[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 3, Volume C part 04

Ensurepass

QUESTION 231  (Topic 3)

 

Which two firewall user authentication objects can be referenced in a security policy?

 

(Choose two.)

 

A.

access profile

B.

client group

C.

client

D.

default profile

 

Answer: BC

 

 

QUESTION 232  (Topic 3)

 

 

 

 

Regarding secure tunnel (st) interfaces, which statement is true?

 

A.

You cannot assign st interfaces to a security zone.

B.

You cannot apply static NAT on an st interface logical unit.

C.

st interfaces are optional when configuring a route-based VPN.

D.

A static route can reference the st interface logical unit as the next-hop.

 

Answer: D

 

 

QUESTION 233  (Topic 3)

 

Click the Exhibit button.

 

[edit schedulers]

 

user@host# show

 

scheduler now {

 

monday all-day;

 

tuesday exclude;

 

wednesday {

 

start-time 07:00:00 stop-time 18:00:00;

 

}

 

thursday {

 

start-time 07:00:00 stop-time 18:00:00;

 

}}

 

[edit security policies from-zone Private to-zone External]

 

user@host# show

 

policy allowTransit {

 

match {

 

source-address PrivateHosts;

 

destination-address ExtServers;

 

 

 

 

application ExtApps;

 

}

 

then {

 

permit {

 

tunnel {

 

ipsec-vpn myTunnel;

 

}}}

 

scheduler-name now;

 

Based on the configuration shown in the exhibit, what are the actions of the security policy?

 

A.

The policy will always permit transit packets and use the IPsec VPN myTunnel.

B.

The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.

C.

The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.

D.

The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.

 

Answer: C

 

 

QUESTION 234  (Topic 3)

 

Which statement regarding the implementation of an IDP policy template is true?

 

A.

IDP policy templates are automatically installed as the active IDP policy.

B.

IDP policy templates are enabled using a commit script.

C.

IDP policy templates can be downloaded without an IDP license.

D.

IDP policy templates are included in the factory-default configuration.

 

Answer: B

 

 

QUESTION 235  (Topic 3)

 

Click the Exhibit button.

 

 

 

 

 

clip_image002

 

Which type of source NAT is configured in the exhibit?

 

A.

interface-based source NAT

B.

static source NAT

C.

pool-based source NAT with PAT

D.

pool-based source NAT without PAT

 

Answer: A

 

 

QUESTION 236  (Topic 3)

 

For IKE phase 1 negotiations, when is aggressive mode typically used?

 

A.

when one of the tunnel peers has a dynamic IP address

B.

when one of the tunnel peers wants to force main mode to be used

C.

when fragmentation of the IKE packet is required between the two peers

D.

when one of the tunnel peers wants to specify a different phase 1 proposal

 

Answer: A

 

 

QUESTION 237  (Topic 3)

 

Click the Exhibit button.

 

[edit security policies from-zone HR to-zone trust]

 

user@host# show

 

policy two {

 

 

 

 

match {

 

source-address subnet_a;

 

destination-address host_b;

 

application [ junos-telnet junos-ping ];

 

}

 

then {

 

reject;

 

}} policy one {

 

match {

 

source-address host_a;

 

destination-address subnet_b;

 

application any;

 

}

 

then {

 

permit;

 

}}

 

host_a is in subnet_a and host_b is in subnet_b.

 

Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?

 

A.

DNS traffic is denied.

B.

Telnet traffic is denied.

C.

SMTP traffic is denied.

D.

Ping traffic is permitted.

 

Answer: B

 

 

QUESTION 238  (Topic 3)

 

 

 

 

In JUNOS Software, which three packet elements can be inspected to determine if a session already exists? (Choose three.)

 

A.

IP protocol

B.

IP time-to-live

C.

source and destination IP address

D.

source and destination MAC address

E.

source and destination TCP/UDP port

 

Answer: ACE

 

 

QUESTION 239  (Topic 3)

 

Which configuration must be completed to use both packet-based and session-based forwarding on a branch SRX Series Services Gateway?

 

A.

A stateless firewall filter must be used on the ingress interface to match traffic to be processed as session based.

B.

A security policy rule must be used on the ingress interface to match traffic to be processed as session based.

C.

A global security policy rule must be used on the ingress interface to match traffic to be processed as packet based.

D.

A stateless firewall filter must be used on the ingress interface to match traffic to be processed as packet based.

 

Answer: D

 

 

QUESTION 240  (Topic 3)

 

What is a redundancy group in JUNOS Software?

 

A.

a set of chassis clusters that fail over as a group

B.

a set of devices that participate in a chassis cluster

C.

a set of VRRP neighbors that fail over as a group

D.

a set of chassis cluster objects that fail over as a group

 

Answer: D

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.