Juniper Jncis Jsec Jn0 332

  • View
    227

  • Download
    2

Embed Size (px)

Text of Juniper Jncis Jsec Jn0 332

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    1/48

    1. [A] establishes an IPsec tunnel with [B]. The NAT device translates the IP address 1.1.1.1 to2.1.1.1.On which port is the IKE SA established?

    A. TCP 500

    B. UDP 500

    C. TCP 4500

    D. UDP 4500

    D. UDP 4500

    2. After applying the policy-rematch statement under the security policies stanza, what wouldhappen to an existing flow if the policy source address or the destination address i s changedand committed?

    A. The Junos OS drops any flow that does not match the source address or destinationaddress.

    B. All traffic is dropped.

    C. All existing sessions continue.

    D. The Junos OS does a policy re-evaluation.

    D. The Junos OS does apolicy re-evaluation.

    3. Antispam can be leveraged with which two features on a branch SRX Series device to providemaximum protection from malicious e-mail content? (Choose two.)

    A. integrated Web filtering

    B. full AV

    C. IPS

    D. local Web filtering

    B. full AV

    C. IPS

    4. Assume the default-policy has not been configured.Given the configuration shown in theexhibit, which two statements about traffic from host_a in the HR zone to host_b in the trustzone are true? (Choose two.)

    A. DNS traffic is denied.

    B. HTTP traffic is denied.

    C. FTP traffic is permitted.

    D. SMTP traffic is permitted.

    A. DNS traffic is denied.

    C. FTP traffic is permitted.

    5. At which two levels of the Junos CLI hierarchy is the host-inbound-traffic commandconfigured? (Choose two.)

    A. [edit security idp]

    B. [edit security zones security-zone trust interfaces ge-0/0/0.0]

    C. [edit security zones security-zone trust]

    D. [edit security screen]

    B. [edit security zonessecurity-zone trustinterfaces ge-0/0/0.0]

    C. [edit security zonessecurity-zone trust]

    Juniper JNCIS-JSEC JN0-332Study online at quizlet.com/_7n45z

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    2/48

    6. By default, how is tra ffic evaluated when the antivirus databaseupdate is in progress?

    A. Traffic is scanned against the old database.

    B. Traffic is scanned against the existing portion of the currently downloaded da tabase.

    C. All traffic that requires antivirus inspection is dropped and a logmessage generated displaying the traffic endpoints.

    D. All traffic that requires antivirus inspection is forwarded with noantivirus inspection and a log message generated displaying thetraffic endpoints.

    D. All traffic that requires antivirus inspection isforwarded with no antivirus inspection and a logmessage generated displaying the traffic endpoints.

    7. Content filtering enables traffic to be permitted or blocked based oninspection of which three types of content? (Choose three.)

    A. MIME pattern

    B. file extension

    C. IP spoofing

    D. POP3

    E. protocol command

    A. MIME pattern

    B. file extension

    E. protocol command

    8. For which network anomaly does Junos p rovide a SCREEN?

    A. a telnet to port 80

    B. a TCP packet with the SYN and ACK flags set

    C. an SNMP getnext request

    D. an ICMP packet larger than 1024 bytes

    D. an ICMP packet larger than 1 024 bytes

    9. Given the configuration shown in the exhibit, which configurationobject would be used to associate both Nancy and Walter withfirewall user authentication within a securi ty policy?

    A. ftp-group

    B. ftp-users

    C. firewall-user

    D. nancy and walter

    A. ftp-group

    10. Given the configuration shown in the exhibit, which protocol(s) areallowed to communicate with the device on ge-0/0/0.0?

    A. RIP

    B. OSPF

    C. BGP and RIP

    D. RIP and PIM

    A. RIP

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    3/48

    11. Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection toHostThese connections are the only communication between Host A and Host B. The security policy configuration permits both connections.How many sessions exist between Host A and Host B?

    A. 1

    B. 2

    C. 3

    D. 4

    B. 2

    12. How do you apply UTM enforcement to security policies on the branch SRX series?

    A. UTM profiles are applied on a security policy by policy basis.

    B. UTM profiles are applied at the global policy level.

    C. Individual UTM features like anti-spam or anti-virus are applied directly on a security

    policy by policy basis .

    D. Individual UTM features like anti-spam or anti-virus are applied directly at the globalpolicy level.

    A. UTM profiles are appliedon a security policy by policy

    basis .

