[Free] Download New Updated (February 2016) Juniper JN0-331 Practice Tests 21-30

Ensurepass

QUESTION 21

Which two configuration options must be present for IPv4 transit traffic to pass between the ge- 0/0/0.0 and ge-0/0/2.0 interfaces? (Choose two.)

 

A.

family inet

B.

a security zone

C.

a routing instance

D.

host-inbound-traffic

 

Correct Answer: AB

 

 

QUESTION 22

Which zone is a system-defined zone?

 

A.

null zone

B.

trust zone

C.

untrust zone

D.

management zone

 

Correct Answer: A

 

 

QUESTION 23

Which type of zone is used by traffic transiting the device?

 

A.

transit zone

B.

default zone

C.

security zone

D.

functional zone

 

Correct Answer: C

 

 

QUESTION 24

You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under which configuration hierarchy must you permit OSPF traffic?

 

A.

[edit security policies from-zone HR to-zone HR]

B.

[edit security zones functional-zone management protocols]

C.

[edit security zones protocol-zone HR host-inbound-traffic]

D.

[edit security zones security-zone HR host-inbound-traffic protocols]

 

Correct Answer: D

 

 

QUESTION 25

Which two steps are performed when configuring a zone? (Choose two.)

 

A.

Define a default policy for the zone.

B.

Assign logical interfaces to the zone.

C.

Assign physical interfaces to the zone.

D.

Define the zone as a security or functional zone.

 

Correct Answer: BD

 

 

QUESTION 26

You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address. Where do you configure this functionality?

 

A.

[edit interfaces]

B.

[edit security zones]

C.

[edit system services]

D.

[edit security interfaces]

 

Correct Answer: B

 

 

QUESTION 27

You want to create an out-of-band management zone and assign the ge-0/0/0.0 interface to that zone. From the [edit] hierarchy, which command do you use to configure this assignment?

 

A.

set security zones management interfaces ge-0/0/0.0

B.

set zones functional-zone management interfaces ge-0/0/0.0

C.

set security zones functional-zone management interfaces ge-0/0/0.0

D.

set security zones functional-zone out-of-band interfaces ge-0/0/0.0

 

Correct Answer: C

 

 

QUESTION 28

You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What is causing the problem?

 

A.

Telnet is not being permitted by self policy.

B.

Telnet is not being permitted by security policy.

C.

Telnet is not allowed because it is not considered secure.

D.

Telnet is not enabled as a host-inbound service on the zone.

 

Correct Answer: D

 

QUESTION 29

Click the Exhibit button. Referring to the exhibit, you are not able to telnet to 192.168.10.1 from client PC 192.168.10.10. What is causing the problem?

 

clip_image002

 

A.

Telnet is not being permitted by self policy.

B.

Telnet is not being permitted by security policy.

C.

Telnet is not allowed because it is not considered secure.

D.

Telnet is not enabled as a host-inbound service on the zone.

 

Correct Answer: D

 

 

QUESTION 30

Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?

 

clip_image004

 

A.

The untrust zone does not have a management policy configured.

B.

The trust zone does not have ping enabled as a host-inbound-traffic service.

C.

The security policy from the trust zone to the untrust zone does not permit ping.

D.

No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.

 

Correct Answer: C

 

Free VCE & PDF File for Juniper JN0-331 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-331 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.