[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 5, Volume E part 01

Ensurepass

QUESTION 401  (Topic 5)

 

Which function does Diffie-Hellman exchange perform for IPsec VPN?

 

A.

It encrypts end-user traffic between the two VPN peers.

B.

It securely exchanges the pre-shared keys over the network.

C.

It negotiates IPsec Phase 2 parameters with the VPN peer

D.

It exchanges static routes with the VPN peer.

 

Answer: B

 

 

QUESTION 402  (Topic 5)

 

Which operational command produces the output shown in the exhibit?

 

clip_image002

 

A.

show security nat source rule

 

 

 

 

B.

show route forwarding-table

C.

show security nat source pool all

D.

show security nat source summary

 

Answer: D

 

 

QUESTION 403  (Topic 5)

 

Click the Exhibit button.

 

clip_image004

 

Which two statements are true about the output shown in the exhibit? (Choose two)

 

A.

The IKE protocol has been enabled as a system service for host inbound traffic.

B.

The session displayed represents traffic transiting an IPSec tunnel.

C.

The session displayed represents IPSec control traffic.

D.

A user has configured the self-traffic-policy to allow IKE traffic.

 

Answer: AC

 

 

QUESTION 404  (Topic 5)

 

Which SRX5400 component is responsible for forwarding a packet?

 

A.

IOC

B.

SPC

C.

RE

D.

SCB

 

Answer: A

 

 

 

 

 

QUESTION 405  (Topic 5)

 – Exhibit ?

 

clip_image006

 – Exhibit —

 

Click the Exhibit button.

 

Referring to the exhibit, with Node 0 as primary for Redundancy Group (RG) 1, which action will the Junos OS chassis cluster take if interface ge-1/0/0 goes down?

 

A.

RG 1 will remain primary on Node 0.

B.

RG 1 will become primary to Node 1.

C.

RG 1 will become disabled.

D.

RG 1 will remove the interface from the redundancy group.

 

Answer: A

 

 

QUESTION 406  (Topic 5)

 

 

 

Which two statements are true concerning policy-based IPsec VPNs on an SRX Series device? (Choose two)

 

A.

A new tunnel is set up for each flow of traffic that matches the policy.

B.

One tunnel is set up for all flows of traffic that match the policy.

C.

A new tunnel is set up before a flow of traffic matches the policy.

D.

A new tunnel is set up only when a flow of traffic matches the policy.

 

Answer: BD

 

 

QUESTION 407  (Topic 5)

 

Which screen drops packets with a protocol field value of 137 or greater?

 

A.

block-frag

B.

bad-option

C.

unknown-protocol

D.

security-option

 

Answer: C

 

 

QUESTION 408  (Topic 5)

 

You are asked to establish an IPsec VPN to a neighboring device
that receives its external IP address from a DHCP server.

 

Which feature must be used on an SRX Series device?

 

A.

Aggressive mode

B.

Transport mode

C.

Diffie-Hellman group 5

D.

Proxy ID

 

Answer: D

 

 

QUESTION 409  (Topic 5)

< font face="Arial"> 

 

 

 

You have a chassis cluster established between two SRX Series devices. You re monitoring the status of the cluster and notice that some redundancy groups show disabled.

 

What are two explanations for this behavior? (choose two)

 

A.

The fxp0 interface is down

B.

The fxp1 interface is down

C.

The fab interface is down

D.

The swfab interface is down.

 

Answer: BC

 

 

QUESTION 410  (Topic 5)

 

Which two statements are true about local host traffic on an SRX Series device? (Choose two)

 

A.

Outbound traffic sourced from an SRX Series device is always allowed by default.

B.

Routing protocol host inbound traffic is allowed by default.

C.

Routing protocol host inbound traffic is not allowed by default.

D.

Outbound traffic sourced from an SRX Series device must be configured under a zone ar interface.

 

Answer: AC

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.