[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 4, Volume D part 04

Ensurepass

QUESTION 331  (Topic 4)

 – Exhibit ?

 

clip_image002

 – Exhibit —

 

Click the Exhibit button.

 

 

 

 

Server A is communicating with Server B directly over the Internet. The servers now must begin exchanging additional information through an unencrypted protocol. To protect this new data exchange, you want to establish a VPN tunnel between the two sites that will encrypt just the unencrypted data while leaving the existing communications directly over the Internet.

 

Which statement would achieve the desired results?

 

A.

Configure a route-based VPN and use filter-based forwarding to direct traffic into the VPN tunnel.

B.

Configure a route-based VPN tunnel with traffic engineering to direct traffic into the VPN tunnel.

C.

Configure a policy-based VPN with a security policy that matches the unencrypted traffic and directs it into the VPN tunnel.

D.

Configure a policy-based VPN tunnel and use filter-based forwarding to direct the unencrypted traffic into interface st0.0.

 

Answer: C

 

 

QUESTION 332  (Topic 4)

 

You are asked to implement the hashing algorithm that uses the most bits in the calculation on your Junos security device.

 

Which algorithm should you use?

 

A.

SHA-512

B.

SHA-256

C.

MD5-Plus

D.

MD5

 

Answer: B

 

 

QUESTION 333  (Topic 4)

 

You are asked to change the behavior of the system-default policy from the default setting on an SRX Series device.

 

 

 

 

What would be the result of this change?

 

A.

Traffic matching the default policy will be permitted.

B.

Traffic matching the default policy will be denied.

C.

Traffic matching the default policy will be rejected.

D.

Traffic matching the default policy will be queued.

 

Answer: A

 

 

QUESTION 334  (Topic 4)

 

You must create a security policy for a custom application that requires a longer session timeout than the default application offers.

 

Which two actions are valid? (Choose two.)

 

A.

Set the timeout value in the security forwarding-options section of the CLI.

B.

Set the timeout value for the application in the security zone configuration.

C.

Alter a built-in application and set the timeout value under the application-protocol section of the CLI.

D.

Create a custom application and set the timeout value under the application-protocol section of the CLI.

 

Answer: CD

 

 

QUESTION 335  (Topic 4)

 – Exhibit ?

 

 

 

 

 

clip_image004

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, which policy will allow traffic from Host 1, Host 2, and Host 3 to the Internet?

 

A.

[edit security policies]

user@host# show

global {

policy allow-internet {

match {

source-address [ host-1 host-2 host-3 ];

destination-address any;

application any;

}

then permit;

B.

[edit security policies]

user@host# show

from-zone all to-zone all {

policy allow-internet {

match {

source-address [ host-1 host-2 host-3 ];

destination-address any;

 

 

 

 

application any;

}

then permit;

C.

[edit security policies]

user@host# show

default {

policy allow-internet {

match {

source-address [ host-1 host-2 host-3 ];

destination-address any;

application any;

}

then permit;

D.

[edit security policies]

user@host# show

from-zone any to-zone any {

policy allow-internet {

match {

source-address [ host-1 host-2 host-3 ];

destination-address any;

application any;

}

then permit;

 

Answer: A

 

 

QUESTION 336  (Topic 4)

 

Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?

 

A.

[edit security nat source rule-set internal]

user@host# show

from zone trust;

to zone untrust;

rule internet-access {

match {

source-address 0.0.0.0/0;

}

then {

source-nat interface;

}

}

 

 

 

 

rule server-access {

match {

destination-address 10.10.10.0/24;

}

then {

source-nat off;

}

}

B.

[edit security nat source rule-set internal]

user@host# show

from zone trust;

to zone untrust;

rule internet-access {

match {

source-address 0.0.0.0/0;

}

then {

source-nat interface;

}

}

rule server-access {

match {

source-address 10.10.10.0/24;

}

then {

source-nat off;

}

}

C.

[edit security nat source rule-set internal]

user@host# show

from zone trust;

to zone untrust;

rule server-access {

match {

destination-address 10.10.10.0/24;

}

then {

source-nat off;

}

}

rule internet-access {

match {

source-address 0.0.0.0/0;

}

then {

source-nat interface;

 

 

 

 

}

}

D.

[edit security nat source rule-set internal]

user@host# show

from zone trust;

to zone untrust;

rule internet-access {

match {

source-address 0.0.0.0/0;

}

then {

accept;

}

}

rule server-access {

match {

destination-address 10.10.10.0/24;

}

then {

reject;

}

}

 < /font>

Answer: C

 

 

QUESTION 337  (Topic 4)

 

What are two functions of the junos-host zone? (Choose two.)

 

A.

storing global address book entries

B.

controlling self-generated traffic

C.

controlling host inbound traffic

D.

controlling global Junos Screen settings

 

Answer: BC

 

 

QUESTION 338  (Topic 4)

 

Which two are negotiated during Phase 2 of an IPsec VPN tunnel establishment? (Choose two.)

 

 

 

 

 

A.

security protocol

B.

VPN monitor interval

C.

UDP port number

D.

proxy IDs

 

Answer: AD

 

 

QUESTION 339  (Topic 4)

 – Exhibit —

 

[edit security policies from-zone untrust to-zone junos-host]

 

user@host# show

 

policy allow-management {

 

match {

 

source-address any;

 

destination-address any;

 

application any;

 

}

 

then {

 

permit;

 

}

 

}

 

[edit security zones security-zone untrust]

 

user@host# show

 

host-inbound-traffic {

 

protocols {

 

ospf;

 

}

 

 

 

 

}

 

interfaces {

 

ge-0/0/0.0;

 

}

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, you want to be able to manage your SRX Series device from the Internet using SSH. You have created a security policy to allow the traffic to flow into the SRX device.

 

Which additional configuration step is required?

 

A.

Define the junos-host zone and add the SSH service to it.

B.

Add the SSH service to the untrust zone.

C.

Define the junos-host zone, add the SSH service and the loopback interface to it.

D.

Rewrite the security policy to allow SSH traffic from the untrust zone to the global zone.

 

Answer: B

 

 

QUESTION 340  (Topic 4)

 

You need to build a scheduler to apply to a policy that will allow traffic from Monday to Friday only. What will accomplish this task?

 

A.

[edit schedulers]

user@host# show

scheduler no-weekends {

daily all-day;

sunday exclude;

saturday exclude;

}

B.

[edit schedulers]

user@host# show

scheduler no-weekends {

daily except weekends;

}

 

 

 

 

C.

[edit schedulers]

user@host# show

scheduler no-weekends {

daily;

sunday exclude;

saturday exclude;

}

D.

[edit schedulers]

user@host# show

scheduler no-weekends {

weekday all-day;

}

 

Answer: A

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.