    13. How many IDP policies can be active at one time on an SRX Series device by means of the setsecurity idp active-policy configuration statement?

    A. 1

    B. 2

    C. 4

    D. 8

    A. 1

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    4/48

    14. If both nodes in a chassis cluster ini tialize at different times, which configuration example willallow you to ensure that the node with the higher priori ty will become primary for your RGs otherthan RG0?

    A. [edit chassis cluster]user@host# show redundancy-group 1 {node 0 priority 200;

    node 1 priority 150;preempt;}

    B. [edit chassis cluster]user@host# show redundancy-group 1 {node 0 priority 200;node 1 priority 150;monitoring;}

    C. [edit chassis cluster]user@host# show redundancy-group 1 {node 0 priority 200;node 1 priority 150;control-link-recovery;}

    D. [edit chassis cluster]user@host# show redundancy-group 1 {node 0 priority 200;node 1 priority 150;strict-priority;}

    A. [edit chassiscluster]user@host# show redundancy-group 1 {node 0 priority 200;node 1 priority 150;preempt;}

    15. In a chassis cluster with two SRX 5800 devices, the interface ge-13/0/0 belongs to which device?

    A. This interface is a system-created interface.

    B. This interface belongs to node 0 of the cluster.

    C. This interface belongs to node 1 of the cluster.

    D. This interface will not exist because SRX 5800 devices have only 12 slots.

    C. This interface belongs to node 1 of the cluster.

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    5/48

    16. In the configuration shown in the exhibit, you decided to eliminate the junos-ftpapplication from the match condition of the policy MyTraffic.What will happen tothe existing FTP and BGPsessions?

    A. The existing FTP and BGP sessions will continue.

    B. The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.

    C. The existing FTP and BGP sessions will be re-evaluated and all sessions will bedropped.

    D. The existing FTP sessions will continue and only the existing BGP sessions will be dropped.

    B. The existing FTP and BGP sessions will be re-evaluated and only FTPsessions will be dropped.

    17. In the exhibit, a new policy named DenyTelnet was created. You notice that Telnettraffic i s sti ll allowed.

    Which statement will allow you to rearrange the policies for the DenyTelnet policy to be evaluated before your Allow policy?

    A. insert security policies from-zone A to-zone B policy DenyTelnet before policy Allow

    B. set security policies from-zone B to-zone A policy DenyTelnet before policy Allow

    C. insert securi ty policies from-zone A to-zone B policy DenyTelnet after policy Allow

    D. set security policies from-zone B to-zone A policy Allow after policy DenyTelnet

    A. insert security policies from-zone A to-zone B policy DenyTelnet beforepolicy Allow

    18. In the exhibit, what is the function of the configuration statements?

    A. This section is where you define all chassi s clustering configuration.

    B. This configuration is required for members of a chassis cluster to talk to eachother.

    C. You can apply this configuration in the chassis cluster to make configurationeasier.

    D. This section is where unique node configuration is applied.

    D. This section is where unique nodeconfiguration is applied.

    19. In the exhibit, you decided to change myHosts addresses.What will happen to thenew sessions matching the policy and in-progress sessions that had already matched the policy?

    A. New sessions will be evaluated. In-progress sessions will be re-evaluated.

    B. New sessions will be evaluated. All in-progress sessions will continue.

    C. New sessions will be evaluated. All in-progress sessions will be dropped.

    D. New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

    A. New sessions wil l be evaluated. In-progress sessions will be re-evaluated.

  • 8/10/2019 Juniper Jncis Jsec Jn0 332

    6/48

    20. In the Junos OS, which statement is true?

    A. vlan.0 belongs to the untrust zone.

    B. You must configure Web authentication to allow inbound traffic in the untrust zone.

    C. The zone name "untrust" has no special meaning.

    D. The untrust zone is not configurable.

    C. Thezone nam"untrust"has nospecialmeaning.

    21. Interface ge-0/0/2.0 of your device is attached to the Internet and i s configured with an IP address andnetwork mask of 71.33.252.17/24. A Web server with IP address 10.20.20.1 is running an HTTP service onTCP port 8080. The Web server is a ttached to the ge-0/0/0.0 interface of your device. You must use NAT tomake the Web server reachable from the Internet using port translation.Which type of NAT must youconfigure?

    A. source NAT with address shifting

    B. pool-based source NAT

    C. static destination NAT

    D. pool-based destination NAT

    D. pool- baseddestinationNAT

    22. An IPsec tunnel is established on