Want to know Testking JN0-332 Exam practice test features? Want to lear more about Juniper uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC) certification experience? Study Realistic Juniper JN0-332 answers to Down to date JN0-332 questions at Testking. Gat a success with an absolute guarantee to pass Juniper JN0-332 (uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)) test on your first attempt.
2021 Sep JN0-332 free practice questions
Q171. Which two configuration elements are required for a policy-based VPN? (Choose two.)
A. IKE gateway
B. secure tunnel interface
C. security policy to permit the IKE traffic
D. security policy referencing the IPsec VPN tunnel
Answer: AD
Q172. -- Exhibit – -- Exhibit --
Click the Exhibit button.
A PC in the trust zone is trying to ping a host in the untrust zone.
Referring to the exhibit, which type of NAT is configured?
A. source NAT
B. destination NAT
C. static NAT
D. NAT pool
Answer: A
Q173. Which statement describes the UTM licensing model?
A. Install the license key and all UTM features will be enabled for the life of the product.
B. Install one license key per feature and the license key will be enabled for the life of the product.
C. Install one UTM license key, which will activate all UTM features; the license will need to be renewed when it expires.
D. Install one UTM license key per UTM feature; the licenses will need to be renewed when they expire.
Answer: D
Q174. While reviewing the logs on your SRX240 device, you notice SYN floods coming from multiple hosts out on the Internet.
Which Junos Screen option would protect against these denial-of-service (DoS) attacks?
A. [edit security screen]
user@host# show
ids-option no-flood {
limit-session {
destination-ip-based 150;
}
}
B. [edit security screen]
user@host# show
ids-option no-flood {
tcp {
syn-fin;
}
}
C. [edit security screen]
user@host# show
ids-option no-flood {
limit-session {
source-ip-based 150;
}
}
D. [edit security screen]
user@host# show
ids-option no-flood {
icmp {
flood threshold 10;
}
}
Answer: A
Q175. You want to ensure end-to-end data connectivity through an IPsec tunnel. Which feature would you activate?
A. DPD
B. VPN monitor
C. perfect forward secrecy
D. NHTB
Answer: B
Most up-to-date JN0-332 exams:
Q176. What is a zone?
A. a set of rules that controls traffic from a specified source to a specified destination using a specified service
B. a collection of one or more network segments sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks
Answer: B
Q177. Which Junos NAT implementation requires the use of proxy ARP?
A. destination NAT using a pool outside the IP network of the device's interface
B. source NAT using the device's egress interface
C. source NAT using a pool in the same IP network as the device's interface
D. source NAT using a pool outside the IP network of the device's interface
Answer: C
Q178. Which UTM feature requires a license to function?
A. integrated Web filtering
B. local Web filtering
C. redirect Web filtering
D. content filtering
Answer: A
Q179. Users can define policy to control traffic flow between which two components? (Choose two.)
A. from a zone to the device itself
B. from a zone to the same zone
C. from a zone to a different zone
D. from one interface to another interface
Answer: BC
Q180. Which configuration shows a pool-based source NAT without PAT?
A. [edit security nat source]
user@host# show
pool A {
address {
207.17.137.1/32 to 207.17.137.254/32;
}
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
port no-translation;
}
}
}
B. [edit security nat source]
user@host# show
pool A {
address {
207.17.137.1/32 to 207.17.137.254/32;
}
overflow-pool interface;
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
port no-translation;
}
}
}
C. [edit security nat source]
user@host# show
pool A {
address {
207.17.137.1/32 to 207.17.137.254/32;
}
port no-translation;
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
}
}
}
D. [edit security nat source].
user@host# show
pool A {
address {
207.17.137.1/32 to 207.17.137.254/32;
}
overflow-pool interface;
}
rule-set 1A
{
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 10.1.10.0/24;
}
then {
source-nat pool A;
}
}
}
Answer: C