[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 4, Volume D part 06

Ensurepass

QUESTION 351  (Topic 4)

 

You need to apply the Junos Screen protect-zone to the public zone.

 

Which configuration meets this requirement?

 

A.

[edit security zones security-zone public]

user@host# show

address-book {

address host-1 192.168.1.1/32;

}

screen protect-zone;

host-inbound-traffic {

system-services {

all;

}

}

interfaces {

ge-0/0/0.0;

}

B.

[edit security zones security-zone public]

user@host# show

address-book {

address host-1 192.168.1.1/32;

}

host-inbound-traffic {

screen protect-zone;

system-services {

all;

}

}

interfaces {

ge-0/0/0.0;

}

C.

[edit security zones security-zone public]

user@host# show

address-book {

address host-1 192.168.1.1/32;

}

host-inbound-traffic {

system-services {

all;

}

}

interfaces {

ge-0/0/0.0;

screen-protect-zone;

 

 

 

 

}

D.

[edit security zones security-zone public]

user@host# show

address-book {

address host-1 192.168.1.1/32;

}

screen all;

host-inbound-traffic {

system-services {

all;

}

}

interfaces {

ge-
0/0/0.0;

}

 

Answer: A

 

 

QUESTION 352  (Topic 4)

 – Exhibit ?

 

 

 

 

 

clip_image002

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, you are setting up the hub in a hub-and-spoke IPsec VPN. You have verified that all configured parameters are correct at all sites, but your IPsec VPN is not establishing to both sites.

 

Which configuration parameter is missing at the hub to complete the configuration?

 

A.

A different external-interface is needed for vpn1.

B.

A different st0 logical interface is needed for vpn2.

C.

Establish-tunnels immediately must be configured for vpn1.

D.

Multipoint needs to be configured under the st0.0 interface.

 

 

 

 

 

Answer: D

 

 

QUESTION 353  (Topic 4)

 

You are troubleshooting a security policy. The operational command show security flow session does not show any sessions for this policy.

 

Which statement is correct?

 

A.

Logging on session initialization has not been enabled in the policy.

B.

Logging on session closure has not been enabled in the policy.

C.

The traffic is not being matched by the policy.

D.

The security monitoring performance session command should be used to show sessions.

 

Answer: C

 

 

QUESTION 354  (Topic 4)

 – Exhibit —

 

[edit security nat source]

 

user@srx# show

 

pool A {

 

address {

 

172.16.52.94/32;

 

}

 

}

 

rule-set 1A {

 

from zone trust;

 

to zone untrust;

 

rule 1 {

 

 

 

 

match {

 

source-address 192.168.233.0/24;

 

}

 

then {

 

source-nat {

 

pool {

 

A;

 

}

 

}

 

}

 

}

 

}

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, which two statements are true? (Choose two.)

 

A.

PAT is enabled.

B.

PAT is disabled.

C.

Address persistence is enabled.

D.

Address persistence is disabled.

 

Answer: AD

 

 

QUESTION 355  (Topic 4)

 

Which three algorithms are used by an SRX Series device to validate the integrity of the data exchanged through an IPsec VPN? (Choose three.)

 

A.

3DES

B.

MD5

 

 

 

 

C.

NHTB

D.

SHA1

E.

SHA2

 

Answer: BDE

 

 

QUESTION 356  (Topic 4)

 

You are configuring source NAT.

 

Which three elements are used for matching the traffic direction in the from and to statements? (Choose three.)

 

A.

routing instance

B.

zone

C.

source address

D.

destination address

E.

interface

 

Answer: ABE

 

 

QUESTION 357  (Topic 4)

 – Exhibit —

 

security {

 

ike {

 

policy IKE-STANDARD {

 

mode aggressive;

 

proposal-set standard;

 

pre-shared-key ascii-text “XXXXXX”;

 

}

 

gateway GW-HUB {

 

ike-policy IKE-STANDARD;

 

 

 

 

dynamic hostname site1.company.com;

 

external-interface ge-0/0/0.0;

 

}

 

}

 

ipsec {

 

policy IPSEC-STANDARD {

 

proposal-set standard;

 

}

 

vpn VPN-HUB {

 

bind-interface st0.0;

 

ike {

 

gateway GW-HUB;

 

ipsec-policy IPSEC-STANDARD;

 

}

 

}

 

}

 

zones {

 

security-zone untrust {

 

host-inbound-traffic {

 

system-services {

 

ping;

 

ike;

 

}

 

}

 

interfaces {

 

ge-0/0/0.0;

 

 

 

 

}

 

}

 

security-zone trust {

 

system-services {

 

ping;

 

}

 

interfaces {

 

ge-0/0/1.0;

 

}

 

}

 

}

 

}

 – Exhibit —

 

Click the Exhibit button.

 

You are implementing a new route-based IPsec VPN on an SRX Series device and the tunnel will not establish.

 

What needs to be modified in the configuration shown in the exhibit?

 

A.

Change the bind-interface from st0.0 to ge-0/0/0.0.

B.

Add st0.0 to a security zone.

C.

Add esp under host-inbound-traffic on zone untrust.

D.

Add ike under host-inbound-traffic on zone trust.

 

Answer: B

 

 

QUESTION 358  (Topic 4)

 

You have just manually failed over Redundancy Group 0 on Node 0 to Node 1. You notice Node 0 is now in a secondary-hold state.

 

 

 

 

Which statement is correct?

 

A.

The previous primary node moves to the secondary-hold state because an issue occurred during failover. It stays in that state until the issue is resolved.

B.

The previous primary node moves to the secondary-hold state and stays there until manually reset, after which it moves to the secondary state.

C.

The previous primary node moves to the secondary-hold state and stays there until the hold-down interval expires, after which it moves to the secondary state.

D.

The previous primary node moves to the secondary-hold state and stays there until manually failed back to the primary node.

 

Answer: C

 

 

QUESTION 359  (Topic 4)

 

What are two predefined address-book entries? (Choose two.)

 

A.

all

B.

any-ipv6

C.

any-ipv4

D.

all-ipv4

 

Answer: BC

 

< span lang="EN-US" style="font-family: ; mso-font-kerning: 0pt; mso-no-proof: yes"> 

QUESTION 360  (Topic 4)

 

Which two statements are correct regarding the cluster ID? (Choose two.)

 

A.

You can have up to 15 unique cluster IDs on a single chassis cluster device.

B.

The cluster ID value of 0 indicates that this is the primary chassis cluster on this device.

C.

The cluster ID is used to calculate the reth interface’s virtual MAC addresses.

D.

You must reboot both nodes if you change the cluster ID value.

 

Answer: CD

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.