[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 1, Volume A part 05

Ensurepass

QUESTION 41  (Topic 1)

 

A network administrator receives complaints from the engineering group that an application on one server is not working properly. After further investigation, the administrator determines that source NAT translation is using a different source address after a random number of flows. Which two actions can the administrator take to force the server to use one address? (Choose two.)

 

A.

Use the custom application feature.

B.

Configure static NAT for the host.

C.

Use port address translation (PAT).

D.

Use the address-persistent option.

 

Answer: BD

 

 

QUESTION 42  (Topic 1)

 

A network administrator has configured source NAT, translating to an address that is on a locally connected subnet. The administrator sees the translation working, but traffic does not appear to come back. What is causing the problem?

 

A.

The host needs to open the telnet port.

B.

The host needs a route for the translated address.

 

 

 

 

C.

The administrator must use a proxy-arp policy for the translated address.

D.

The administrator must use a security policy, which will allow communication between the zones.

 

Answer: C

 

 

QUESTION 43  (Topic 1)

 

Which statement is true regarding NAT?

 

A.

NAT is not supported on SRX Series devices.

B.

NAT requires special hardware on SRX Series devices.

C.

NAT is processed in the control plane.

D.

NAT is processed in the data plane.

 

Answer: D

Explanation:

The data plane on Junos security platforms, implemented on IOCs, NPCs, and SPCs for high-end devices and on CPU cores and PIMs for branch devices, consists of Junos OS packet-handling modules compounded with a flow engine and session management like that of the ScreenOS software. Intelligent packet processing ensures that one single thread exists for packet flow processing associated with a single flow. Real-time processes enable the Junos OS to perform session-based packet forwarding.

 

 

QUESTION 44  (Topic 1)

 

Which statement is true regarding the Junos OS for security platforms?

 

A.

SRX Series devices can store sessions in a session table.

B.

SRX Series devices accept all traffic by default.

C.

SRX Series devices must operate only in packet-based mode.

D.

SRX Series devices must operate only in flow-based mode.

 

Answer: A

 

 

Explanation: SRX by default operates in FLOW-BASED mode.

 

 

 

 

 

Hovewer, it’s possible to aply a filter on interface, which will enforce a PACKET-BASED mode.

 

 

QUESTION 45  (Topic 1)

 

Which two functions of the Junos OS are handled by the data plane? (Choose two.)

 

A.

NAT

B.

OSPF

C.

SNMP

D.

SCREEN options

 

Answer: AD

 

 

QUESTION 46  (Topic 1)

 

Which command do you use to manually remove antivirus patterns?

 

A.

request security utm anti-virus juniper-express-engine pattern-delete

B.

request security utm anti-virus juniper-express-engine pattern-reload

C.

request security utm anti-virus juniper-express-engine pattern-remove

D.

delete security utm anti-virus juniper-express-engine antivirus-pattern

 

Answer: A

 

 

QUESTION 47  (Topic 1)

 

Which three parameters are configured in the IKE policy? (Choose three.)

 

A.

mode

B.

preshared key

C.

external interface

D.

security proposals

E.

dead peer detection settings

 

 

 

 

 

Answer: ABD

 

 

QUESTION 48  (Topic 1)

 

What are three configuration objects used to build Junos IDP rules? (Choose three.)

 

A.

zone objects

B.

policy objects

C.

attack objects

D.

alert and notify objects

E.

network and address objects

 

Answer: ACE

 

 

QUESTION 49  (Topic 1)

 

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH? (Choose three.)

 

A.

data integrity

B.

data confidentiality

C.

data authentication

D.

outer IP header confidentiality

E.

outer IP header authentication

 

Answer: ACE

 

 

QUESTION 50  (Topic 1)

 

Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close. Which configuration meets this requirement?

 

A.

[edit security policies from-zone Private to-zone External] user@host# show

policy allowTransit {

match {

 

 

 

 

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

}

}

log {

session-init;

}

}

}

B.

[edit security policies from-zone Private to-zone External] user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

}

}

count {

session-close;

}

}

}

C.

[edit security policies from-zone Private to-zone External] user@host#

showpolicy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

 

 

 

 

}

}

log {

session-close;

}

}

}

D.

[edit security policies from-zone Private to-zone External] user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

log;

count session-close;

}

}

}

}

 

Answer: C

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …

Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.