1. Home
  2. Juniper
  3. JN0-332

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Exam Details

  • Exam Code
    :JN0-332
  • Exam Name
    :Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :519 Q&As
  • Last Updated
    :Jun 06, 2025

Juniper Juniper Certifications JN0-332 Questions & Answers

  • Question 431:

    What is the maximum number of layers of decompression that juniper-express-engine (express AV) can decompress for the HTTP protocol?

    A. 0

    B. 1

    C. 4

    D. 8

  • Question 432:

    Click the Exhibit button.

    What are two valid reasons for the output shown in the exhibit? (Choose two.)

    A. The local Web-filtering daemon is not enabled or is not running.

    B. The integrated Web-filtering policy server is not reachable.

    C. No DNS is configured on the SRX Series device.

    D. No security policy is configured to use Web filtering.

  • Question 433:

    Click the Exhibit button.

    [A] establishes an IPsec tunnel with

    [B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.

    On which port is the IKE SA established?

    A. TCP 500

    B. UDP 500

    C. TCP 4500

    D. UDP 4500

  • Question 434:

    When an SRX series device receives an ESP packet, what happens?

    A. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, it will immediately decrypt the packet.

    B. If the destination IP address in the outer IP header of ESP does not match the IP address of the ingress interface, it will discard the packet.

    C. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match, it will decrypt the packet.

    D. If the destination address of the outer IP header of the ESP packet matches the IP address of the ingress interface, based on SPI match and route lookup of inner header, it will decrypt the packet.

  • Question 435:

    Click the Exhibit button.

    Assume the default-policy has not been configured. Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? (Choose two.)

    A. DNS traffic is denied.

    B. HTTP traffic is denied.

    C. FTP traffic is permitted.

    D. SMTP traffic is permitted.

  • Question 436:

    What are three configuration objects used to build Junos IDP rules? (Choose three.)

    A. zone objects

    B. policy objects

    C. attack objects

    D. alert and notify objects

    E. network and address objects

  • Question 437:

    You are required to configure a SCREEN option that enables IP source route option detection.

    Which two configurations meet this requirement? (Choose two.)

    A. [edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }

    B. [edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }

    C. [edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }

    D. [edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }

  • Question 438:

    What is the default session timeout for UDP sessions?

    A. 30 seconds

    B. 1 minute

    C. 5 minutes

    D. 30 minutes

  • Question 439:

    Which two statements about the Diffie-Hellman (DH) key exchange process are correct? (Choose two.)

    A. In the DH key exchange process, the session key is never passed across the network.

    B. In the DH key exchange process, the public and private keys are mathematically related using the DH algorithm.

    C. In the DH key exchange process, the session key is passed across the network to the peer for confirmation.

    D. In the DH key exchange process, the public and private keys are not mathematically related, ensuring higher security.

  • Question 440:

    A network administrator receives complaints from the engineering group that an application on one server is not working properly. After further investigation, the administrator determines that source NAT translation is using a different source address after a random number of flows.

    Which two actions can the administrator take to force the server to use one address? (Choose two.)

    A. Use the custom application feature.

    B. Configure static NAT for the host.

    C. Use port address translation (PAT).

    D. Use the address-persistent option.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.