1. Home
  2. Juniper
  3. JN0-332

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Exam Details

  • Exam Code
    :JN0-332
  • Exam Name
    :Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :519 Q&As
  • Last Updated
    :Jun 06, 2025

Juniper Juniper Certifications JN0-332 Questions & Answers

  • Question 271:

    You are required to configure a SCREEN option that enables IP source route option detection.

    Which two configurations meet this requirement? (Choose two.)

    A. [edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; }}

    B. [edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; }}

    C. [edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; }}

    D. [edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; }}

  • Question 272:

    Prior to applying SCREEN options to drop traffic, you want to determine how your configuration will affect traffic.

    Which mechanism would you configure to achieve this objective?

    A. the log option for the particular SCREEN option

    B. the permit option for the particular SCREEN option

    C. the SCREEN option, because it does not drop traffic by default

    D. the alarm-without-drop option for the particular SCREEN option

  • Question 273:

    Where do you configure SCREEN options?

    A. zones on which an attack might arrive

    B. zones you want to protect from attack

    C. interfaces on which an attack might arrive

    D. interfaces you want to protect from attack

  • Question 274:

    What are three main phases of an attack? (Choose three.)

    A. DoS

    B. exploit

    C. propagation

    D. port scanning

    E. reconnaissance

  • Question 275:

    An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?

    A. DoS

    B. SYN flood

    C. port scanning

    D. IP address sweep

  • Question 276:

    Which two external authentication server types are supported by JUNOS Software for firewall user authentication? (Choose two.)

    A. RADIUS

    B. TACACS+

    C. LDAP

    D. IIS

  • Question 277:

    Click the Exhibit button.

    [edit security zones security-zone trust]

    user@host# show

    host-inbound-traffic {

    system-services {

    all;

    }} interfaces { ge-0/0/0.0; }

    Referring to the exhibit, which two traffic types are permitted when the destination is the ge- 0/0/0.0 IP address? (Choose two.)

    A. Telnet

    B. OSPF

    C. ICMP

    D. RIP

  • Question 278:

    Which two statements regarding external authentication servers for firewall user authentication are true? (Choose two.)

    A. Up to three external authentication server types can be used simultaneously.

    B. Only one external authentication server type can be used simultaneously.

    C. If the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is not performed.

    D. If the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is not performed.

  • Question 279:

    Which two commands can be used to monitor firewall user authentication? (Choose two.)

    A. show access firewall-authentication

    B. show security firewall-authentication users

    C. show security audit log

    D. show security firewall-authentication history

  • Question 280:

    Click the Exhibit button.

    [edit security]

    user@host# show

    zones {

    security-zone ZoneA {

    tcp-rst;

    host-inbound-traffic {

    system-services {

    ping;

    telnet;

    }}

    interfaces {

    ge-0/0/0.0;

    ge-0/0/1.0;

    }}

    security-zone ZoneB {

    interfaces {

    ge-0/0/3.0;

    }}}

    policies {

    from-zone ZoneA to-zone ZoneB {

    policy A-to-B {

    match {

    source-address any;

    destination-address any;

    application any;

    } then { permit; }}}}

    In the exhibit, a host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet connection to the device's ge-0/0/1.0 IP address.

    What does the device do?

    A. The device sends back a TCP reset packet.

    B. The device silently discards the packet.

    C. The device forwards the packet out the ge-0/0/1.0 interface.

    D. The device responds with a TCP SYN/ACK packet and opens the connection.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.