

}

}

from-zone TRUST to-zone UNTRUST {

policy AllowTelnetin {

match {

source-address the10net;

destination-address Server;

application junos-telnet;

}

then {

permit;

}

}

}

 

 

 

 

B.

from-zone TRUST to-zone UNTRUST {

policy DenyServer {

match {

source-address Server;

destination-address any;

application any;

}

then {

deny;

}

}

}

from-zone UNTRUST to-zone TRUST {

policy AllowTelnetin {

match {

source-address the10net;

destination-address Server;

application junos-telnet;

}

then {

permit;

}

}

}

C.

from-zone UNTRUST to-zone TRUST {

policy AllowTelnetin {

match {

source-address the10net;

destination-address Server;

application junos-ftp;

}

then {

permit;

}

}

}

D.

from-zone TRUST to-zone UNTRUST {

policy DenyServer {

match {

source-address Server;

destination-address any;

application any;

}

then {

permit;

}

 

 

 

 

}

}

from-zone UNTRUST to-zone TRUST {

policy AllowTelnetin {

match {

source-address the10net;

destination-address Server;

application junos-telnet;

}

then {

permit;

}

}

}

 

Answer: B

 

 

QUESTION 37  (Topic 1)

 

Which three statements are true regarding IDP? (Choose three.)

 

A.

IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.

B.

IDP inspects traffic up to the Application Layer.

C.

IDP searches the data stream for specific attack patterns.

D.

IDP inspects traffic up to the Presentation Layer.

E.

IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.

 

Answer: BCE

 

 

QUESTION 38  (Topic 1)

 

Which three are necessary for antispam to function properly on a branch SRX Series device? (Choose three.)

 

A.

an antispam license

B.

DNS servers configured on the SRX Series device

C.

SMTP services on SRX

D.

a UTM profile with an antispam configuration in the appropriate security policy

 

 

 

 

E.

antivirus (full or express)

 

Answer: ABD

 

 

QUESTION 39  (Topic 1)

 

Click the Exhibit button.

 

clip_image004

 

In the exhibit, you decided to change my Hosts addresses. What will happen to the new sessions matching the policy and in-progress sessions that had already matched the policy?

 

A.

New sessions will be evaluated. In-progress sessions will be re-evaluated.

B.

New sessions will be evaluated. All in-progress sessions will continue.

C.

New sessions will be evaluated. All in-progress sessions will be dropped.

D.

New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

 

Answer: A

 

 

 

 

 

QUESTION 40  (Topic 1)

 

When an SRX series device receives an ESP packet, what happens?

 

A.

If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will immediately decrypt the packet.

B.

If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will discard the packet.

C.

If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match, it will decrypt the packet.

D.

If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match and route lookup of inner header, it will decrypt the packet.

 

Answer: C

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.