Juniper Juniper Certifications JN0-332 Questions & Answers

• Question 301:

  For IKE phase 1 negotiations, when is aggressive mode typically used?

  A. when one of the tunnel peers has a dynamic IP address

  B. when one of the tunnel peers wants to force main mode to be used

  C. when fragmentation of the IKE packet is required between the two peers

  D. when one of the tunnel peers wants to specify a different phase 1 proposal

  Correct Answer: A

• Question 302:

  Which two statements are true regarding proxy ARP? (Choose two.)

  A. Proxy ARP is enabled by default.

  B. Proxy ARP is not enabled by default.

  C. JUNOS security devices can forward ARP requests to a remote device when proxy ARP is enabled.

  D. JUNOS security devices can reply to ARP requests intended for a remote device when proxy ARP is enabled.

  Correct Answer: BD

• Question 303:

  Click the Exhibit button.

  [edit schedulers]

  user@host# show

  scheduler now {

  monday all-day;

  tuesday exclude;

  wednesday {

  start-time 07:00:00 stop-time 18:00:00;

  }

  thursday {

  start-time 07:00:00 stop-time 18:00:00;

  }}

  [edit security policies from-zone Private to-zone External] user@host# show

  policy allowTransit {

  match {

  source-address PrivateHosts;

  destination-address ExtServers;

  application ExtApps;

  }

  then {

  permit {

  tunnel {

  ipsec-vpn myTunnel;

  }}}

  scheduler-name now;

  Based on the configuration shown in the exhibit, what are the actions of the security policy?

  A. The policy will always permit transit packets and use the IPsec VPN myTunnel.

  B. The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.

  C. The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.

  D. The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.

  Correct Answer: C

• Question 304:

  Regarding attacks, which statement is correct?

  A. Both DoS and propagation attacks exploit and take control of all unprotected network devices.

  B. Propagation attacks focus on suspicious packet formation using the DoS SYN-ACK-ACK proxy flood.

  C. DoS attacks are directed at the network protection devices, while propagation attacks are directed at the servers.

  D. DoS attacks are exploits in nature, while propagation attacks use trust relationships to take control of the devices.

  Correct Answer: D

• Question 305:

  Regarding zone types, which statement is true?

  A. You cannot assign an interface to a functional zone.

  B. You can specifiy a functional zone in a security policy.

  C. Security zones must have a scheduler applied.

  D. You can use a security zone for traffic destined for the device itself.

  Correct Answer: D

• Question 306:

  Review Below:

  [edit security nat destination]

  user@host# show

  pool A {

  address 10.1.10.5/32;

  }

  rule-set 1 {

  from zone untrust;

  rule 1A {

  match {

  destination-address 100.0.0.1/32;

  }

  then {

  destination-nat pool A;

  }

  }

  }

  Which type of NAT is configured in the exhibit?

  A. static destination NAT

  B. static source NAT

  C. pool-based destination NAT without PAT

  D. pool-based destination NAT with PAT

  Correct Answer: C

• Question 307:

  Click the Exhibit button.

  -- Exhibit -[edit security policies from-zone HR to-zone trust]

  user@host# show

  policy two {

  match {

  source-address subnet_a;

  destination-address host_b;

  application [ junos-telnet junos-ping ];

  }

  then {

  reject;

  }

  }

  policy one {

  match {

  source-address host_a;

  destination-address subnet_b;

  application any;

  }

  then {

  permit;

  }

  }

  -- Exhibit -

  host_a is in subnet_a and host_b is in subnet_b.

  Given the configuration shown in the exhibit, which two statements are true about traffic from host_a to

  host_b (Choose two.)?

  A. DNS traffic is denied.

  B. Telnet traffic is denied.

  C. SMTP traffic is denied.

  D. Ping traffic is denied.

  Correct Answer: BD

• Question 308:

  Click the Exhibit button.

  -- Exhibit -

  user@host> show security utm web-filtering statistics UTM web-filtering statistics: Total requests: 298171 white list hit: 0 Black list hit: 0 Queries to server: 17641 Server reply permit: 14103 Server reply block: 3538 Custom category permit: 0 Custom category block: 0 Cache hit permit: 171020 Cache hit block: 109510 Web-filtering sessions in total: 4000 Web-filtering sessions in usE. 0 Fallback: log-and-permit block Default 0 0 Timeout 0 0 Connectivity 0 0 Too-many-requests 758 0 -- Exhibit -

  Which two statements are true about the output shown in the exhibit on the branch SRX device? (Choose two.)

  A. Redirect Web filtering is being used.

  B. Integrated Web filtering is being used.

  C. At some point the SRX had more than 4000 concurrent Web sessions.

  D. Local Web filtering is being used.

  Correct Answer: BC

• Question 309:

  Click the Exhibit button.

  

  Which type of source NAT is configured in the exhibit?

  A. interface-based source NAT

  B. static source NAT

  C. pool-based source NAT with PAT

  D. pool-based source NAT without PAT

  Correct Answer: A

• Question 310:

  What are two rulebase types within an IPS policy on an SRX Series device? (Choose two.)

  A. rulebase-ips

  B. rulebase-ignore

  C. rulebase-idp

  D. rulebase-exempt

  Correct Answer: AD