Testking JN0-332 learning components are positioned on your knowledge along with connection with This gurus a long good reputation for trainees skilled challenges, they asked for any Juniper official certifications. Juniper JN0-332 will show you of which accomplishing your own ambitions. Testking JN0-332 likewise known as any Testking, time savings and money, given it may address the many challenges, you dont need to trap up with additional software programs of the same nature.
2021 Oct JN0-332 real exam
Q131. Which two statements regarding symmetric key encryption are true? (Choose two.)
A. The same key is used for encryption and decryption.
B. It is commonly used to create digital certificate signatures.
C. It uses two keys: one for encryption and a different key for decryption.
D. An attacker can decrypt data if the attacker captures the key used for encryption.
Answer: AD
Q132. You are creating a destination NAT rule-set.
Which two are valid for use with the from clause? (Choose two.)
A. security policy
B. interface
C. routing-instance
D. IP address
Answer: BC
Q133. Which configuration must be completed to use both packet-based and session-based forwarding on a branch SRX Series Services Gateway?
A. A stateless firewall filter must be used on the ingress interface to match traffic to be processed as session based.
B. A security policy rule must be used on the ingress interface to match traffic to be processed as session based.
C. A global security policy rule must be used on the ingress interface to match traffic to be processed as packet based.
D. A stateless firewall filter must be used on the ingress interface to match traffic to be processed as packet based.
Answer: D
Q134. Which statement describes a security zone?
A. A security zone can contain one or more interfaces.
B. A security zone can contain interfaces in multiple routing instances.
C. A security zone must contain two or more interfaces.
D. A security zone must contain bridge groups.
Answer: D
Q135. -- Exhibit --[edit security utm]
user@host# show
custom-objects {
url-pattern {
permit {
value http://www.domain-abc.net;
}
deny {
value http://www.domain-abc.net/movies;
}
}
custom-url-category {
whitelist {
value permit;
}
blacklist {
value deny;
}
}
}
feature-profile {
web-filtering {
url-whitelist whitelist;
url-blacklist blacklist;
type juniper-local;
juniper-local {
profile profileA {
default block;
custom-block-message "Website access not permitted";
}
}
}
}
-- Exhibit --
Click the Exhibit button.
Your SRX Series device includes the Web filtering configuration shown in the exhibit.
Assuming the Web filtering profile has been properly applied, what happens when a user attempts to access the Web site www.juniper.net through the SRX device?
A. The HTTP request is blocked and the user's Web browser eventually times out.
B. The HTTP request is blocked and a message is sent back to the user.
C. The HTTP request is intercepted and the URL is sent to the Websense server. The SRX device permits or blocks the request based on the information it receives back from the server.
D. The HTTP request is permitted and forwarded to the Web server.
Answer: B
Update JN0-332 rapidshare:
Q136. You want to protect against attacks on interfaces in ZoneA. You create a Junos Screen option called no-flood and commit the configuration. In the weeks that follow, the Screen does not appear to be working; whenever you enter the command show security screen statistics zone ZoneA, all counters show 0.
What would solve this problem?
A. user@host> clear security screen no-flood statistics
B. [edit security zones security-zone ZoneA] user@host# set screen no-flood
C. user@host> clear security screen statistics zone ZoneA
D. [edit security zones] user@host# set screen no-flood
Answer: B
Q137. Click the Exhibit button.
You are the responder for an IPsec tunnel and you see the error messages shown in the exhibit. What is the problem?
A. One or more of the phase 1 proposals such as authentication algorithm, encryption algorithm, or pre-shared key does not match.
B. There is no route for 2.2.2.2.
C. There is no IKE definition in the configuration for peer 2.2.2.2.
D. system services ike is not enabled on the interface with IP 1.1.1.2.
Answer: C
Q138. Click the Exhibit button.
A network administrator receives complaints that the application voicecube is timing out after being idle for 30 minutes. Referring to the exhibit, what is a resolution?
A. [edit]
user@host# set applications application voicecube inactivity-timeout never
B. [edit]
user@host# set applications application voicecube inactivity-timeout 2
C. [edit]
user@host# set applications application voicecube destination-port 5060
D. [edit]
user@host# set security policies from-zone trust to-zone trust policy intrazone then timeout never
Answer: A
Q139. While reviewing the logs on your SRX240 device, you notice SYN floods coming from a host out on the Internet towards several hosts on your trusted network.
Which Junos Screen option would protect against these denial-of-service (DoS) attacks?
A. [edit security screen]
user@host# show
ids-option no-flood {
limit-session {
destination-ip-based 150;
}
}
B. [edit security screen]
user@host# show
ids-option no-flood {
tcp {
syn-fin;
}
}
C. [edit security screen]
user@host# show
ids-option no-flood {
limit-session {
source-ip-based 150;
}
}
D. [edit security screen]
user@host# show
ids-option no-flood {
icmp {
flood threshold 10;
}
}
Answer: C
Q140. Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?
A. policy-rematch
B. policy-evaluate
C. rematch-policy
D. evaluate-policy
Answer: A