[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 3, Volume C part 01

Ensurepass

QUESTION 201  (Topic 3)

 

What do you use to group interfaces with similar security requirements?

 

A.

zones

B.

policies

C.

address book

D.

NAT configuration

 

Answer: A

 

 

QUESTION 202  (Topic 3)

 

Regarding zone types, which statement is true?

 

A.

You cannot assign an interface to a functional zone.

B.

You can specifiy a functional zone in a security policy.

C.

Security zones must have a scheduler applied.

 

 

 

 

D.

You can use a security zone for traffic destined for the device itself.

 

Answer: D

 

 

QUESTION 203  (Topic 3)

 

Which attribute is optional for IKE phase 2 negotiations?

 

A.

proxy-ID

B.

phase 2 proposal

C.

Diffie-Hellman group key

D.

security protocol (ESP or AH)

 

Answer: C

 

 

QUESTION 204  (Topic 3)

 

Click the Exhibit button.

 – Exhibit —

 

[edit security policies from-zone HR to-zone trust]

 

user@host# show

 

policy two {

 

match {

 

source-address subnet_a;

 

destination-address host_b;

 

application [ junos-telnet junos-ping ];

 

}

 

then {

 

reject;

 

}

 

 

 

 

}

 

policy one {

 

match {

 

source-address host_a;

 

destination-address subnet_b;

 

application any;

 

}

 

then {

 

permit;

 

}

 

}

 – Exhibit —

 

host_a is in subnet_a and host_b is in subnet_b.

 

Given the configuration shown in the exhibit, which two statements are true about traffic from host_a to host_b (Choose two.)?

 

A.

DNS traffic is denied.

B.

Telnet traffic is denied.

C.

SMTP traffic is denied.

D.

Ping traffic is denied.

 

Answer: BD

 

 

QUESTION 205  (Topic 3)

 

The branch SRX Series Services Gateways implement the data plane on which two components? (Choose two.)

 

A.

IOCs

B.

SPCs

C.

CPU cores

D.

PIMs

 

 

 

 

 

Answer: CD

 

 

QUESTION 206  (Topic 3)

 

Which three functions are provided by JUNOS Software for security platforms? (Choose three.)

 

A.

VPN establishment

B.

stateful ARP lookups

C.

Dynamic ARP inspection

D.

Network Address Translation

E.

inspection of packets at higher levels (Layer 4 and above)

 

Answer: ADE

 

 

QUESTION 207  (Topic 3)

 

You are implementing an IDP policy template from Juniper Networks. Which three steps are included in this process? (Choose three.)

 

A.

activating a JUNOS Software commit script?

B.

configuring an IDP groups statement

C.

setting up a chassis cluster

D.

downloading the IDP policy templates

E.

installing the policy templates

 

Answer: ADE

 

 

QUESTION 208  (Topic 3)

 

Which Junos security feature helps protect against spam, viruses, trojans, and malware?

 

A.

session-based stateful firewall

B.

IPsec VPNs

C.

security policies

D.

Unified Threat Management

 

 

 

 

 

Answer: D

 

 

Explanation: The major features of Unified Threat Management (UTM); A branch office network in today’s market significantly contributes to the bottom line and is central to an organization’s success. Branch offices normally include a relatively smaller number of computing resources when compared to central facilities or headquarters locations. Branch offices are typically located where customer interactions occur, which means there is increased demand for supporting applications and assuring application performance, an increased demand for security. General security vulnerabilities exist for every branch office network. These vulnerabilities include spam and phishing attacks, viruses, trojans and spyware infected files, unapproved website access, and unapproved content.

 

 

QUESTION 209  (Topic 3)

 

Click the Exhibit button.

 

[edit security]

 

user@host# show

 

zones {

 

security-zone ZoneA {

 

tcp-rst;

 

host-inbound-traffic {

 

system-services {

 

ping;

 

telnet;

 

}}

 

interfaces {

 

ge-0/0/0.0;

 

 

 

 

ge-0/0/1.0;

 

}}

 

security-zone ZoneB {

 

interfaces {

 

ge-0/0/3.0;

 

}}}

 

policies {

 

from-zone ZoneA to-zone ZoneB {

 

policy A-to-B {

 

match {

 

source-address any;

 

destination-address any;

 

application any;

 

}

 

then {

 

permit;

 

}}}}

 

In the exhibit, a host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet connection to the device’s ge-0/0/1.0 IP address.

 

What does the device do?

 

A.

The device sends back a TCP reset packet.

B.

The device silently discards the packet.

C.

The device forwards the packet out the ge-0/0/1.0 interface.

D.

The device responds with a TCP SYN/ACK packet and opens the connection.

 

Answer: B

 

 

 

 

 

QUESTION 210  (Topic 3)

 

Exhibit.

 

[edit security policies]

 

user@host# show

 

from-zone trust to-zone untrust {

 

policy AllowHTTP{

 

match {

 

source-address HOSTA;

 

destination-address any;

 

application junos-ftp;

 

}

 

then {

 

permit;

 

}}

 

policy AllowHTTP2{

 

match {

 

source-address any;

 

destination-address HOSTA;

 

application junos-http;

 

}

 

then {

 

permit;

 

}}

 

policy AllowHTTP3{

 

match {

 

 

 

 

source-address any;

 

destination-address any;

 

application any;

 

}

 

then {

 

permit;

 

}}}

 

A flow of HTTP traffic needs to go from HOSTA to HOSTB. Assume that traffic will initiate from HOSTA and that HOSTA is in zone trust and HOSTB is in zone untrust.

 

What will happen to the traffic given the configuration in the exhibit?

 

A.

The traffic will be permitted by policy AllowHTTP.

B.

The traffic will be permitted by policy AllowHTTP3.

C.

The traffic will be permitted by policy AllowHTTP2.

D.

The traffic will be dropped as no policy match will be found.

 

Answer: B

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.