Juniper JNCIS JN0-332 Questions & Answers

• Question 1:

  Which two statements are true regarding security zones on an SRX Series device? (Choose two.)

  A. A routing instance can contain multiple zones.

  B. A zone can contain multiple interfaces.

  C. An interface can span multiple zones.

  D. A zone can span multiple routing instances.

  Correct Answer: AB

• Question 2:

  You want to use NAT to translate source addresses using an address pool on the same subnet as the ingress interface. Which action on the SRX Series device would return traffic to the appropriate host?

  A. Enable interface-based NAT.

  B. Disable port translation.

  C. Configure proxy ARP.

  D. Configure address persistence.

  Correct Answer: C

• Question 3:

  YouaretroubleshootinganIPsecVPNonanSRXSeriesdevice.Youdeterminethatphase 1 is establishingsuccessfully, butphase2isfailing. Whichconfigurationsettingshouldyouverifyiscorrect?

  A. preshared key

  B. digital certificate

  C. proxy ID

  D. Diffie-Hellmangroup

  Correct Answer: C

• Question 4:

  Which statement describes the function of NAT?

  A. NAT encrypts transit traffic in a tunnel.

  B. NAT detects various attacks on traffic entering a security device.

  C. NAT translates a public address to a private address.

  D. NAT restricts or permits users individually or in a group.

  Correct Answer: C

• Question 5:

  Which three features on an SRX Series device, when configured, are analyzed on every packet in session-based mode? (Choose three.)

  A. security policy

  B. screen

  C. ALG

  D. route

  E. UTM

  Correct Answer: BCE

• Question 6:

  Which two statements are true about address books on an SRX Series device? (Choose two.)

  A. IPv6 addresses are supported with packet-based mode only.

  B. DNS addresses are supported.

  C. DNS addresses are not supported.

  D. IPv6 addresses are supported with inet6 flow-based mode only.

  Correct Answer: BD

• Question 7:

  Click the Exhibit button.

  

  Referring to the exhibit, which security policy configuration change must be made to allow FTP traffic to server l92.l68.l.50 from user1?

  A. Change policy 2 to match on source-address user1.

  B. Change policy l to match on source-address user1.

  C. Change policy 2 to match on destination-address l92.l68.l.50/32.

  D. Change policy l to match on destination-address l92.l68.l.50/32.

  Correct Answer: BD

• Question 8:

  Click the Exhibit button.

  

  Hosts are attempting to communicate with the Web server. However, the traffic is failing to reach the Web server. Referring to the exhibit, which two actions would you take to resolve the problem? (Choose two.)

  A. Insert the global-based policy before the zone-based policy.

  B. Remove the zone-based policy.

  C. Change the zone-based policy's action to permit.

  D. Change the application in the global-based policy to junos-http.

  Correct Answer: BC

• Question 9:

  Which three statements describe a redundancy group (RG) on an SRX Series device? (Choose three.)

  A. An RG is an abstract construct that includes and manages a collection of objects.

  B. When an RG fails over, the backup node reboots.

  C. Each RG is independent of other RGs.

  D. An RG can contain objects on both nodes of a cluster.

  E. RGs are assigned values that range from 0 to 720.

  Correct Answer: ACD

• Question 10:

  Which two statements are true for an active/active high availability configuration? (Choose two.)

  A. All configured interfaces are active on each node and processing traffic.

  B. The Routing Engines on the nodes work in a master/backup scenario and the master will determine which of the nodes the traffic will egress.

  C. The Routing Engines on both nodes are processing their own sessions and will send traffic managed by the other Routing Engine to that node through the data link.

  D. Interfaces work in an active/passive fashion and sessions are processed accordingly.

  Correct Answer: AC