Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Juniper JN0-232 Dumps Questions Answers

Page: 1 / 8
Total 110 questions

Security, Associate (JNCIA-SEC) Questions and Answers

Question 1

Which two statements are correct about a Juniper Packet Forwarding Engine? (Choose two.)

Options:

A.

The Packet Forwarding Engine is responsible for forwarding transit traffic.

B.

The Packet Forwarding Engine is managed by the Routing Engine.

C.

The Packet Forwarding Engine manages the Routing Engine.

D.

The Packet Forwarding Engine creates the routing and switching tables.

Buy Now
Question 2

You want to enable NextGen Web Filtering in SRX Series devices.

In this scenario, which two actions will accomplish this task? (Choose two.)

Options:

A.

Generate a CA-signed certificate.

B.

Generate a self-signed certificate.

C.

Configure an SSL initiation profile.

D.

Configure an SSL proxy profile.

Question 3

You need to ensure that the security policy is configured correctly for a flow with both source NAT and destination NAT involved. In this scenario, which two match conditions are valid for source and destination addresses? (Choose two.)

Options:

A.

post-NAT destination address

B.

pre-NAT source address

C.

post-NAT source address

D.

pre-NAT destination address

Question 4

Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

Traffic does not match this NAT rule.

B.

All traffic that ingresses the trust security zone and egresses the untrust security zone matches this NAT rule.

C.

Only traffic that matches the default route matches this NAT rule.

D.

This is the first NAT rule in the rule set.

Question 5

When traffic enters an interface, which two results does a route lookup determine? (Choose two.)

Options:

A.

egress interface

B.

egress security zone

C.

ingress interface

D.

DNS name

Question 6

Content filtering supports which two of the following protocols? (Choose two.)

Options:

A.

SMTP

B.

SNMP

C.

TFTP

D.

HTTP

Question 7

Which two statements are true about content filtering on SRX Series devices? (Choose two.)

Options:

A.

Content filtering requires a license.

B.

Content filtering examines the file extension to determine the file type.

C.

Content filtering does not require a license.

D.

Content filtering examines the file contents to determine the file type.

Question 8

Your manager asks you to verify when your antivirus definitions were last updated on your SRX Series Firewall.

Which operational mode command allows you to see this information?

Options:

A.

show security utm content-filtering statistics

B.

show security utm anti-spam status

C.

show security web filtering status

D.

show security utm anti-virus status

Question 9

Which solution will add antivirus features to your SRX Series device?

Options:

A.

IDP

B.

Content Security

C.

NAT

D.

firewall filters

Question 10

What is the purpose of rate-limiting exception traffic in the Junos OS?

Options:

A.

to enhance the performance of the forwarding plane

B.

to simplify the configuration of network interfaces

C.

to prevent denial-of-service attacks on the Routing Engine

D.

to manage routing protocols and updates

Question 11

Click the Exhibit button.

Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

The URL matches a predefined Web filtering category.

B.

The NextGen Web Filtering type is being used.

C.

The SRX firewall does not have an SSL proxy configuration.

D.

This is a custom Web filtering block message.

Question 12

You want to use Avira Antivirus.

Which two actions should you perform to satisfy this requirement? (Choose two.)

Options:

A.

Restart the management daemon (mgd) to load the components.

B.

Enable the Avira engine in operational mode.

C.

Reboot the SRX Series device to load the components.

D.

Enable the Avira engine in configuration mode.

Question 13

Which two statements are correct about unified security policies? (Choose two.)

Options:

A.

Traffic that matches a unified policy will not be evaluated by traditional security policy.

B.

Dynamic applications in unified security policies analyze traffic based on Layer 4 information.

C.

Traffic that matches a traditional policy will not be evaluated by unified security policy.

D.

Dynamic applications in unified security policies analyze traffic based on Layer 7 information.

Question 14

You need to capture control plane traffic on a high-end SRX Series device.

How would you accomplish this task?

Options:

A.

Configure a packet capture under the edit security datapath-debug capture hierarchy.

B.

Apply a firewall filter matching the desired traffic using the sample action.

C.

Start a shell then use the tcpdump tool.

D.

Apply a port mirroring configuration under the edit forwarding options hierarchy.

Question 15

What is the purpose of assigning logical interfaces to separate security zones in Junos OS?

Options:

A.

to simplify the configuration of network interfaces

B.

to manage routing protocols and updates

C.

to control traffic that traverses different VLANs using security policies

D.

to enable network monitoring through SNMP

Question 16

You have created a series of security policies permitting access to a variety of services. You now want to create a policy that blocks access to all other services for all user groups.

What should you create in this scenario?

Options:

A.

global security policy

B.

Juniper ATP policy

C.

IDP policy

D.

integrated user firewall policy

Question 17

You are troubleshooting first path traffic not passing through an SRX Series Firewall. You have determined that the traffic is ingressing and egressing the correct interfaces using a route lookup.

In this scenario, what is the next step in troubleshooting why the device may be dropping the traffic?

