[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 2, Volume B part 03

Ensurepass

QUESTION 121  (Topic 2)

 

Which two statements are true about AH? (Choose two.)

 

A.

AH provides data integrity.

B.

AH is identified by IP protocol 50.

C.

AH is identified by IP protocol 51.

D.

AH cannot work in conjunction with ESP

 

Answer: AC

 

 

QUESTION 122  (Topic 2)

 

Which three advanced permit actions within security policies are valid? (Choose three.)

 

A.

Mark permitted traffic for firewall user authentication.

B.

Mark permitted traffic for SCREEN options.

C.

Associate permitted traffic with an IPsec tunnel.

D.

Associate permitted traffic with a NAT rule.

E.

Mark permitted traffic for IDP processing.

 

An
swer:
ACE

 

 

QUESTION 123  (Topic 2)

 

Click the Exhibit button.

 

clip_image002

 

 

 

 

Referring to the exhibit, which statement contains the correct gateway parameters?

 

A.

[edit security ike]

user@host# show

gateway ike-phase1-gateway {

policy ike-policy1;

address 10.10.10.1;

dead-peer-detection {

interval 20;

threshold 5;

}

external-interface ge-1/0/1.0;

}

B.

[edit security ike]

user@host# show

gateway ike-phase1-gateway {

ike-policy ike-policy1;

address 10.10.10.1;

dead-peer-detection {

interval 20;

threshold 5;

}

external-interface ge-1/0/1.0;

}

C.

[edit security ike]

user@host# show

gateway ike-phase1-gateway {

policy ike1-policy;


address 10.10.10.1;

dead-peer-detection {

interval 20;

threshold 5;

}

external-interface ge-1/0/1.0;

}

D.

[edit security ike]

user@host# show

gateway ike-phase1-gateway {

ike-policy ike1-policy;

address 10.10.10.1;

dead-peer-detection {

interval 20;

threshold 5;

}

external-interface ge-1/0/1.0;

 

 

 

 

}

 

Answer: B

 

 

QUESTION 124  (Topic 2)

 

You want to ensure end-to-end data connectivity through an IPsec tunnel.

 

Which feature would you activate?

 

A.

DPD

B.

VPN monitor

C.

perfect forward secrecy

D.

NHTB

 

Answer: B

 

 

QUESTION 125  (Topic 2)

 

Which statement is true about zone interface assignment?

 

A.

A logical interface can be assigned to a functional zone.

B.

A security zone must contain two or more logical interfaces.

C.

A logical interface can be assigned to multiple security zones.

D.

A logical interface can be assigned to a functional zone and a security zone simultaneously.

 

Answer: A

 

 

QUESTION 126  (Topic 2)

 

Which zone type will allow transit-traffic?

 

A.

system

B.

security

C.

default

D.

functional

 

 

 

 

 

Answer: B

 

 

QUESTION 127  (Topic 2)

 

Which operational mode command displays all active IKE phase 2 security associations?

 

A.

show ike security-associations

B.

show ipsec security-associations

C.

show security ike security-associations

D.

show security ipsec security-associations

 

Answer: D

 

 

QUESTION 128  (Topic 2)

 

Which CLI command provides a summary of what the content-filtering engine has blocked?

 

A.

show security utm content-filtering statistics

B.

show security flow session

C.

show security flow statistics

D.

show security utm content-filtering summary

 

Answer: A

 

 

QUESTION 129  (Topic 2)

 

In which two cases would you consider the TCP flag settings to be suspicious? (Choose two.)

 

A.

Do-Not-Fragment flag is set.

B.

Both SYN and FIN flags are set.

C.

Both ACK and PSH flags are set.

D.

F
IN flag is set and ACK flag is not set.

 

Answer: BD

 

 

 

 

 

QUESTION 130  (Topic 2)

 

Which three statements are true when working with high-availability clusters? (Choose three.)

 

A.

The valid cluster-id range is between 0 and 255.

B.

Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled.

C.

If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.

D.

A reboot is required if the cluster-id or node value is changed.

E.

Junos OS security devices can belong to one cluster only.

 

Answer: CDE

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.