1. Home
  2. Juniper
  3. JN0-332

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Exam Details

  • Exam Code
    :JN0-332
  • Exam Name
    :Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :519 Q&As
  • Last Updated
    :Jun 06, 2025

Juniper Juniper Certifications JN0-332 Questions & Answers

  • Question 21:

    A packet that does not belong to an existing session enters your SRX Series device. Your SRX Series

    device is operating in its default mode.

    Which two statements are true? (Choose two.)

    A. The packet is processed through the fast path.

    B. The packet is subject to policer operations.

    C. Thepacketissubjecttostatelessfilters.

    D. The packet is not processed because no session ID exists.

  • Question 22:

    Click the Exhibit button.

    You want to keep your SRX Series device from being overloaded by ICMP echo request messages on

    interface ge- 0/0/3.

    Referringto the exhibit, which configurationresolves this problem?

    A. Apply the configuredscreento theUNTRUST zone.

    B. ConfigureICMP floodundertheconfiguredscreenandapplyittotheTRUSTzone.

    C. ConfigureICMP floodundertheconfiguredscreenandapplyittotheUNTRUSTzone.

    D. Apply the configuredscreento theTRUSTzone.

  • Question 23:

    Which statement is correct regarding interface-based source NAT on an SRX Series device?

    A. PAT is always performed.

    B. Proxy ARP is enabled by default.

    C. PAT is never performed.

    D. ProxyARPmustbeconfigured.

  • Question 24:

    You are asked to implement a chassis cluster on high-end SRX Series devices. What are two requirements? (Choose two.)

    A. There can be up to two redundancy groups per chassis cluster.

    B. The chassis models must be the same.

    C. The data plane can use SPC ports.

    D. SPCs must be placed in identical slots in all chassis.

  • Question 25:

    A packet from the untrust zone is sourced with a prefix that is associated with an interface in the trust zone. Which screen security parameter would be configured to block this type of attack on an SRX Series device?

    A. IP sweep

    B. port sweep

    C. ping of death

    D. IP spoofing

  • Question 26:

    Click the Exhibit button.

    You are testing the IP spoofing screen on your SRX Series device. The ids-option IDS1 is shown in the

    exhibit, but no IP spoofingmessagesareseeninthelogs.

    What is happening?

    A. The IP block fragment must be disabled for IP spoofing to be detected.

    B. IDS is not applied to the correct security policy.

    C. IDS1 is not applied to the correct security zone.

    D. The TCP sweep threshold must be lowered to l000 to allow enough time for the spoof attack.

  • Question 27:

    Click the Exhibit button.

    Youhave configured a new security policy as shown in the exhibit. Which method would ensure that the

    security policy AllowSIP will match the SIP traffic between host1 and host2?

    A. Add a firewall filter to the egress interface to control the burstrate of the traffic.

    B. Use the insert command to place the All policy after the AllowSIP policy.

    C. Change the policy to be a global policy.

    D. Adda firewall filter totheingress interfaceandset theloss-priority tolow.

  • Question 28:

    Click the Exhibit button.

    Thephaseltunnelofasite-to-siteIPsecVPNisnotestablishingasshownintheexhibit. WhatwouldyoudotoresolvetheproblemonanSRXSeriesdevice?

    A. Change the phase l proposals to match on both sides of the VPN.

    B. Change the remote side of the VPN to use the correct peering address.

    C. Change the local side of the VPN to use the correct external interface.

    D. Change the preshared key to match on both sides of the VPN.

  • Question 29:

    Click the Exhibit button.

    Serverl, in the trust zone, is attempting to send HTTP traffic to another server which is located in the

    untrust zone.

    Referring to the exhibit, what would happen?

    A. The traffic will be permitted by the All policy.

    B. The traffic will be permitted by the Allowl policy.

    C. The traffic will be permitted by the Allow2 policy.

    D. The traffic will be dropped.

  • Question 30:

    Which SRX5400 component is responsible for forwarding a packet?

    A. IOC

    B. SPC

    C. RE

    D. SCB

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.