You want to protect against attacks on interfaces in ZoneA. You create a Junos Screen option called noflood and commit the configuration. In the weeks that follow, the Screen does not appear to be working; whenever you enter the command show security screen statistics zone ZoneA, all counters show 0.
What would solve this problem?
A. user@host> clear security screen no-flood statistics
B. [edit security zones security-zone ZoneA]user@host# set screen no-flood
C. user@host> clear security screen statistics zone ZoneA
D. [edit security zones]user@host# set screen no-flood
While reviewing the logs on your SRX240 device, you notice SYN floods coming from multiple hosts out on the Internet.
Which Junos Screen option would protect against these denial-of-service (DoS) attacks?
A. [edit security screen] user@host# show ids-option no-flood { limit-session { destination-ip-based 150; } }
B. [edit security screen] user@host# show ids-option no-flood { tcp { syn-fin; } }
C. [edit security screen] user@host# show ids-option no-flood { limit-session { source-ip-based 150; } }
D. [edit security screen] user@host# show ids-option no-flood { icmp { flood threshold 10; } }
You need to implement Junos Screen options to protect traffic coming through the ge-0/0/0 and ge-0/0/1 interfaces which are located in the trust and DMZ zones, respectively.
Where would you enable the Junos Screen options?
A. in the trust and DMZ zone settings
B. on the ge-0/0/0 and ge-0/0/1 interfaces
C. in a security policy
D. in the global security zone settings
You need to apply the Junos Screen protect-zone to the public zone.
Which configuration meets this requirement?
A. [edit security zones security-zone public] user@host# show address-book { address host-1 192.168.1.1/32; } screen protect-zone; host-inbound-traffic { system-services { all; } } interfaces { ge-0/0/0.0; }
B. [edit security zones security-zone public] user@host# show address-book { address host-1 192.168.1.1/32; } host-inbound-traffic { screen protect-zone; system-services { all; } } interfaces { ge-0/0/0.0; }
C. [edit security zones security-zone public] user@host# show address-book { address host-1 192.168.1.1/32; } host-inbound-traffic { system-services { all; } } interfaces { ge-0/0/0.0; screen-protect-zone; }
D. [edit security zones security-zone public] user@host# show address-book { address host-1 192.168.1.1/32; } screen all; host-inbound-traffic { system-services {
all;
}
}
interfaces {
ge-0/0/0.0;
}
At which step in the packet flow are Junos Screen checks applied?
A. prior to the route lookup
B. prior to security policy processing
C. after ALG services are applied
D. after source NAT services are applied
Which three actions should be used when initially implementing Junos Screen options? (Choose three.)
A. Deploy Junos Screen options only in functional zones.
B. Deploy Junos Screen options only in vulnerable security zones.
C. Understand the behavior of legitimate applications.
D. Use the limit-session option.
E. Use the alarm-without-drop option.
Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)
A. The SYN cookie mechanism is stateless; therefore, the initial three-way handshake can complete before a session table entry is completed.
B. The SRX device will implement the SYN cookie mechanism on all connections once SYN cookies are enabled.
C. The SYN cookie mechanism uses a cryptographic hash, which can detect spoofed source addresses.
D. SYN cookie protection can stop UDP floods as well as TCP floods.
Which two settings in the options field of an IP header will Junos Screen options block? (Choose two.)
A. traceroute
B. record route option
C. timestamp option
D. MTU probe
You want to authenticate users accessing an internal FTP server using the SRX Series Services Gateway.
You also want to use an internal LDAP server as the authentication server.
What will satisfy this requirement?
A. a security policy with authentication redirection
B. pass-through firewall user authentication
C. captive portal
D. Web firewall user authentication
You want to enable local logging for security policies and have the log information stored in a separate file on a branch SRX Series device.
Which configuration will accomplish this task?
A. [edit system syslog] user@host# show file sec-pol-log { user info; }
B. [edit system syslog] user@host# show host 192.168.1.1 { user info; }
C. [edit system syslog] user@host# show file sec-pol-log { any any; }
D. [edit system syslog] user@host# show file sec-pol-log { security info; }
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.