JN0-333 Online Practice Questions and Answers

Which two statements about security policy actions are true? (Choose two.)

A. The log action implies an accept action.

B. The log action requires an additional terminating action.

C. The count action implies an accept action.

D. The count action requires an additional terminating action.

Which statement describes the function of screen options?

A. Screen options encrypt transit traffic in a tunnel.

B. Screen options protect against various attacks on traffic entering a security device.

C. Screen options translate a private address to a public address.

D. Screen options restrict or permit users individually or in a group.

You want to ensure that any certificates used in your IPsec implementation do not expire while in use by your SRX Series devices.

In this scenario, what must be enabled on your devices?

A. RSA

B. TLS

C. SCEP

D. CRL

What are two valid zones available on an SRX Series device? (Choose two.)

A. security zones

B. policy zones

C. transit zones

D. functional zones

You are asked to support source NAT for an application that requires that its original source port not be changed.

Which configuration would satisfy the requirement?

A. Configure a source NAT rule that references an IP address pool with interface proxy ARP enabled.

B. Configure the egress interface to source NAT fixed-port status.

C. Configure a source NAT rule that references an IP address pool with the port no-translation parameter enabled.

D. Configure a source NAT rule that sets the egress interface to the overload status.

Click the Exhibit button.

Host A is attempting to connect to Host B using the domain name, which is tied to a public IP address. All attempts to connect to Host B have failed. You have examined the configuration on your SRX340 and determined that a NAT policy is required.

Referring to the exhibit, which two NAT types will allow Host A to connect to Host B? (Choose two.)

A. source NAT

B. NAT-T

C. destination NAT

D. static NAT

Which three elements does AH provide in an IPsec implementation? (Choose three.)

A. confidentiality

B. authentication

C. integrity

D. availability

E. replay attack protection

Click the Exhibit button.

Referring to the exhibit, which statement is true?

A. TCP packets entering the interface are failing the TCP sequence check.

B. Packets entering the interface are being dropped due to a stateless filter.

C. Packets entering the interface are getting dropped because there is no route to the destination.

D. Packets entering the interface matching an ALG are getting dropped.

You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase 1 negotiation succeeds and the Phase 2 negotiation fails.

Which two configuration parameters should you verify are correct? (Choose two.)

A. Verify that the IKE gateway proposals on the initiator and responder are the same.

B. Verify that the VPN tunnel configuration references the correct IKE gateway.

C. Verify that the IPsec policy references the correct IKE proposals.

D. Verify that the IKE initiator is configured for main mode.

Which statement is true about Perfect Forward Secrecy (PFS)?

A. PFS is used to resolve compatibility issues with third-party IPsec peers.

B. PFS is implemented during Phase 1 of IKE negotiations and decreases the amount of time required for IKE negotiations to complete.

C. PFS increases security by forcing the peers to perform a second DH exchange during Phase 2.

D. PFS increases the IPsec VPN encryption key length and uses RSA or DSA certificates.