JN0-332 Exam Questions

Which statement accurately describes firewall user authentication?

Which two firewall user authentication objects can be referenced in a security policy? (Choose two.)

Which high availability feature is supported only on Junos security platforms?

What is a security policy?

What is a zone?

What is the function of NAT?

Which statement correctly describes the default state of a high-end SRX Series Services Gateway?

Which Junos security feature helps protect against spam, viruses, trojans, and malware?

When the first packet in a new flow is received, which high-end SRX component is responsible for setting up the flow?

Which three elements are contained in a session-close log message? (Choose three.)

Which card performs flow lookup on incoming packets on high-end SRX Series devices?

How is the control plane separated from the data plane on branch SRX Series devices?

Which three parameters does the Junos OS attempt to match against during session lookup? (Choose three.)

You have packet loss on an IPsec VPN using the default maximum transmission unit (MTU) where the packets have the DF-bit (do not fragment) set. Which configuration solves this prob...

The branch SRX Series Services Gateways implement the data plane on which two components? (Choose two.)

Which configuration must be completed to use both packet-based and session-based forwarding on a branch SRX Series Services Gateway?

Which branch SRX Series Services Gateway model has a hardware-based, modular Routing Engine?

Which two statements are true about zones? (Choose two.)

Which statement is true about factory-default zones?

Which two statements are true when configuring security zones? (Choose two.)

What are two system-defined zones? (Choose two.)

Which statement is correct about zone and interface dependencies?

What are two functions of the junos-host zone? (Choose two.)

Which two parameters are configurable under the [edit security zones security-zone zoneA] stanza? (Choose two.)

What are two predefined address-book entries? (Choose two.)

What are two valid network prefixes in address books? (Choose two.)

You want to show interface-specific zone information and statistics. Which operational command would be used to accomplish this?

Which two statements are correct regarding the security policy parameter policy-rematch? (Choose two.)

An engineer has just created a single policy allowing ping traffic from a host in the Users zone to a server in the Servers zone. When the host pings the server, what will happen t...

Following a recent security audit, you find that users are able to ping between the untrust zone and the trust zone, which is contrary to your organization's current security polic...

You must create a security policy for a custom application that requires a longer session timeout than the default application offers. Which two actions are valid? (Choose two.)

You need to build a scheduler to apply to a policy that will allow traffic from Monday to Friday only. What will accomplish this task?

You want to silently drop HTTP traffic. Which action will accomplish this task?

You are asked to change the behavior of the system-default policy from the default setting on an SRX Series device. What would be the result of this change?

You have just added the policy deny-host-a to prevent traffic from Host A that was previously allowed by the policy permit-all. After committing the changes, you notice that all tr...

You are troubleshooting a security policy. The operational command show security flow session does not show any sessions for this policy. Which statement is correct?

You want to enable local logging for security policies and have the log information stored in a separate file on a branch SRX Series device. Which configuration will accomplish thi...

You want to authenticate users accessing an internal FTP server using the SRX Series Services Gateway. You also want to use an internal LDAP server as the authentication server. Wh...

Which two settings in the options field of an IP header will Junos Screen options block? (Choose two.)

Which two statements are true about the SYN cookie Junos Screen option? (Choose two.)

Which three actions should be used when initially implementing Junos Screen options? (Choose three.)

At which step in the packet flow are Junos Screen checks applied?

You need to apply the Junos Screen protect-zone to the public zone. Which configuration meets this requirement?

You need to implement Junos Screen options to protect traffic coming through the ge-0/0/0 and ge-0/0/1 interfaces which are located in the trust and DMZ zones, respectively. Where...

While reviewing the logs on your SRX240 device, you notice SYN floods coming from multiple hosts out on the Internet. Which Junos Screen option would protect against these denial-o...

You want to protect against attacks on interfaces in ZoneA. You create a Junos Screen option called no-flood and commit the configuration. In the weeks that follow, the Screen does...

While reviewing the logs on your SRX240 device, you notice SYN floods coming from a host out on the Internet towards several hosts on your trusted network. Which Junos Screen optio...

During packet flow on an SRX Series device, which two processes occur before route lookup? (Choose two.)

Which Junos NAT implementation requires the use of proxy ARP?

You are configuring source NAT. Which three elements are used for matching the traffic direction in the from and to statements? (Choose three.)