Which two statements are true about route-based VPNs? (Choose two.)
A. Route-based VPNs cannot be used to configure remote access or dialup VPNs.
B. The from-zone and to-zone, for a security policy to permit traffic over a route-based VPN, are derived from the zone in which the protected network lies and the zone in which the IKE interface lies.
C. system services ike must be enabled on the st0.x interface.
D. You cannot re-write the DSCP bits on the inner IP header of an ESP packet that was created or forwarded using a route-based VPN.
You are required to configure a SCREEN option that enables IP source route option detection.
Which two configurations meet this requirement? (Choose two.)
A. [edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }
B. [edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }
C. [edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }
D. [edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }
On which component is the control plane implemented?
A. IOC
B. PIM
C. RE
D. SPC
When an SRX series device receives an ESP packet, what happens?
A. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will immediately decrypt the packet.
B. If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will discard the packet.
C. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match, it will decrypt the packet.
D. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match and route lookup of inner header, it will decrypt the packet.
Which type of Web filtering by default builds a cache of server actions associated with each URL it has checked?
A. Websense Redirect Web filtering
B. integrated Web filtering
C. local Web filtering
D. enhanced Web filtering
Which three advanced permit actions within security policies are valid? (Choose three.)
A. Mark permitted traffic for firewall user authentication.
B. Mark permitted traffic for SCREEN options.
C. Associate permitted traffic with an IPsec tunnel.
D. Associate permitted traffic with a NAT rule.
E. Mark permitted traffic for IDP processing.
Which command would you use to enable chassis clustering on an SRX device, setting the cluster ID to 1 and node to 0?
A. user@host# set chassis cluster cluster-id 1 node 0 reboot
B. user@host> set chassis cluster id 1 node 0 reboot
C. user@host> set chassis cluster cluster-id 1 node 0 reboot
D. user@host# set chassis cluster id 1 node 0 reboot
Which two statements are true for a security policy? (Choose two.)
A. It controls inter-zone traffic.
B. It controls intra-zone traffic.
C. It is named with a system-defined name.
D. It controls traffic destined to the device's ingress interface.
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone and send them through the IPsec VPN. You must also have the device generate a log message when the session ends.
Which configuration meets this requirement?
A. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log {
session-init;
}
}
}
B. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
C. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-close; } } }
D. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?
A. policy-rematch
B. policy-evaluate
C. rematch-policy
D. evaluate-policy
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.