[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 3, Volume C part 06

Ensurepass

QUESTION 251  (Topic 3)

 

Which two traffic types trigger pass-through firewall user authentication? (Choose two.)

 

A.

SSH

B.

ICMP

C.

Telnet

D.

FTP

 

Answer: CD

 

 

QUESTION 252  (Topic 3)

 

Which zone is a system-defined zone?

 

A.

null zone

B.

trust zone

C.

untrust zone

D.

management zone

 

Answer: A

 

 

QUESTION 253  (Topic 3)

 

Click the Exhibit button.

 

 

 

 

[edit security zones security-zone HR]

 

user@host# show

 

host-inbound-traffic {

 

system-services {

 

ping;

 

ssh;

 

https;

 

}}

 

interfaces {

 

ge-0/0/0.0;

 

ge-0/0/1.0 {

 

host-inbound-traffic {

 

system-services {

 

ping;

 

}}}

 

ge-0/0/2.0 {

 

host-inbound-traffic {

 

system-services {

 

ping;

 

ftp;

 

}}}

 

ge-0/0/3.0 {

 

host-inbound-traffic {

 

system-services {

 

all;

 

ssh {

 

 

 

 

except;

 

}}}

 

}}

 

All system services have been enabled.

 

Given the configuration shown in the exhibit, which interface allows both ping and SSH traffic?

 

A.

ge-0/0/0.0

B.

ge-0/0/1.0

C.

ge-0/0/2.0

D.

ge-0/0/3.0

 

Answer: A

 

 

QUESTION 254  (Topic 3)

 

Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?

 

A.

message 1 and 2

B.

message 3 and 4

C.

message 5 and 6

D.

message 7 and 8

 

Answer: A

 

 

QUESTION 255  (Topic 3)

 

Click the Exhibit button.

 

[edit schedulers]

 

user@host# show

 

scheduler now {

 

 

 

 

monday all-day;

 

tuesday exclude;

 

wednesday {

 

start-time 07:00:00 stop-time 18:00:00;

 

}

 

thursday {

 

start-time 07:00:00 stop-time 18:00:00;

 

}}

 

[edit security policies from-zone Private to-zone External]

 

user@host# show

 

policy allowTransit {

 

match {

 

source-address PrivateHosts;

 

destination-address ExtServers;

 

application ExtApps;

 

}

 

then {

 

permit {

 

tunnel {

 

ipsec-vpn myTunnel;

 

}}}

 

scheduler-name now;

 

}

 

Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?

 

A.

The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.

 

 

 

 

B.

The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.

C.

The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.

D.

The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.

 

Answer: C

 

 

QUESTION 256  (Topic 3)

 

Which three elements are contained in a session-close log message? (Choose three.)

 

A.

source IP address

B.

DSCP value

C.

number of packets transferred

D.

policy name

E.

MAC address

 

Answer: ACD

 

 

QUESTION 257  (Topic 3)

 

Which two statements regarding external authentication servers for firewall user authentication are true? (Choose two.)

 

A.

Up to three external authentication server types can be used simultaneously.

B.

Only one external authentication server type can be used simultaneously.

C.

If the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is not performed.

D.

If the local password database is not configured in the authentication order, and the configured authentication server rejects the authenticati
on request, authentication is not performed.

 

Answer: BD

 

 

 

 

 

QUESTION 258  (Topic 3)

 

Which statement is true about interface-based source NAT?

 

A.

PAT is a requirement.

B.

It requires you to configure address entries in the junos-nat zone.

C.

It requires you to configure address entries in the junos-global zone.

D.

The IP addresses being translated must be in the same subnet as the egress interface.

 

Answer: A

 

 

QUESTION 259  (Topic 3)

 

Which two commands can be used to monitor firewall user authentication? (Choose two.)

 

A.

show access firewall-authentication

B.

show security firewall-authentication users

C.

show security audit log

D.

show security firewall-authentication history

 

Answer: BD

 

 

QUESTION 260  (Topic 3)

 

Which statement is true about interfaces, zones, and routing-instance relationships?

 

A.

All interfaces in a zone must belong to the same routing instance.

B.

All interfaces in a routing instance must belong to the same zone.

C.

All interfaces in a zone must be in inet.0.

D.

Each interface in a VR must belong to a unique security zone.

 

Answer: A

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.