Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Juniper JN0-232 Dumps

Page: 1 / 11
Total 110 questions

Security, Associate (JNCIA-SEC) Questions and Answers

Question 1

Which two statements are correct about NAT and security policy processing? (Choose two.)

Options:

A.

The security policy is evaluated before destination NAT.

B.

The security policy is evaluated after source NAT.

C.

The security policy is evaluated before source NAT.

D.

The security policy is evaluated after destination NAT.

Question 2

You want to verify that your NextGen Web Filtering (NGWF) feature is connected to the Juniper cloud.

Which operational mode command would you use for this task?

Options:

A.

show security utm anti-spam status

B.

show security utm content-filtering statistics

C.

show security utm anti-virus status

D.

show security utm web-filtering status

Question 3

What is the purpose of rate-limiting exception traffic in the Junos OS?

Options:

A.

to enhance the performance of the forwarding plane

B.

to simplify the configuration of network interfaces

C.

to prevent denial-of-service attacks on the Routing Engine

D.

to manage routing protocols and updates

Question 4

What happens if no match is found in both zone-based and global security policies?

Options:

A.

The traffic is discarded by the default security policy.

B.

The traffic is redirected to a predefined safe zone.

C.

The traffic is logged for further analysis.

D.

The traffic is allowed by default.

Question 5

Which two statements about functional zones are correct? (Choose two.)

Options:

A.

You can create only one functional zone called management.

B.

Functional zones consist of logical interfaces belonging to multiple zones.

C.

You reference the management functional zone in a security policy.

D.

The management functional zone controls management access to the firewall.

Question 6

You are not able to ping an interface on an SRX Series Firewall.

Which two actions should you take to solve this issue? (Choose two.)

Options:

A.

Assign the interface to a security zone.

B.

Create a security policy to allow ping traffic.

C.

Assign the interface to the null zone.

D.

Configure the ICMP protocol for host-inbound-traffic.

Question 7

Click the Exhibit button.

as

Which two statements are correct about the content filter shown in the exhibit? (Choose two.)

Options:

A.

.exe files will not be allowed to be uploaded over HTTP.

B.

.exe files will not be allowed to be downloaded over HTTP.

C.

There will be a notice added to the SRX log file about the file being blocked.

D.

There will be an e-mail sent to the user about why the SRX is blocking the file.

Question 8

What are two ways that an SRX Series device identifies content? (Choose two.)

Options:

A.

It identifies and inspects the file extension of each file.

B.

It uses AppID.

C.

It identifies file types in HTTP, FTP, and e-mail protocols.

D.

It uses ALGs.

Question 9

Click the Exhibit button.

as

Which type of policy is shown in the exhibit?

Options:

A.

global policy

B.

inter-zone policy

C.

intra-zone policy

D.

default policy

Question 10

You just made a configuration change to a security policy on your SRX Series Firewall. Your users alert you that an application that uses FTP is no longer working.

as

Referring to the exhibit, what are two ways to solve this problem? (Choose two.)

Options:

A.

Enter the rollback 1 command followed by a commit command.

B.

Activate the FTP security policy and commit the configuration.

C.

Insert the FTP security policy before the web-smtp security policy.

D.

Change the destination address in the FTP security policy to any and commit the configuration.

Question 11

Which statement is correct about source NAT?

Options:

A.

It translates MAC addresses to private IP addresses.

B.

It translates private IP addresses to public IP addresses.

C.

It performs bidirectional IP address translation.

D.

It performs translation on ingress traffic only.

Question 12

Which two statements are correct about unified security policies on SRX Series Firewalls? (Choose two.)

Options:

A.

Unified security policies match applications before processing policy statements.

B.

Unified security policies can be zone-based or global.

C.

Unified security policies use the application identification (AppID) engine.

D.

Unified security policies with multiple matches use the most restrictive match.

Question 13

The exhibit shows a table representing security policies from the trust zone to the untrust zone.

as

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

FTP requests from the source IP address of 172.25.11.11 are denied to the destination IP address of 10.1.0.10.

B.

Ping command requests from the source IP address of 172.25.11.100 are denied to the destination IP address of 10.1.0.10.

C.

SSH requests from the source IP address of 172.25.11.10 are permitted to the destination IP address of 10.1.0.10.

D.

FTP requests from the source IP address of 10.1.0.10 are permitted to the destination IP address of 172.25.11.100.

Question 14

Which two statements are correct about unified security policies? (Choose two.)

Options:

A.

Traffic that matches a unified policy will not be evaluated by traditional security policy.

B.

Dynamic applications in unified security policies analyze traffic based on Layer 4 information.

C.

Traffic that matches a traditional policy will not be evaluated by unified security policy.

D.

Dynamic applications in unified security policies analyze traffic based on Layer 7 information.

Question 15

Which two statements are correct about security zones and functional zones? (Choose two.)

Options:

A.

Traffic entering an interface in a functional zone cannot exit any other transit interface.

B.

Traffic entering transit interfaces can exit an interface in a functional zone.

C.

Traffic entering an interface in a functional zone can exit any other transit interface.

D.

Traffic entering transit interfaces cannot exit an interface in a functional zone.

Question 16

Which zone configuration is required to permit transit traffic?

