[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 3, Volume C part 07

Ensurepass

QUESTION 261  (Topic 3)

 

What is the function of NAT?

 

A.

It performs Layer 3 routing.

B.

It evaluates and redirects matching traffic into secure tunnels.

C.

It provides translation between public and private IP addresses.

D.

It performs Layer 2 switching.

 

Answer: C

 

 

Explanation: Historically, the NAT concept was born because of the shortage of public IPv4 addresses. Many organizations moved to deploy so-called private addresses using the IPv4 private addressing space, as identified in RFC 1918. These addresses include the following ranges:

?10.0.0.0?0.255.255.255 (10.0.0.0/8 prefix);

?172.16.0.0?72.31.255.255 (172.16.0.0/12 prefix); and ?192.168.0.0?92.168.255.255 (192.168.0.0/16 prefix). Because private addresses are not routable within the public domain, edge network devices can deploy the NAT feature to replace private, nonroutable addresses with public addresses prior to sending traffic to the public network and vice versa. Translation consists of replacing the IP address (NAT), port numbers (PAT), or both, depending on the configuration.

While primarily deployed to translate private addresses to public addresses, NAT can translate from any address to any other address, including public to public and private to private addresses.

 

 

QUESTION 262  (Topic 3)

 

Regarding attacks, which statement is correct?

 

A.

Both DoS and propagation attacks exploit and take control of all unprotected network devices.

B.

Propagation attacks focus on suspicious packet formation using the DoS SYN-ACK- ACK proxy flood.

C.

DoS attacks are directed at the network protection devices, while propagation attacks are directed at th
e servers.

D.

DoS attacks are exploits in nature, while propagation attacks use trust relationships to take control of the devices.

 

Answer: D

 

 

 

 

 

QUESTION 263  (Topic 3)

 

Which statement is true regarding redundancy groups?

 

A.

The preempt option determines the primary and secondary roles for redundancy group 0 during a failure and recovery scenario.

B.

When priority settings are equal and the members participating in a cluster are initialized at the same time, the primary role for redundancy group 0 is assigned to node 1.

C.

The primary role can be shared for redundancy group 0 when the active-active option is enabled.

D.

Redundancy group 0 manages the control plane failover between the nodes of a cluster.

 

Answer: D

 

 

QUESTION 264  (Topic 3)

 

Regarding a route-based versus policy-based IPsec VPN, which statement is true?

 

A.

A route-based VPN generally uses less resources than a policy-based VPN.

B.

A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.

C.

A route-based VPN is better suited for dialup or remote access compared to a policy- based VPN.

D.

A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use a policy referencing the IPsec VPN.

 

Answer: A

 

 

QUESTION 265  (Topic 3)

 

You are not able to telnet to the interface IP address of your device from a PC on the same subnet.

 

What is causing the problem?

 

A.

Telnet is not being permitted by self policy.

B.

Telnet is not being permitted by security policy.

C.

Telnet is not allowed because it is not considered secure.

D.

Telnet is not enabled as a host-inbound service on the zone.

 

 

 

 

 

Answer: D

 

 

QUESTION 266  (Topic 3)

 

You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?

 

A.

You must enable SPC detect within the configuration.

B.

You must enable active-active failover for redundancy.

C.

You must ensure all SPCs use the same slot placement.

D.

You must configure auto-negotiation on the control ports of both devices.

 

Answer: C

 

 

QUESTION 267  (Topic 3)

 

Which attribute is required for all IKE phase 2 negotiations?

 

A.

proxy-ID

B.

preshared key

C.

Diffie-Hellman group key

D.

main or aggressive mode

 

Answer: A

 

 

QUESTION 268  (Topic 3)

 

What is the purpose of a zone in JUNOS Software?

 

A.

A zone defines a group of security devices with a common management.

B.

A zone defines the geographic region in which the security device is deployed.

C.

A zone defines a group of network segments with similar security requirements.

D.

A zone defines a group of network segments with similar class-of-service requirements.

 

Answer: C

 

 

 

 

 

QUESTION 269  (Topic 3)

 

Which branch SRX Series Services Gateway model has a hardware-based, modular Routing Engine?

 

A.

SRX1400

B.

SRX650

C.

SRX110

D.

SRX240

 

Answer: B

 

 

QUESTION 270  (Topic 3)

 

How does the antivirus feature operate once the antivirus license has expired?

 

A.

Any traffic matching a UTM policy will be dropped.

B.

Any traffic matching a UTM policy will be permitted.

C.

Any traffic matching a UTM policy will be correctly evaluated with the existing set of antivirus signatures.

D.

Any traffic matching a UTM policy will be permitted with a log message of no inspection.

 

Answer: C

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.