Juniper Juniper Certifications JN0-332 Questions & Answers

• Question 71:

  Click the Exhibit button.

  

  Referring to the exhibit, what is the post-translated address on the SRX Series device?

  A. 1.1.1.122

  B. 10.200.101.12

  C. 10.200.101.11

  D. 1.1.1.1

  Correct Answer: A

• Question 72:

  Click the Exhibit button.

  

  

  Referring to the exhibit, which security policy configuration change must be made to allow HTTP traffic to server 192.188.1.100 from user3?

  A. Add user3 to address-set users under security zone Trust.

  B. Change policy 2 to match on destination address servers.

  C. Add user3 to address-set servers order security zone untrust.

  D. Change policy 1 to match on source address user3.

  Correct Answer: A

• Question 73:

  You are asked to control access through an SRX Series device by username, using integrated user firewall feature.

  For non-domain users, which statement is correct?

  A. Redirect the user to an LDAP server for authentication.

  B. Configure a WMIC DCOM interface to the AD controller.

  C. Non-domain users cannot be filtered by username.

  D. Configure a captive portal to force firewall authentication.

  Correct Answer: D

• Question 74:

  Which two statements are true about route-based IPsec VPNs on an SRX Series device? (Choose two)

  A. Route-based VPNs must use IKE aggressive mode.

  B. New tunnels are generated with each new flow of traffic.

  C. An st0 interface must be bound to each VPN.

  D. A security policy must permit the traffic.

  Correct Answer: CD

• Question 75:

  You committed a new security policy on an SRX Series device. Now, traffic appears to be incorrectly dropped.

  Which two tools would you use to explain why traffic is dropped? (Choose two.)

  A. Security logs

  B. Trace options

  C. Session table

  D. Firewall filter counters

  Correct Answer: AB

• Question 76:

  What are two valid zones available on an SRX Series device? (Choose two)

  A. Security zones

  B. Policy zones

  C. Transit zones

  D. Functional zones

  Correct Answer: AD

• Question 77:

  Click the Exhibit button.

  

  Which three statements are correct about the configuration shown in the exhibit? (Choose three)

  A. Telnet is allowed from this zone to any configured zones on the device.

  B. FTP is allowed from this zone to any configured zones on the device.

  C. Telnet traffic destined to this device through the configured interfaces is allowed.

  D. The ge-0/0/0.0 and ge-0/0/1.0 interfaces are only members of the Corporate zone.

  E. FTP traffic destined to this device through the configured interfaces is allowed.

  Correct Answer: CDE

• Question 78:

  The integrated user firewall feature requires which authentication server type?

  A. Active Directory

  B. SecureID

  C. RADIUS

  D. TACACS+

  Correct Answer: A

• Question 79:

  You want to form a chassis cluster.

  What are two requirements to accomplish this task? (Choose two.)

  A. Devices must be the same hardware model.

  B. The fabric link must use factory dedicated interfaces.

  C. The same number and type of SPCs must be installed in each chassis.

  D. There can be a maximum of three member nodes

  Correct Answer: A

• Question 80:

  A static NAT rule and a destination NAT rule both match the same traffic on an SRX Series device. How is the traffic processed?

  A. Only the static NAT rule is processed

  B. The traffic is dropped because of the NAT rule conflict

  C. The traffic is not translated because of the NAT rule conflict

  D. Only the destination NAT rule is processed

  Correct Answer: A