Options:

A.

a system-defined null zone

B.

a system-defined Junos-host zone

C.

a user-defined security zone

D.

a user-defined functional zone

Question 17

You are asked to create a security policy that controls traffic allowed to pass between the Internet and private security zones. You must ensure that this policy is evaluated before all other policy types on your SRX Series device.

In this scenario, which type of security policy should you create?

Options:

A.

routing policy

B.

default policy

C.

zone policy

D.

global policy

Question 18

You want to enable NextGen Web Filtering (NGWF) on your SRX Series Firewall.

Which two actions must you perform in this scenario? (Choose two.)

Options:

A.

Install a NextGen Web Filtering feature license.

B.

Enable NextGen Web Filtering as the default Web Filtering type.

C.

Assign a public IP address to the loopback interface.

D.

Enable SSL host inbound traffic on the untrust security zone.

Question 19

Click the Exhibit button.

as

Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

The URL matches a predefined Web filtering category.

B.

The NextGen Web Filtering type is being used.

C.

The SRX firewall does not have an SSL proxy configuration.

D.

This is a custom Web filtering block message.

Question 20

Referring to the exhibit, which two statements are correct? (Choose two.)

as

Options:

A.

This security policy is a zone-based security policy.

B.

This security policy uses a non-default inactivity timeout.

C.

This security policy permits HTTPS traffic.

D.

This security policy is the second security policy in the list.

Question 21

Which two statements are correct about security zones on an SRX Series device? (Choose two.)

Options:

A.

Security zones can be shared between routing instances.

B.

Security zones cannot be shared between routing instances.

C.

Intrazone and interzone traffic both require security policies.

D.

Multiple security zones cannot be configured on an SRX Series device.

Question 22

Which type of NAT performs port address translation?

Options:

A.

interface-based source NAT

B.

static NAT

C.

source NAT with address shifting

D.

destination NAT without port forwarding

Question 23

Referring to the exhibit, which type of NAT is the SRX Series Firewall performing?

as

Options:

A.

source NAT without PAT

B.

destination NAT with PAT

C.

source NAT with PAT

D.

destination NAT without PAT

Question 24

You want to show the effectiveness of your SRX Series Firewall content filter.

Which operational mode command would you use in this scenario?

Options:

A.

show security utm anti-spam status

B.

show security utm anti-virus status

C.

show security web filtering status

D.

show security utm content-filtering statistics

Question 25

You are asked to permit users to read Reddit posts but prevent them from posting any new content. Which two actions would you perform to achieve this task? (Choose two.)

Options:

A.

Enable micro-application services at the zone level for application tracking.

B.

Include micro-application objects in traditional security policies.

C.

Include micro-application objects in unified security policies.

D.

Enable micro-application services for application identification.

Question 26

You want to confirm that your SRX Series Firewall is connected to the SBL server.

Which operational mode command would you use in this scenario?

Options:

A.

show security utm anti-virus status

B.

show security web filtering status

C.

show security utm content-filtering statistics

D.

show security utm anti-spam status

Question 27

Referring to the exhibit, the top table shows the source and destination IP addresses and also the source and destination ports of the incoming packet.

as

The lower table represents the security policies from the trust zone to the untrust zone.

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

The incoming packet is permitted by the HTTPS application.

B.

The incoming packet is permitted because it does not match any policy listed.

C.

The incoming packet is denied by the final security policy.

D.

The firewall processes security policies in a top-down manner.

Question 28

A URL is not found in the local allow list, block list, or local cache during the NextGen Web Filtering process. Which action does the SRX Series Firewall take in this scenario?

Options:

A.

It allows the URL by default.

B.

It sends a TCP reset message to the client.

C.

It forwards the URL to the NextGen Web Filtering application in the Juniper cloud.

D.

It blocks the URL by default.

Question 29

Which two statements are correct about security zones? (Choose two.)

Options:

A.

An interface can exist in multiple security zones.

B.

Interfaces in the same security zone must share the same routing instance.

C.

Interfaces in the same security zone must use separate routing instances.

D.

A security zone can contain multiple interfaces.

Question 30

Which two characteristics of destination NAT and static NAT are correct? (Choose two.)

Options:

A.

Static NAT automatically creates a matching rule for the opposite direction.

B.

Destination NAT requires address range sizes that match the devices being translated.

C.

Static NAT uses Port Address Translation.

D.

Destination NAT supports port forwarding.

Question 31

Which two statements are correct about the Junos OS architecture? (Choose two.)

Options:

A.

Junos is built using a collection of interdependent software processes.

B.

Junos is built using independent software processes.

C.

Restarting a single software process causes synchronization issues until other processes are restarted.

D.

Individual software processes can be restarted without impacting the others.

Question 32

Which two statements correctly describe static NAT? (Choose two.)

Options:

A.

It requires address ranges of the same size.

B.

Address pools are necessary.

C.

No address pools are necessary.

D.

It performs PAT.

Question 33

You need to capture control plane traffic on a high-end SRX Series device.

How would you accomplish this task?

Options:

A.

Configure a packet capture under the edit security datapath-debug capture hierarchy.

B.

Apply a firewall filter matching the desired traffic using the sample action.

C.

Start a shell then use the tcpdump tool.

D.

Apply a port mirroring configuration under the edit forwarding options hierarchy.

Page: 1 / 11
Total 110 questions