[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 2, Volume B part 06

Ensurepass

QUESTION 151  (Topic 2)

 

The same Web site is visited for the second time using a branch SRX Series Services Gateway configured with Surf Control integrated Web filtering. Which statement is true?

 

A.

The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server provides the SRX with a category of the URL.

B.

The SRX device sends the URL to the SurfControl server in the cloud and the SurfControl server asks the SRX device to permit the URL as it has been previously visited.

 

 

 

 

C.

The SRX device looks at its local cache to find the category of the URL.

D.

The SRX device does not perform any Web filtering operation as the Web
site has already been visited.

 

Answer: C

 

 

QUESTION 152  (Topic 2)

 

Which statement is true regarding NAT?

 

A.

NAT is not supported on SRX Series devices.

B.

NAT requires special hardware on SRX Series devices.

C.

NAT is processed in the control plane.

D.

NAT is processed in the data plane.

 

Answer: D

 

 

QUESTION 153  (Topic 2)

 

Which two statements are true for a security policy? (Choose two.)

 

A.

It controls inter-zone traffic.

B.

It controls intra-zone traffic.

C.

It is named with a system-defined name.

D.

It controls traffic destined to the device’s ingress interface.

 

Answer: AB

 

 

QUESTION 154  (Topic 2)

 

Which command shows the event and traceoptions file for chassis clusters?

 

A.

show log chassisd

B.

show log clusterd

C.

show log jsrpd

D.

show log messages

 

 

 

 

 

Answer: C

 

 

QUESTION 155  (Topic 2)

 

You must configure a SCREEN option that will protect your router from a session table flood.

 

Which configuration meets this requirement?

 

A.

[edit security screen]

user@host# show

ids-option protectFromFlood {

icmp {

ip-sweep threshold 5000;

flood threshold 2000;

}

}

B.

[edit security screen]

user@host# show

ids-option protectFromFlood {

tcp {

syn-flood {

attack-threshold 2000;

destination-threshold 2000;

}

}

}

C.

[edit security screen]

user@host# show

ids-option protectFromFlood {

udp {

flood threshold 5000;

}

}

D.

[edit security screen]

user@host# show

ids-option protectFromFlood {

limit-session

{

source-ip-based 1200;

destination-ip-based 1200;

}

}

 

 

 

 

 

Answer: D

 

 

QUESTION 156  (Topic 2)

 

Which URL will match the URL pattern “www.news.com/asia”?

 

A.

www.news.com

B.

www.news.com/asia/japan

C.

www-1.news.com/asia

D.

www.news.asia.com

 

Answer: B

 

 

QUESTION 157  (Topic 2)

 

Which encryption type is used to secure user data in an IPsec tunnel?

 

A.

symmetric key encryption

B.

asymmetric key encryption

C.

RSA

D.

digital certificates

 

Answer: A

 

 

QUESTION 158  (Topic 2)

 

Which two statements are true about IPsec traffic? (Choose two.)

 

A.

IPsec traffic can be forwarded when no IKE SA is present.

B.

IPsec traffic can be forwarded when no IPsec SA is present.

C.

For traffic that has to be encrypted, the security policy must be crafted based on the IP addresses in the inner IP header of the final ESP packet.

D.

For traffic that has to be encrypted, the security policy must be crafted based on the IP addresses in the outer IP header of the final ESP packet.

 

Answer: AC

 

 

 

 

 

QUESTION 159  (Topic 2)

 

Host A opens a Telnet connection to Host

B.Host A then opens another Telnet connection to Host

B.These connections are the only communication between Host A and Host

B.The security policy configuration permits both connections. How many sessions exist between Host A and Host B?

 

A.

1

B.

2

C.

3

D.

4

 

Answer: B

 

 

QUESTION 160  (Topic 2)

 

Which statement is true for interfaces residing outside of redundancy groups?

 

A.

The interfaces cannot be mapped to security zones.

B.

Only interfaces that have redundancy can be active in the chassis cluster.

C.

All interfaces will be redundant if they reside on a system that is part of a chassis cluster.

D.

Interfaces that are not in a redundancy group can still forward traffic, but no redundancy is available for them.

 

Answer: D

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.