[Free] Download New Latest (November) Juniper JN0-332 Actual Tests Topic 5, Volume E part 02

Ensurepass

QUESTION 411  (Topic 5)

 

What does the set security screen ids-option protector icmp flood threshold 1500 command do?

 

A.

Once 1500 ICMP packets are received in a 10 second interval, it will ignore any additional ICMP traffic for the remainder of that interval and for the following 10 second interval.

B.

Once 1500 ICMP packets are received in a 10 second interval, it will ignore any additional ICMP traffic for the remainder of the 10 second interval.

C.

Once 1500 ICMP packets are received in a 1 second interval, it will start to monitor the offending source IP address.

D.

Once 1500 ICMP packets are received in a 1 second interval, it will ignore any additional

 

 

 

 < /font>

ICMP traffic for the remainder of that second and the following second.

 

Answer: D

 

 

QUESTION 412  (Topic 5)

 

You are creating a new security policy on your SRX Series device to control traffic entering a zone. What are three valid actions? (Choose three.)

 

A.

Reject

B.

Permit

C.

Discard

D.

Accept

E.

Deny

 

Answer: ABE

 

 

QUESTION 413  (Topic 5)

 

You are asked to control access through an SRX Series device by username, using integrated user firewall feature.

 

For non-domain users, which statement is correct?

 

A.

Redirect the user to an LDAP server for authentication.

B.

Configure a WMIC DCOM interface to the AD controller.

C.

Non-domain users cannot be filtered by username.

D.

Configure a captive portal to force firewall authentication.

 

Answer: D

 

 

QUESTION 414  (Topic 5)

 

You have implemented NAT on your SRX Series device. You now want to be notified if the configured NAT pool is nearing its maximum usage capacity.

 

Which two actions are required? (Choose two.)

 

 

 

 

 

A.

Enable SNMP.

B.

Enable the overflow pool tracking feature with the desired thresholds.

C.

Enable the pool utilization alarm feature with the desired thresholds.

D.

Enable RPM.

 

Answer: AC

 

 

QUESTION 415  (Topic 5)

 

Which two statements regarding screens on SRX Series devices are correct? (Choose two.)

 

A.

Reconnaissance screens associated with IP options are applicable to IPv4 and IPv6.

B.

Packets detected by one screen are not evaluated by subsequent screens.

C.

Packets detected by one screen are still evaluated by subsequent screens.

D.

Reconnaissance screens associated with IP options are applicable to IPv4 only.

 

Answer: BD

 

 

QUESTION 416  (Topic 5)

 

Which two statements are true regarding branch SRX Series devices? (Choose two)

 

A.

Branc
h SRX Series devices do not support MPLS.

B.

Branch SRX Series devices support MPLS.

C.

Branch SRX Series devices support packet-based and session-based forwarding simultaneously.

D.

Branch SRX Series devices do not support packet-based and session-based forwarding simultaneously.

 

Answer: BC

 

 

QUESTION 417  (Topic 5)

 

Which statement describes the function of screen options?

 

A.

Screen options encrypt transit traffic in a tunnel.

 

 

 

 

B.

Screen options protect against various attacks on traffic entering a security device.

C.

Screen options translate a private address to a public address.

D.

Screen options restrict or permit users individually or in a group.

 

Answer: B

 

 

QUESTION 418  (Topic 5)

 

Which two statements are true about route-based IPsec VPNs on an SRX Series device? (Choose two)

 

A.

Route-based VPNs must use IKE aggressive mode.

B.

New tunnels are generated with each new flow of traffic.

C.

An st0 interface must be bound to each VPN.

D.

A security policy must permit the traffic.

 

Answer: CD

 

 

QUESTION 419  (Topic 5)

 

What are two valid functions of the fabric interface in a chassis cluster? (Choose two)

 

A.

Synchronize configuration changes between Routing Engines.

B.

Send heartbeats between Routing Engines to verify availability.

C.

Pass inter node transit traffic in active/active topologies.

D.

Synchronize real-time objects (RTOs) between cluster members.

 

Answer: CD

 

 

QUESTION 420  (Topic 5)

 

A static NAT rule and a destination NAT rule both match the same traffic on an SRX Series device. How is the traffic processed?

 

A.

Only the static NAT rule is processed

B.

The traffic is dropped because of the NAT rule conflict

C.

The traffic is not translated because of the NAT rule conflict

 

 

 

 

D.

Only the destination NAT rule is processed

 

Answer: A

 

Free VCE & PDF File for Juniper JN0-332 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-332 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.