Options:

A.

Verify that the interfaces are in the correct security zones.

B.

Verify the routing protocol being used.

C.

Verify that source NAT is occurring.

D.

Verify that the correct ALG is being used.

Question 18

You are modifying the NAT rule order and you notice that a new NAT rule has been added to the bottom of the list.

In this situation, which command would you use to reorder NAT rules?

Options:

A.

top

B.

run

C.

up

D.

insert

Question 19

Which security policy action will cause traffic to drop and a message to be sent to the source?

Options:

A.

permit

B.

next-policy

C.

deny

D.

reject

Question 20

Click the Exhibit button.

Which two statements are correct about the content filter shown in the exhibit? (Choose two.)

Options:

A.

.exe files will not be allowed to be uploaded over HTTP.

B.

.exe files will not be allowed to be downloaded over HTTP.

C.

There will be a notice added to the SRX log file about the file being blocked.

D.

There will be an e-mail sent to the user about why the SRX is blocking the file.

Question 21

You are troubleshooting traffic traversing the SRX Series Firewall and require detailed information showing how the flow module is handling the traffic.

How would you accomplish this task?

Options:

A.

Review the flow session table.

B.

Review the forwarding table.

C.

Enable flow trace options.

D.

Enable firewall filters.

Question 22

Which two statements are correct about the processing of NAT rules within a rule set? (Choose two.)

Options:

A.

NAT rule processing processes all rules.

B.

NAT rule processing stops at the first match.

C.

NAT rules are processed from top to bottom.

D.

NAT rules are processed from bottom to top.

Question 23

Which two statements are correct about the Junos OS architecture? (Choose two.)

Options:

A.

Junos is built using a collection of interdependent software processes.

B.

Junos is built using independent software processes.

C.

Restarting a single software process causes synchronization issues until other processes are restarted.

D.

Individual software processes can be restarted without impacting the others.

Question 24

You are not able to ping an interface on an SRX Series Firewall.

Which two actions should you take to solve this issue? (Choose two.)

Options:

A.

Assign the interface to a security zone.

B.

Create a security policy to allow ping traffic.

C.

Assign the interface to the null zone.

D.

Configure the ICMP protocol for host-inbound-traffic.

Question 25

Which two statements are correct about Junos OS? (Choose two.)

Options:

A.

It is a network operating system.

B.

It is supported on physical and virtual devices.

C.

It is a network management system for Juniper devices.

D.

It is a network operating system for IoT devices.

Question 26

A URL is not found in the local allow list, block list, or local cache during the NextGen Web Filtering process. Which action does the SRX Series Firewall take in this scenario?

Options:

A.

It allows the URL by default.

B.

It sends a TCP reset message to the client.

C.

It forwards the URL to the NextGen Web Filtering application in the Juniper cloud.

D.

It blocks the URL by default.

Question 27

Which two statements about functional zones are correct? (Choose two.)

Options:

A.

You can create only one functional zone called management.

B.

Functional zones consist of logical interfaces belonging to multiple zones.

C.

You reference the management functional zone in a security policy.

D.

The management functional zone controls management access to the firewall.

Question 28

When a new traffic flow enters an SRX Series device, in which order are these processes performed?

Options:

A.

screens → security policies → zones → routes

B.

screens → routes → zones → security policies

C.

routes → zones → screens → security policies

D.

screens → zones → security policies → routes

Question 29

Which two statements are correct about security zones on an SRX Series device? (Choose two.)

Options:

A.

Security zones can be shared between routing instances.

B.

Security zones cannot be shared between routing instances.

C.

Intrazone and interzone traffic both require security policies.

D.

Multiple security zones cannot be configured on an SRX Series device.

Question 30

When does screening occur in the flow module?

Options:

A.

before session lookup

B.

during policy lookup

C.

during route lookup

D.

after session lookup

Question 31

You want to verify that your NextGen Web Filtering (NGWF) feature is connected to the Juniper cloud.

Which operational mode command would you use for this task?

Options:

A.

show security utm anti-spam status

B.

show security utm content-filtering statistics

C.

show security utm anti-virus status

D.

show security utm web-filtering status

Question 32

Click the Exhibit button.

Referring to the exhibit, which statement is correct?

Options:

A.

policy3 will be shadowed because it matches the same application as policy1.

B.

None of the policies will be shadowed.

C.

policy1 will be shadowed because it matches the same application as policy3.

D.

policy2 will be shadowed because it matches the same application as policy1.

Question 33

Which two statements about the host-inbound-traffic parameter in a zone configuration are correct? (Choose two.)

Options:

A.

Deleting the host-inbound-traffic parameter blocks console access to the firewall.

B.

Deleting the host-inbound-traffic parameter blocks SSH access to the firewall.

C.

The host-inbound-traffic parameter is implicitly configured in the management zone.

D.

The host-inbound-traffic parameter is explicitly configured in a security zone.

Page: 1 / 8
Total 110 questions