Juniper Juniper Certifications JN0-332 Questions & Answers

• Question 31:

  Which screen drops packets with a protocol field value of 137 or greater?

  A. block-frag

  B. bad-option

  C. unknown-protocol

  D. security-option

  Correct Answer: C

• Question 32:

  You are attempting to set up an IPsec VPN between an SRX240 and another vendor's firewall. The phase 1 security associations are up, but the phase 2 security associations are not present. What is the problem?

  A. Proxy ID mismatch

  B. IKE mode mismatch

  C. Preshared key mismatch

  D. IKE peer mismatch

  Correct Answer: A

• Question 33:

  You are creating a security policy on an SRX Series device with a permit action.

  What are two possible actions the device also performs on matching traffic? (Choose two)

  A. Send the traffic to a routing-instance.

  B. Send the traffic to a logical system

  C. Send the traffic to an IPSec tunnel

  D. Send the traffic for IDP evaluation

  Correct Answer: AC

• Question 34:

  Which two statements are true concerning policy-based IPsec VPNs on an SRX Series device? (Choose two)

  A. A new tunnel is set up for each flow of traffic that matches the policy.

  B. One tunnel is set up for all flows of traffic that match the policy.

  C. A new tunnel is set up before a flow of traffic matches the policy.

  D. A new tunnel is set up only when a flow of traffic matches the policy.

  Correct Answer: BD

• Question 35:

  Which UTM feature requires a license to function on an SRX branch series device?

  A. Integrated Web filtering

  B. IPsec

  C. OSPFv3

  D. Security policy

  Correct Answer: A

• Question 36:

  Which two statements are true regarding security policies on an SRX Series device? (Choose two)

  A. Non-global policies have a higher priority than global policies.

  B. Global policies have a higher priority than non-global policies.

  C. You cannot use a mix of global security policies and non-global polices on the same device.

  D. You can use a mix of global polices and non-global policies on the same device.

  Correct Answer: AD

• Question 37:

  The local side of an IPSec VPN is an SRX Series device. The remote side of the IPSec VPN is a third-party vendor and it is using a local proxy ID of 1.1.1.1/32 and a remote proxy ID of 2.2.2 2/32.

  Which two actions would you take to ensure that the IPSec VPN comes up? (Choose two.)

  A. Set the proxy ID to 1.1.1.1/32 for the local ID and 2.2.2.2/32 for the remote ID for the VPN

  B. Set the proxy ID to 2.2.2.2/32 for the local ID and 1.1.1.1/322 for the remote ID for the VPN

  C. Set the proxy ID to 0.0.0/0/0 for the local ID and 0.0.0.0/0 for the remote ID for the VPN

  D. Set the proxy ID to 0.0.0.0/32 for the local ID and 0.0.0.0/32 for the remote ID for the VPN

  Correct Answer: B

• Question 38:

  What are three types of reconnaissance attacks? (Choose three)

  A. IP address sweep

  B. Port scanning

  C. Denial of service

  D. IP options

  E. Teardrop

  Correct Answer: ABD

• Question 39:

  Which two statements regarding screens on SRX Series devices are correct? (Choose two.)

  A. Reconnaissance screens associated with IP options are applicable to IPv4 and IPv6.

  B. Packets detected by one screen are not evaluated by subsequent screens.

  C. Packets detected by one screen are still evaluated by subsequent screens.

  D. Reconnaissance screens associated with IP options are applicable to IPv4 only.

  Correct Answer: BD

• Question 40:

  Click the Exhibit button.

  

  Which two statements are true about the output shown in the exhibit? (Choose two)

  A. The IKE protocol has been enabled as a system service for host inbound traffic.

  B. The session displayed represents traffic transiting an IPSec tunnel.

  C. The session displayed represents IPSec control traffic.

  D. A user has configured the self-traffic-policy to allow IKE traffic.

  Correct Answer: AC