Which statement is true regarding proxy ARP?
A. Proxy ARP is enabled by default on stand-alone JUNOS security devices.
B. Proxy ARP is enabled by default on chassis clusters.
C. JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.
D. JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled.
Which statement is true about source NAT?
A. Source NAT works only with source pools.
B. Destination NAT is required to translate the reply traffic.
C. Source NAT does not require a security policy to function.
D. The egress interface IP address can be used for source NAT.
Which two statements are true about overflow pools? (Choose two.)
A. Overflow pools do not support PAT.
B. Overflow pools can not use the egress interface IP address for NAT.
C. Overflow pools must use PAT.
D. Overflow pools can contain the egress interface IP address or separate IP addresses.
Which two statements are true about pool-based destination NAT? (Choose two.)
A. It also supports PAT.
B. PAT is not supported.
C. It allows the use of an address pool.
D. It requires you to configure an address in the junos-global zone.
Which statement is true about interface-based source NAT?
A. PAT is a requirement.
B. It requires you to configure address entries in the junos-nat zone.
C. It requires you to configure address entries in the junos-global zone.
D. The IP addresses being translated must be in the same subnet as the egress interface.
Click the Exhibit button.
[edit security policies from-zone HR to-zone trust]
user@host# show
policy two {
match {
source-address subnet_a;
destination-address host_b;
application [ junos-telnet junos-ping ];
}
then {
reject;
}} policy one {
match {
source-address host_a;
destination-address subnet_b;
application any;
}
then {
permit;
}}
host_a is in subnet_a and host_b is in subnet_b.
Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?
A. DNS traffic is denied.
B. Telnet traffic is denied.
C. SMTP traffic is denied.
D. Ping traffic is permitted.
Click the Exhibit button.
[edit schedulers]
user@host# show
scheduler now {
monday all-day;
tuesday exclude;
wednesday {
start-time 07:00:00 stop-time 18:00:00;
}
thursday {
start-time 07:00:00 stop-time 18:00:00;
}}
[edit security policies from-zone Private to-zone External] user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}}}
scheduler-name now;
}
Based on the configuration shown in the exhibit, what will happen to the traffic matching the security
policy?
A. The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
B. The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.
C. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.
D. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
Which two security policy actions are valid? (Choose two.)
A. deny
B. discard
C. reject
D. close
Exhibit.
[edit security policies]
user@host# show
from-zone trust to-zone untrust {
policy AllowHTTP{
match {
source-address HOSTA;
destination-address any;
application junos-ftp;
}
then {
permit;
}}
policy AllowHTTP2{
match {
source-address any;
destination-address HOSTA;
application junos-http;
}
then {
permit;
}}
policy AllowHTTP3{
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}}}
A flow of HTTP traffic needs to go from HOSTA to HOSTB. Assume that traffic will initiate from HOSTA
and that HOSTA is in zone trust and HOSTB is in zone untrust.
What will happen to the traffic given the configuration in the exhibit?
A. The traffic will be permitted by policy AllowHTTP.
B. The traffic will be permitted by policy AllowHTTP3.
C. The traffic will be permitted by policy AllowHTTP2.
D. The traffic will be dropped as no policy match will be found.
Which two statements describe the purpose of a security policy? (Choose two.)
A. It enables traffic counting and logging.
B. It enforces a set of rules for transit traffic.
C. It controls host inbound services on a zone.
D. It controls administrator rights to access the device.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.