[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 3, Volume C part 03

Ensurepass

QUESTION 221  (Topic 3)

 

You have packet loss on an IPsec VPN using the default maximum transmission unit (MTU) where the packets have the DF-bit (do not fragment) set.

 

Which configuration solves this problem?

 

A.

Set an increased MTU value on the physical interface.

B.

Set a reduced MSS value for VPN traffic under the [edit security flow tcp-mss] hierarchy.

C.

Set a reduced MTU value for VPN traffic under the [edit security flow] hierarchy.

D.

Set an increased MSS value on the st0 interface.

 

Answer: B

 

 

QUESTION 222  (Topic 3)

 

A route-based VPN is required for which scenario?

 

A.

when the remote VPN peer is behind a NAT device

B.

when multiple networks need to be reached across the tunnel and GRE cannot be used

C.

when the remote VPN peer is a dialup or remote access client

D.

when a dynamic routing protocol is required across the VPN and GRE cannot be used

 

Answer: D

 

 

QUESTION 223  (Topic 3)

 

By default, which condition would cause a session to be removed from the session table?

 

A.

Route entry for the session changed.

B.

Security policy for the session changed.

 

 

 

 

C.

The ARP table entry for the source IP address timed out.

D.

No traffic matched the session during the timeout period.

 

Answer: D

 

 

QUESTION 224  (Topic 3)

 

What are three benefits of using chassis clustering? (Choose three.)

 

A.

Provides stateful session failover for sessions.

B.

Increases security capabilities for IPsec sessions.

C.

Provides active-passive control and data plane redundancy.

D.

Enables automated fast-reroute capabilities.

E.

Synchronizes configuration files and session state.

 

Answer: ACE

 

 

QUESTION 225  (Topic 3)

 

Which IDP policy action drops a packet before it can reach its destination, but does not close the connection?

 

A.

discard-packet

B.

drop-traffic

C.

discard-traffic

D.

drop-packet

 

Answer: D

 

 

QUESTION 226  (Topic 3)

 

Click the Exhibit button.

 

user@host> show interfaces ge-0/0/0.0 | match host-inbound

 

Allowed host-inbound traffic : bgp ospf

 

 

 

 

Which configuration would result in the output shown in the exhibit?

 

A.

[edit security zones functional-zone management] user@host# show

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

protocols {

bgp;

ospf;

vrrp;

}}}}

host-inbound-traffic {

protocols {

all;

vrrp {

except;

}}}

B.

[edit security zones functional-zone management] user@host# show

host-inbound-traffic {

protocols {

bgp;

ospf;

}}

C.

[edit security zones security-zone trust]

user@host# show

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

protocols {

ospf;

bgp;

}}}}

D.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

protocols {

bgp;

}}

interfaces {

all {

host-inbound-traffic {

protocols {

ospf;

 

 

 

 

}}}}

 

Answer: C

 

 

QUESTION 227  (Topic 3)

 

What are two valid match conditions for source NAT? (Choose two.)

 

A.

port range

B.

source port

C.

source address

D.

destination address

 

Answer: CD

 

 

QUESTION 228  (Topic 3)

 

Regarding an IPsec security association (SA), which two statements are true? (Choose two.)

 

A.

IKE SA is bidirectional.

B.

IPsec SA is bidirectional.

C.

IKE SA is established during phase 2 negotiations.

D.

IPsec SA is established during phase 2 negotiations.

 

Answer: BC

 

 

QUESTION 229  (Topic 3)

 

Click the Exhibit button.

 

user@host> show interfaces ge-0/0/0.0 | match host-inbound

 

Allowed host-inbound traffic : ping ssh telnet

 

Which configuration would result in the output shown in the exhibit?

 

 

 

 

 

A.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

system-services {

ping;

telnet;

}}

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

system-services {

ssh;

telnet;

}}}}

B.

[edit security zones functional-zone management] user@host# show

interfaces {

all;

}

host-inbound-traffic {

system-services {

all;

ftp {

except;

}}}

C.

[edit security zones functional-zone management] user@host# show

interfaces {

all {

host-inbound-traffic {

system-services {

ping;

}}}}

host-inbound-traffic {

system-services {

telnet;

ssh;

}}

D.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

system-services {

ssh;

ping;

telnet;

}}

 

 

 

 

interfaces {

ge-0/0/3.0 {

host-inbound-traffic {

system-services {

ping;

}}}

ge-0/0/0.0;

}

 

Answer: D

 

 

QUESTION 230  (Topic 3)

 

Which two statements are true for both express antivirus and full file-based antivirus? (Choose two.)

 

A.

Signature updates of the pattern database are obtained from Symantec.

B.

Intelligent prescreening functionality is identical in both express antivirus and full antivirus.

C.

Both express antivirus and full file-based antivirus use the same scan engines.

D.

The database pattern server is available through both HTTP and HTTPS.

 

Answer: BD

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.