[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 4, Volume D part 03

Ensurepass

QUESTION 321  (Topic 4)

 – Exhibit ?

 

clip_image002

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, which statement is correct about the IPsec configuration?

 

 

 

 

 

A.

The IPsec tunnel endpoint does not have a static IP address.

B.

IKE Phase 2 is established immediately from the hub.

C.

Protocol AH is used with IKE Phase 2.

D.

IKE Phase 2 uses a standard proposal.

 

Answer: A

 

 

QUESTION 322  (Topic 4)

 

You want to protect against attacks on interfaces in ZoneA. You create a Junos Screen option called no-flood and commit the configuration. In the weeks that follow, the Screen does not appear to be working; whenever you enter the command show security screen statistics zone ZoneA, all counters show 0.

 

What would solve this problem?

 

A.

user@host> clear security screen no-flood statistics

B.

[edit security zones security-zone ZoneA]

user@host# set screen no-flood

C.

user@host> clear security screen statistics zone ZoneA

D.

[edit security zones]

user@host# set screen no-flood

 

Answer: B

 

 

QUESTION 323  (Topic 4)

 

You have implemented Integrated SurfControl Web filtering on an SRX Series device. You have also created a whitelist and a blacklist on the SRX device. One particular Web site is matching all three the whitelist, blacklist, and Surfcontrol policy.

 

Which statement is correct?

 

A.

Access is not allowed because the blacklist is processed first.

B.

Access is allowed because the whitelist is processed first.

C.

Access will be controlled by the SurfControl policy, because it is processed first.

D.

Access is based on the priority of each policy as defined in the fallback settings in the UTM policy.

 

 

 

 

 

Answer: A

 

 

QUESTION 324  (Topic 4)

 

When using chassis clustering, which action is taken by the Junos OS if the control link or the fabric link suffers a loss of keepalives or heartbeat messages?

 

A.

Both nodes become primary.

B.

Both nodes are placed in a disabled state.

C.

The secondary node is placed in a disabled state.

D.

The primary node fails over and is placed in a disabled state.

 

Answer: C

 

 

QUESTION 325  (Topic 4)

 – Exhibit —

 

[edit security nat source]

 

user@host# show

 

pool snat-pool {

 

address {

 

10.10.10.10/32;

 

10.10.10.11/32;

 

}

 

}

 

pool-utilization-alarm raise-threshold 50 clear-threshold 40;

 

rule-set user-nat {

 

from zone trust;

 

to zone untrust;

 

rule snat {

 

 

 

 

match {

 

source-address 0.0.0.0/0;

 

}

 

then {

 

source-nat {

 

pool {

 

snat-pool;

 

}

 

}

 

}

 

}

 

}

 – Exhibit —

 

Click the Exhibit button.

 

Your network management station has generated an alarm regarding NAT utilization based on an SNMP trap received from an SRX Series device.

 

Referring to the exhibit, which statement is correct about the alarm?

 

A.

The network management station will require manual intervention to clear the alarm.

B.

Once utilization is below 40 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

C.

Once utilization is below 50 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

D.

Once utilization is below 80 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.

 

Answer: B

 

 

QUESTION 326  (Topic 4)

 

 

 

 

What are two system-defined zones? (Choose two.)

 

A.

null zone

B.

system zone

C.

Junos host zone

D.

functional zone

 

Answer: AC

 

 

QUESTION 327  (Topic 4)

 

Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)

 

A.

The SYN cookie mechanism is stateless; therefore, the initial three-way handshake can complete before a session table entry is completed.

B.

The SRX device will implement the SYN cookie mechanism on all connections once SYN cookies are enabled.

C.

The SYN cookie mechanism uses a cryptographic hash, which can detect spoofed source addresses.

D.

SYN cookie protection can stop UDP floods as well as TCP floods.

 

Answer: AC

 

 

QUESTION 328  (Topic 4)

 

Which antivirus protection feature uses the first several packets of a file to determine if the file contains malicious code?

 

A.

express scanning

B.

intelligent prescreening

C.

full file-based

D.

Kaspersky

 

Answer: B

 

 

QUESTION 329  (Topic 4)

 

 

 

 

Which three Diffie-Hellman groups are supported during IKE Phase 1 by the Junos OS? (Choose three.)

 

A.

1

B.

2

C.

3

D.

4

E.

5

 

Answer: ABE

 

 

QUESTION 330  (Topic 4)

 

Which three UTM features require a license? (Choose three.)

 

A.

local list Web filtering

B.< /p>

express antivirus

C.

e-mail filtering

D.

antispam

E.

enhanced Web filtering

 

Answer: BDE

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.