JN0-332 Exam Questions

Which zone is a system-defined zone?

Which type of zone is used by traffic transiting the device?

Which two steps are performed when configuring a zone? (Choose two.)

You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device's ge- 0/0/0.0 IP address. Where do you configure this functionality?

Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?

Click the Exhibit button. [edit security zones security-zone HR] user@host# show host-inbound-traffic { system-services { ping; ssh; https; }} interfaces { ge-0/0/0.0; ge-0/0/1.0 {...

Click the Exhibit button. user@host> show interfaces ge-0/0/0.0 | match host-inbound Allowed host-inbound traffic : bgp ospf Which configuration would result in the output shown in...

Click the Exhibit button. user@host> show interfaces ge-0/0/0.0 | match host-inbound Allowed host-inbound traffic : ping ssh telnet Which configuration would result in the output s...

Click the Exhibit button. [edit security] user@host# show zones { security-zone ZoneA { tcp-rst; host-inbound-traffic { system-services { ping; telnet; }} interfaces { ge-0/0/0.0;...

Which two commands can be used to monitor firewall user authentication? (Choose two.)

Which two external authentication server types are supported by JUNOS Software for firewall user authentication? (Choose two.)

Click the Exhibit button. [edit security zones security-zone trust] user@host# show host-inbound-traffic { system-services { all; }} interfaces { ge-0/0/0.0; } Referring to the exh...

What are three main phases of an attack? (Choose three.)

An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?

Where do you configure SCREEN options?

Prior to applying SCREEN options to drop traffic, you want to determine how your configuration will affect traffic. Which mechanism would you configure to achieve this objective?

Which two statements describe the purpose of a security policy? (Choose two.)

Click the Exhibit button. [edit security policies] user@host# show from-zone trust to-zone untrust { policy AllowHTTP{ match { source-address HOSTA; destination-address any; applic...

Which two security policy actions are valid? (Choose two.)

Click the Exhibit button. [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-...

Click the Exhibit button. [edit security policies from-zone HR to-zone trust] user@host# show policy two { match { source-address subnet_a; destination-address host_b; application...

Which statement is true about interface-based source NAT?

Which two statements are true about pool-based destination NAT? (Choose two.)

Which statement is true about source NAT?

Which two statements are true about overflow pools? (Choose two.)

Which statement is true regarding proxy ARP?

You are creating a destination NAT rule-set. Which two are valid for use with the from clause? (Choose two.)

Regarding an IPsec security association (SA), which two statements are true? (Choose two.)

Which operational mode command displays all active IPsec phase 2 security associations?

Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?

Which attribute is required for all IKE phase 2 negotiations?

Which attribute is optional for IKE phase 2 negotiations?

A route-based VPN is required for which scenario?

A policy-based IPsec VPN is ideal for which scenario?

Regarding a route-based versus policy-based IPsec VPN, which statement is true?

Which two configuration elements are required for a route-based VPN? (Choose two.)

Click the Exhibit button. [edit security] user@host# show ike { policy ike-policy1 { mode main; proposal-set standard; pre-shared-key ascii-text "$9$GFjm5OBEclM5QCuO1yrYgo"; ## SEC...

Regarding secure tunnel (st) interfaces, which statement is true?

What are three benefits of using chassis clustering? (Choose three.)

You have been tasked with installing two SRX 5600 platforms in a high-availability cluster. Which requirement must be met for a successful installation?

Click the Exhibit button. [edit chassis] user@host# show cluster { reth-count 3; redundancy-group 1 { node 0 priority 1; node 1 priority 100; }} When applying the configuration in...

What is a redundancy group in JUNOS Software?

When devices are in cluster mode, which new interfaces are created?

What are two interfaces created when enabling a chassis cluster? (Choose two.)

Which statement is true regarding redundancy groups?

Which IDP policy action drops a packet before it can reach its destination, but does not close the connection?

You have been tasked with performing an update to the IDP attack database. Which three requirements are included as part of this task? (Choose three.)

You are implementing an IDP policy template from Juniper Networks. Which three steps are included in this process? (Choose three.)

Which statement regarding the implementation of an IDP policy template is true?

Which two statements are true regarding firewall user authentication? (Choose two.)