You must configure a SCREEN option that would protect your device from a session table flood.
Which configuration meets this requirement?
A. [edit security screen] user@host# show ids-option protectFromFlood { icmp { ip-sweep threshold 5000; flood threshold 2000; } }
B. [edit security screen] user@host# show ids-option protectFromFlood { tcp { syn-flood { attack-threshold 2000; destination-threshold 2000; } } }
C. [edit security screen] user@host# show ids-option protectFromFlood { udp { flood threshold 5000; } }
D. [edit security screen] user@host# show ids-option protectFromFlood { limit-session { source-ip-based 1200; destination-ip-based 1200; } }
A system administrator detects thousands of open idle connections from the same source. Which problem can arise from this type of attack?
A. It enables an attacker to perform an IP sweep of devices.
B. It enables a hacker to know which operating system the system is running.
C. It can overflow the session table to its limit, which can result in rejection of legitimate traffic.
D. It creates a ping of death and can cause the entire network to be infected with a virus.
Which statement describes a security zone?
A. A security zone can contain one or more interfaces.
B. A security zone can contain interfaces in multiple routing instances.
C. A security zone must contain two or more interfaces.
D. A security zone must contain bridge groups.
What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?
A. set apply-groups node$
B. set apply-groups (node)
C. set apply-groups $(node)
D. set apply-groups (node)all
Which statement describes an ALG?
A. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to deny the traffic.
B. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.
C. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to deny the traffic.
D. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to permit the traffic to pass.
Which three components can be leveraged when defining a local whitelist or blacklist for antispam on a branch SRX Series device? (Choose three.)
A. spam assassin filtering score
B. sender country
C. sender IP address
D. sender domain
E. sender e-mail address
A network administrator has configured source NAT, translating to an address that is on a locally connected subnet. The administrator sees the translation working, but traffic does not appear to come back.
What is causing the problem?
A. The host needs to open the telnet port.
B. The host needs a route for the translated address.
C. The administrator must use a proxy-arp policy for the translated address.
D. The administrator must use a security policy, which will allow communication between the zones.
Which two statements in a source NAT configuration are true regarding addresses, rule-sets, or rules that overlap? (Choose two.)
A. Addresses used for NAT pools should never overlap.
B. If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.
C. If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.
D. Dynamic source NAT rules take precedence over static source NAT rules.
Which two UTM features require a license to be activated? (Choose two.)
A. antispam
B. antivirus (full AV)
C. content filtering
D. Web-filtering redirect
A user wants to establish an HTTP session to a server behind an SRX device but is being pointed to Web page on the SRX device for additional authentication.
Which type of user authentication is configured?
A. pass-through with Web redirect
B. WebAuth with HTTP redirect
C. WebAuth
D. pass-through
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.