[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 4, Volume D part 02

Ensurepass

QUESTION 311  (Topic 4)

 

Which two statements are true when configuring security zones? (Choose two.)

 

A.

You can assign one or more logical interfaces to a zone.

B.

You can assign a logical interface to multiple zones.

C.

You can assign one or more logical interfaces to a routing instance.

D.

You can assign a logical interface to multiple routing instances.

 

Answer: AC

 

 

QUESTION 312  (Topic 4)

 

Which two settings in the options field of an IP header will Junos Screen options block? (Choose two.)

 

A.

traceroute

B.

record route option

C.

timestamp option

D.

MTU probe

 

Answer: BC

 

 

&n
bsp;

 

 

QUESTION 313  (Topic 4)

 

You have just configured source NAT with a pool of addresses within the same subnet as the egress interface.

 

What else must be configured to make the addresses in the pool usable?

 

A.

static NAT

B.

destination NAT

C.

address persistence

D.

proxy ARP

 

Answer: D

 

 

QUESTION 314  (Topic 4)

 

You are deploying a branch site which connects to two hub locations over an IPsec VPN. The branch SRX Series device should send all traffic to the first hub unless it is unreachable and should then direct traffic to the second hub. You must use static routes to send traffic towards the hub site.

 

Which two technologies should you use to fail over from a primary to a secondary tunnel in less than 60 seconds? (Choose two.)

 

A.

dead peer detection

B.

VPN monitoring

C.

floating static routes

D.

IP monitoring

 

Answer: BD

 

 

QUESTION 315  (Topic 4)

 

You are asked to establish an IPsec VPN to a remote device whose IP address is dynamically assigned by the ISP.

 

 

 

 

Which IKE Phase 1 mode must you use?

 

A.

passive

B.

aggressive

C.

main

D.

quick

 

Answer: B

 

 

QUESTION 316  (Topic 4)

 

You have deployed enhanced Web filtering on an SRX Series device. A user requests a URL that is not in the URL filtering cache.

 

What happens?

 

A.

The request is permitted immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests.

B.

Th
e request is blocked immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests.

C.

The SRX device requests the category from the configured server. Once the response is received, the SRX device processes the request against the policy based on the information received and caches the response.

D.

The SRX device will either permit or deny the request immediately depending on the configuration in the UTM policy. The SRX device then requests the category from the central server and caches the response for use with subsequent requests.

 

Answer: C

 

 

QUESTION 317  (Topic 4)

 – Exhibit ?

 

 

 

 

 

clip_image002

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, which three statements are correct? (Choose three.)

 

A.

Source NAT is configured.

B.

Address shifting is configured.

C.

Interface-based NAT is configured.

D.

Pool-based NAT is configured.

 

 

 

 

E.

IPv6 is configured to bypass NAT.

 

Answer: ACE

 

 

QUESTION 318  (Topic 4)

 

While reviewing the logs on your SRX240 device, you notice SYN floods coming from multiple hosts out on the Internet.

 

Which Junos Screen option would protect against these denial-of-service (DoS) attacks?

 

A.

[edit security screen]

user@host# show

ids-option no-flood {

limit-session {

destination-ip-based 150;

}

}

B.

[edit security screen]

user@host# show

ids-option no-flood {

tcp {

syn-fin;

}

}

C.

[edit security screen]

user@host# show

ids-option no-flood {

limit-session {

source-ip-based 150;

}

}

D.

[edit security screen]

user@host# show

ids-option no-flood {

icmp {

flood threshold 10;

}

}

 

Answer: A

 

 

 

 

 

QUESTION 319  (Topic 4)

 – Exhibit —

 

user@host> show security ike security-associations 1.1.1.2

 

Index Remote Address State Initiator cookie Responder cookie Mode

 

8 1.1.1.2 UP 3a895f8a9f620198 9040753e66d700bb Main

 

user@host> show security ipsec security-associations

 

Total active tunnels: 0

 

user@host> show route

 

inet.0: 7 destinations, 7 routes (6 active, 0 holddown, 1 hidden)

 

+ = Active Route, – = Last Active, * = Both

 

0.0.0.0/0 *[Static/5] 00:00:25

 

> to 2.2.2.1 via ge-0/0/0.0

 

2.2.2.0/24 *[Direct/0] 00:00:25

 

> via ge-0/0/0.0

 

2.2.2.2/32 *[Local/0] 00:00:25

 

Local via ge-0/0/0.0

 

10.1.1.0/30 *[Direct/0] 00:06:06

 

> via st0.0

 

10.1.1.1/32 *[Local/0] 00:06:06

 

Local via st0.0

 

10.12.1.0/24 *[Direct/0] 00:06:06

 

> via ge-0/0/1.0

 

10.12.1.1/32 *[Local/0] 00:06:06

 

Local via ge-0/0/1.0

 

10.128.64.0/24 *[Static/5] 00:00:25

 

 

 

 

> to 2.2.2.1 via ge-0/0/0.0

 

user@host> show security policies

 

Default policy: deny-all

 

From zone: trust, To zone: vpn

 

Policy: permit-all, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1

 

Source addresses: any

 

Destination addresses: any

 

Applications: any

 

Action: permit

 – Exhibit —

 

Click the Exhibit button.

 

You have created an IPsec VPN on an SRX Series device. You believe the tunnel is configured correctly, but traffic from a host with the IP address of 10.12.1.10 cannot reach a remote device over the tunnel with an IP address of 10.128.64.132. The ge-0/0/1.0 interface is in the trust zone and the st0.0 interface is in the vpn zone. The output of four show commands is shown in the exhibit.

 

What is the configuration problem with the tunnel?

 

A.

Only one IKE tunnel exists so there is no path for return IKE traffic. You need to allow IKE inbound on interface ge-0/0/0.0.

B.

Because there are no IPsec security associations, the problem is in the IPsec proposal settings.

C.

The static route created to reach the remote host is incorrect.

D.

The VPN settings are correct, the traffic is being blocked by a security policy.

 

Answer: C

 

 

QUESTION 320  (Topic 4)

 – Exhibit ?

 

 

 

 

 

clip_image004

 – Exhibit —

 

 

 

 

Click the Exhibit button.

 

Referring to the exhibit, which two services are allowed on the ge-0/0/2.0 interface? (Choose two.)

 

A.

Ping

B.

DNS

C.

Telnet

D.

SSH

 

Answer: BC

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.