Which CLI command do you use to block MIME content at the [edit security utm feature- profile] hierarchy?
A. set content-filtering profile
B. set content-filtering profile
C. set content-filtering block-content-type
D. set content-filtering notifications block-mime
Which two statements are true about the relationship between static NAT and proxy ARP? (Choose two.)
A. It is necessary to forward ARP requests to remote hosts.
B. It is necessary when translated traffic belongs to the same subnet as the ingress interface.
C. It is not automatic and you must configure it.
D. It is enabled by default and you do not need to configure it.
Which three parameters are configured in the IKE policy? (Choose three.)
A. mode
B. preshared key
C. external interface
D. security proposals
E. dead peer detection settings
Which command do you use to manually remove antivirus patterns?
A. request security utm anti-virus juniper-express-engine pattern-delete
B. request security utm anti-virus juniper-express-engine pattern-reload
C. request security utm anti-virus juniper-express-engine pattern-remove
D. delete security utm anti-virus juniper-express-engine antivirus-pattern
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.
Which configuration statement would correctly accomplish this task?
A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin {
match {
source-address the10net;
destination-address Server;
application junos-telnet;
}
then {
permit;
}
}
}
B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }
D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet;
}
then {
permit;
}
}
}
Which three statements are true when working with high-availability clusters? (Choose three.)
A. The valid cluster-id range is between 0 and 255.
B. Junos OS security devices can belong to more than one cluster if cluster virtualization is enabled.
C. If the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.
D. A reboot is required if the cluster-id or node value is changed.
E. Junos OS security devices can belong to one cluster only.
What is the purpose of a chassis cluster?
A. Chassis clusters are used to aggregate routes.
B. Chassis clusters are used to create aggregate interfaces.
C. Chassis clusters are used to group two chassis into one logical chassis.
D. Chassis clusters are used to group all interfaces into one cluster interface.
Which two statements are true regarding IDP? (Choose two.)
A. IDP can be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.
B. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.
C. IDP inspects traffic up to the Presentation Layer.
D. IDP inspects traffic up to the Application Layer.
What are two rule base types within an IPS policy on an SRX Series device? (Choose two.)
A. rulebase-ips
B. rulebase-ignore
C. rulebase-idp
D. rulebase-exempt
Which configuration shows a pool-based source NAT without PAT?
A. [edit security nat source] user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; port no-translation; }
}
}
B. [edit security nat source] user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } overflow-pool interface; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; port no-translation; } } }
C. [edit security nat source] user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } port no-translation; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; } } }
D. [edit security nat source]. user@host# show pool A { address { 207.17.137.1/32 to 207.17.137.254/32; } overflow-pool interface; } rule-set 1A { from zone trust; to zone untrust; rule 1 { match { source-address 10.1.10.0/24; } then { source-nat pool A; } } }
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.