[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 2, Volume B part 01

Ensurepass

QUESTION 101  (Topic 2)

 

Under which configuration hierarchy is an access profile configured for firewall user authentication?

 

A.

[edit access]

B.

[edit security access]

C.

[edit firewall access]

D.

[edit firewall-authentication]

 

Answer: A

 

 

QUESTION 102  (Topic 2)

 

 

 

 

Which two statements are true when describing the capabilities of integrated Web filtering on branch SRX Series devices? (Choose two.)

 

A.

Integrated Web filtering can enforce UTM policies on traffic encrypted in SSL.

B.

Integrated Web filtering can detect client-side exploits that attack the user’s Web browser.

C.

Integrated Web filtering can permit or deny access to specific categories of sites.

D.

Different integrated Web-filtering policies can be applied on a firewall rule-by-rule basis to allow different policies to be enforced for different users.

 

Answer: CD

 

 

QUESTION 103  (Topic 2)

 

Which three contexts can be used as matching conditions in a source NAT configuration? (Choose three.)

 

A.

routing-instance

B.

zone

C.

interface

D.

policy

E.

rule-set

 

Answer: ABC

 

 

QUESTION 104  (Topic 2)

 

Which three security policy actions are valid? (Choose three.)

 

< td style="border-top-style: none; border-left-style: none; background: white; border-bottom-style: none; padding-bottom: 0cm; padding-top: 0cm; border-right-style: none; padding-left: 0cm; padding-right: 0cm" valign="top" width="26">

E.

A.

deny

B.

allow

C.

permit

D.

reject

discard

 

Answer: ACD

 

 

QUESTION 105  (Topic 2)

 

 

 

 

Which parameters are valid SCREEN options for combating operating system probes?

 

A.

syn-fin, syn-flood, and tcp-no-frag

B.

syn-fin, port-scan, and tcp-no-flag

C.

syn-fin, fin-no-ack, and tcp-no-frag

D.

syn-fin, syn-ack-ack-proxy, and tcp-no-frag

 

Answer: C

 

 

QUESTION 106  (Topic 2)

 

Click the Exhibit button.

 

clip_image002

 

Which command is needed to change this policy to a tunnel policy for a policy-based VPN?

 

A.

set policy tunnel-traffic then tunnel remote-vpn

B.

set policy tunnel-traffic then permit tunnel remote-vpn

C.

set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit

D.

set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

 

Answer: D

 

 

QUESTION 107  (Topic 2)

 

You want to test a configured screen value prior to deploying. Which statement will allow you to accomplish this?

 

 

 

 

 

A.

[edit security screen]

user@host# show

ids-option untrust-screen {

alarm-test-only;

}

B.

[edit security screen]

user@host# show

ids-option untrust-screen {

alarm-without-drop;

}

C.

[edit security screen]

user@host# show

ids-option untrust-screen {

alarm-no-drop;

}

D.

[edit security screen]

user@host# show

ids-option untrust-screen {

test-without-drop;

}

 

Answer: B

 

 

QUESTION 108  (Topic 2)

 

You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone. From the [edit] hierarchy, which command do you use to configure this assignment?

 

A.

set security zones management interfaces ge-0/0/0.0

B.

set zones functional-zone management interfaces ge-0/0/0.0

C.

set security zones functional-zone management interfaces ge-0/0/0.0

D.

set security zones functional-zone out-of-band interfaces ge-0/0/0.0

 

Answer: C

 

 

QUESTION 109  (Topic 2)

 

Which three functions are provided by the Junos OS for security platforms? (Choose three.)

 

 

 

 

 

A.

VPN establishment

B.

stateful ARP lookups

C.

Dynamic ARP inspection

D.

Network Address Translation

E.

inspection of packets at higher levels (Layer 4 and above)

 

Answer: ADE

 

 

QUESTION 110  (Topic 2)

 

Which two statements are true about pool-based source NAT? (Choose two.)

 

A.

PAT is not supported.

B.

PAT is enabled by default.

C.

It supports the address-persistent configuration option.

D.

It supports the junos-global configuration option.

 

Answer: BC

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.