[Free] Download New Updated (February 2016) Juniper JN0-331 Practice Tests 71-80

Ensurepass

QUESTION 71

Which two statements about static NAT are true? (Choose two.)

 

A.

Static NAT can only be used with destination NAT.

B.

Static NAT rules take precedence over overlapping dynamic NAT rules.

C.

Dynamic NAT rules take precedence over overlapping static NAT rules.

D.

A reverse mapping is automatically created.

 

Correct Answer: BD

 

 

QUESTION 72

Which statement is true about source NAT?

 

A.

Source NAT works only with source pools.

B.

Destination NAT is required to translate the reply traffic.

C.

Source NAT does not require a security policy to function.

D.

The egress interface IP address can be used for source NAT.

 

Correct Answer: D

 

 

QUESTION 73

Which two statements are true about overflow pools? (Choose two.)

 

A.

Overflow pools do not support PAT.

B.

Overflow pools can not use the egress interface IP address for NAT.

C.

Overflow pools must use PAT.

D.

Overflow pools can contain the egress interface IP address or separate IP addresses.

 

Correct Answer: CD

 

 

QUESTION 74

Which statement is true regarding proxy ARP?

 

A.

Proxy ARP is enabled by default on stand-alone JUNOS security devices.

B.

Proxy ARP is enabled by default on chassis clusters.

C.

JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.

D.

JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled.

 

Correct Answer: D

 

 

 

QUESTION 75

Which configuration shows a pool-based source NAT without PAT’?

 

A.

[edit security nat source]

user@host# show

pool A {

address { 207.17.137.1/32 to 207.17.137.254/32;

}}

rule-set 1A {

from zone trust;

to zone untrust;

rule 1 {

match {

source-address 10.1.10.0/24;

}

then {

source-nat pool A;

port no-translation;

}}

}

B.

[edit security nat source]

user@host# show

pool A {

address { 207.17.137.1/32 to 207.17.137.254/32;

}

overflow-pool interface;

}

rule-set 1A {

from zone trust;

to zone untrust;

rule 1 {

match {

source-address 10.1.10.0/24;

}

then {

source-nat pool A;

port no-translation;

}}}

C.

[edit security nat source]

user@host# show

pool A {

address {207.17.137.1/32 to 207.17.137.254/32;

}

port no-translation;

}

rule-set 1A {

from zone trust;

to zone untrust;

rule 1 {

match {

source-address 10.1.10.0/24;

}

then {

source-nat pool A;

}}}

D.

[edit security nat source]

user@host# show

pool A {

address {207.17.137.1/32 to 207.17.137.254/32;

}

overflow-pool interface;

}

rule-set 1A {

from zone trust;

to zone untrust;

rule 1 {

match {

source-address 10.1.10.0/24;

}

then {

source-nat pool A;

}}}

 

Correct Answer: C

 

 

QUESTION 76

Click the Exhibit button.

 

[edit security nat source]

user@host# show

rule-set 1 {

from interface ge-0/0/2.0;

to zone untrust;

rule 1A {

match {

destination-address 1.1.70.0/24;

}

then {

source-nat interface;

}}}

 

Which type of source NAT is configured in the exhibit?

 

A.

interface-based source NAT

B.

static source NAT

C.

pool-based source NAT with PAT

D.

pool-based source NAT without PAT

 

Correct Answer: A

 

 

QUESTION 77

Click the Exhibit button.

 

[edit security nat destination]

user@host# show

pool A {

address 10.1.10.5/32;

}

rule-set 1 {

from zone untrust;

rule 1A {

match {

destination-address 100.0.0.1/32;

}

then {

destination-nat pool A;

}}}

 

Which type of source NAT is configured in the exhibit?

 

A.

static destination NAT

B.

static source NAT

C.

pool-based destination NAT without PAT


D.

pool-based destination NAT with PAT

 

Correct Answer: C

 

 

QUESTION 78

Which statement is true about a NAT rule action of off?

 

A.

The NAT action of off is only supported for destination NAT rule-sets.

B.

The NAT action of off is only supported for source NAT rule-sets.

C.

The NAT action of off is useful for detailed control of NAT.

D.

The NAT action of off is useful for
disabling NAT when a pool is exhausted.

 

Correct Answer: C

 

 

QUESTION 79

You are creating a destination NAT rule-set. Which two are valid for use with the from clause? (Choose two.)

 

A.

security policy

B.

interface

C.

routing-instance

D.

IP address

 

Correct Answer: BC

 

 

QUESTION 80

Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP? (Choose three.)

 

A.

data integrity

B.

data confidentiality

C.

data authentication

D.

outer IP header confidentiality

E.

outer IP header authentication

 

Correct Answer: ABC

 

Free VCE & PDF File for Juniper JN0-331 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-331 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.