JN0-332 Online Practice Questions and Answers
Which three statements are true regarding IDP? (Choose three.)
A. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.
B. IDP inspects traffic up to the Application Layer.
C. IDP searches the data stream for specific attack patterns.
D. IDP inspects traffic up to the Presentation Layer.
E. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
What are two TCP flag settings that are considered suspicious? (Choose two.)
A. Do-Not-Fragment flag is set.
B. Both SYN and FIN flags are set.
C. Both ACK and PSH flags are set.
D. FIN flag is set and ACK flag is not set.
What are two components of the Junos software architecture? (Choose two.)
A. Linux kernel
B. routing protocol daemon
C. session-based forwarding module
D. separate routing and security planes
You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com
(172.19.1.1)
in the Untrust zone. How do you create this policy?
A.
Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B.
Specify the DNS entry (hostb.example.com) as the destination address in the policy.
C.
Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D.
Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
What are two uses of NAT? (Choose two.)
A. enabling network migrations
B. conserving public IP addresses
C. allowing stateful packet inspection
D. preventing unauthorized connections from outside the network
Review Below:
[edit security nat destination]
user@host# show
pool A {
address 10.1.10.5/32;
}
rule-set 1 {
from zone untrust;
rule 1A {
match {
destination-address 100.0.0.1/32;
}
then {
destination-nat pool A;
}
}
}
Which type of NAT is configured in the exhibit?
A. static destination NAT
B. static source NAT
C. pool-based destination NAT without PAT
D. pool-based destination NAT with PAT
Which zone is a system-defined zone?
A. null zone
B. trust zone
C. untrust zone
D. management zone
Which three elements are contained in a session-close log message? (Choose three.)
A. source IP address
B. DSCP value
C. number of packets transferred
D. policy name
E. MAC address
You have just configured source NAT with a pool of addresses within the same subnet as the egress interface.
What else must be configured to make the addresses in the pool usable?
A. static NAT
B. destination NAT
C. address persistence
D. proxy ARP
Your network administrator asked you to replace Node I of an SRX5800 chassis cluster running in an active/active mode. The administrator wants to know any impact this could cause.
What should be considered during the hardware replacement?
A. You would need to add a third RE to Node0 to handle the overload of traffic when Node I is taken offline.
B. The two REs on Node0 might become overwhelmed when the third and fourth active REs are taken offline on Node1.
C. Node0 might be disabled once it loses connectivity Node1.
D. Some traffic might be impacted when the active interfaces transition from Node1 to Node0 and the sessions are reestablished.
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.