You are troubleshooting a security policy. The operational command show security flow session does not show any sessions for this policy.
Which statement is correct?
A. Logging on session initialization has not been enabled in the policy.
B. Logging on session closure has not been enabled in the policy.
C. The traffic is not being matched by the policy.
D. The security monitoring performance session command should be used to show sessions.
You have just added the policy deny-host-a to prevent traffic from Host A that was previously allowed by the policy permit-all. After committing the changes, you notice that all traffic, including traffic from Host A, is still allowed.
Which configuration statement will prevent traffic from Host A, while still allowing other hosts to send traffic?
A. activate security policies from-zone trust to-zone untrust policy deny-host-a
B. deactivate security policies from-zone trust to-zone untrust policy permit-all
C. delete security policies from-zone trust to-zone untrust policy permit-all
D. insert security policies from-zone trust to-zone untrust policy deny-host-a before policy permit-all
You are asked to change the behavior of the system-default policy from the default setting on an SRX Series device.
What would be the result of this change?
A. Traffic matching the default policy will be permitted.
B. Traffic matching the default policy will be denied.
C. Traffic matching the default policy will be rejected.
D. Traffic matching the default policy will be queued.
You want to silently drop HTTP traffic.
Which action will accomplish this task?
A. [edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show match { source-address any; destination-address any; application junos-http; } then { deny; }
B. [edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show match { source-address any; destination-address any; application junos-http; } then { reject; }
C. [edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show match { source-address any; destination-address any; application junos-http; } then { block; }
D. [edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show match { source-address any; destination-address any; application junos-http; } then { terminate; }
You need to build a scheduler to apply to a policy that will allow traffic from Monday to Friday only.
What will accomplish this task?
A. [edit schedulers] user@host# show scheduler no-weekends { daily all-day; sunday exclude; saturday exclude; }
B. [edit schedulers] user@host# show scheduler no-weekends { daily except weekends; }
C. [edit schedulers] user@host# show scheduler no-weekends { daily; sunday exclude; saturday exclude; }
D. [edit schedulers] user@host# show scheduler no-weekends { weekday all-day; }
You must create a security policy for a custom application that requires a longer session timeout than the default application offers.
Which two actions are valid? (Choose two.)
A. Set the timeout value in the security forwarding-options section of the CLI.
B. Set the timeout value for the application in the security zone configuration.
C. Alter a built-in application and set the timeout value under the application-protocol section of the CLI.
D. Create a custom application and set the timeout value under the application-protocol section of the CLI.
Following a recent security audit, you find that users are able to ping between the untrust zone and the trust zone, which is contrary to your organization's current security policy. On examination of the current security policies, you find no policies that would allow these connections.
What are two reasons why users would be able to ping between these zones? (Choose two.)
A. The default policy has been modified to permit all traffic.
B. There is a hidden policy that permits all traffic from untrust to trust.
C. A firewall filter has been configured that places traffic into packet mode.
D. ICMP traffic is not subject to policy inspection.
An engineer has just created a single policy allowing ping traffic from a host in the Users zone to a server in the Servers zone.
When the host pings the server, what will happen to the return traffic?
A. The return traffic will match the session and will be permitted.
B. The return traffic will match the new policy and will be permitted.
C. The return traffic will not be permitted; it will need a separate policy.
D. The return traffic will not be permitted; it will match the system default policy.
Which two statements are correct regarding the security policy parameter policy-rematch? (Choose two.)
A. Configuration changes to existing policies do not impact current sessions.
B. Configuration changes to existing policies cause re-evaluation of current sessions.
C. Configuration changes to the action field of a policy from permit to either deny or reject cause all existing sessions to drop.
D. Configuration changes to the action field of a policy from permit to either deny or reject cause all existing sessions to continue.
What are two valid network prefixes in address books? (Choose two.)
A. 172.16.3.11/29
B. 172.16.0.0/16
C. 172.16.3.11/32
D. 172.16.3.11/24
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.