1. Home
  2. Juniper
  3. JN0-332

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Exam Details

  • Exam Code
    :JN0-332
  • Exam Name
    :Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :519 Q&As
  • Last Updated
    :Jun 06, 2025

Juniper Juniper Certifications JN0-332 Questions & Answers

  • Question 181:

    Which three algorithms are used by an SRX Series device to validate the integrity of the data exchanged through an IPsec VPN? (Choose three.)

    A. 3DES

    B. MD5

    C. NHTB

    D. SHA1

    E. SHA2

  • Question 182:

    What are two valid symmetric encryption key types? (Choose two.)

    A. DES

    B. RSA

    C. AES

    D. DSA

  • Question 183:

    Which two actions occur during IKE Phase 1? (Choose two.)

    A. A secure channel is established between two peers.

    B. The proxy ID is used to identify which security association is referenced for the VPN.

    C. The Diffie-Hellman key exchange algorithm establishes a shared key for encryption.

    D. The security association is identified by a unique security parameter index value.

  • Question 184:

    Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?

    A. [edit security nat source rule-set internal] user@host# show from zone trust; to zone untrust; rule internet-access {

    match {

    source-address 0.0.0.0/0;

    }

    then {

    source-nat interface;

    }

    }

    rule server-access {

    match {

    destination-address 10.10.10.0/24;

    }

    then {

    source-nat off;

    }

    }

    B. [edit security nat source rule-set internal] user@host# show from zone trust; to zone untrust; rule internet-access { match { source-address 0.0.0.0/0; } then { source-nat interface; } } rule server-access { match { source-address 10.10.10.0/24; } then { source-nat off; } }

    C. [edit security nat source rule-set internal] user@host# show from zone trust; to zone untrust; rule server-access { match { destination-address 10.10.10.0/24; } then { source-nat off; } } rule internet-access { match { source-address 0.0.0.0/0; } then { source-nat interface; } }

    D. [edit security nat source rule-set internal] user@host# show from zone trust; to zone untrust; rule internet-access { match { source-address 0.0.0.0/0; } then {

    accept;

    }

    }

    rule server-access {

    match {

    destination-address 10.10.10.0/24;

    }

    then {

    reject;

    }

    }

  • Question 185:

    You have just changed a NAT rule and committed the change. Which statement is true?

    A. Affected sessions remain active and are not updated until the sessions restart.

    B. Affected sessions are torn down and are re-initiated as soon as the SRX device receives matching traffic.

    C. Affected sessions are torn down and are immediately re-initiated.

    D. Affected sessions are dynamically updated with the configuration change.

  • Question 186:

    You have just configured source NAT with a pool of addresses within the same subnet as the egress interface.

    What else must be configured to make the addresses in the pool usable?

    A. static NAT

    B. destination NAT

    C. address persistence

    D. proxy ARP

  • Question 187:

    You are configuring source NAT.

    Which three elements are used for matching the traffic direction in the from and to statements? (Choose three.)

    A. routing instance

    B. zone

    C. source address

    D. destination address

    E. interface

  • Question 188:

    During packet flow on an SRX Series device, which two processes occur before route lookup? (Choose two.)

    A. static NAT

    B. destination NAT

    C. source NAT

    D. reverse static NAT

  • Question 189:

    Which Junos NAT implementation requires the use of proxy ARP?

    A. destination NAT using a pool outside the IP network of the device's interface

    B. source NAT using the device's egress interface

    C. source NAT using a pool in the same IP network as the device's interface

    D. source NAT using a pool outside the IP network of the device's interface

  • Question 190:

    While reviewing the logs on your SRX240 device, you notice SYN floods coming from a host out on the Internet towards several hosts on your trusted network.

    Which Junos Screen option would protect against these denial-of-service (DoS) attacks?

    A. [edit security screen] user@host# show ids-option no-flood { limit-session { destination-ip-based 150; } }

    B. [edit security screen] user@host# show ids-option no-flood { tcp { syn-fin; } }

    C. [edit security screen] user@host# show ids-option no-flood { limit-session { source-ip-based 150; } }

    D. [edit security screen] user@host# show ids-option no-flood { icmp { flood threshold 10; } }

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.