JN0-332 Exam Questions

You have just configured source NAT with a pool of addresses within the same subnet as the egress interface. What else must be configured to make the addresses in the pool usable?

You have just changed a NAT rule and committed the change. Which statement is true?

Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?

Which two actions occur during IKE Phase 1? (Choose two.)

What are two valid symmetric encryption key types? (Choose two.)

Which two are negotiated during Phase 2 of an IPsec VPN tunnel establishment? (Choose two.)

Which three algorithms are used by an SRX Series device to validate the integrity of the data exchanged through an IPsec VPN? (Choose three.)

You are asked to implement the hashing algorithm that uses the most bits in the calculation on your Junos security device. Which algorithm should you use?

You are asked to establish an IPsec VPN to a remote device whose IP address is dynamically assigned by the ISP. Which IKE Phase 1 mode must you use?

Which three Diffie-Hellman groups are supported during IKE Phase 1 by the Junos OS? (Choose three.)

A security association is uniquely identified by which two values? (Choose two.)

You are asked to establish an IPsec VPN between two sites. The remote device has been preconfigured. Which two parameters must be identical to the remote device's parameters when d...

Which two statements are correct about IPsec security associations? (Choose two.)

You are deploying a branch site which connects to two hub locations over an IPsec VPN. The branch SRX Series device should send all traffic to the first hub unless it is unreachabl...

Which two statements are correct regarding reth interfaces? (Choose two.)

Which two statements are correct about establishing a chassis cluster with IPv6? (Choose two.)

You are asked to set up a chassis cluster between your SRX Series devices. You must ensure that the solution provides both dual redundant links per node and node redundancy. Which...

What is supported on the fabric link?

You are asked to establish a chassis cluster between two SRX Series devices. You must ensure that end-to-end connectivity is monitored and that the redundancy group will fail over...

When using chassis clustering, which link is responsible for configuration synchronization?

Redundant Ethernet interfaces (reths) have a virtual MAC address based on which two attributes? (Choose two.)

You are asked to establish a chassis cluster between two branch SRX Series devices. You must ensure that no single point of failure exists. What would prevent a single point of fai...

Which two statements are correct regarding the cluster ID? (Choose two.)

Which statement is true about real-time objects in an SRX chassis cluster?

When using chassis clustering, which action is taken by the Junos OS if the control link or the fabric link suffers a loss of keepalives or heartbeat messages?

You are configuring the SRX Series Services Gateway in chassis cluster mode. What is a valid way to configure Redundancy Groups (RGs) 1 and 2 for active/active redundancy?

You have just manually failed over Redundancy Group 0 on Node 0 to Node 1. You notice Node 0 is now in a secondary-hold state. Which statement is correct?

Which three Unified Threat Management features require a license? (Choose three.)

Which global UTM configuration parameter contains lists, such as MIME patterns, filename extensions, and URL patterns, that can be used across all UTM features?

Your SRX Series device is configured so that all inbound traffic from the Internet is examined by the UTM content filtering feature. As inbound traffic arrives at the SRX device, w...

Which three UTM features require a license? (Choose three.)

Which two SRX platforms support UTM features? (Choose two.)

Which antivirus protection feature uses the first several packets of a file to determine if the file contains malicious code?

Which antivirus protection feature uses virus patterns and a malware database that are located on external servers?

You have implemented Integrated SurfControl Web filtering on an SRX Series device. You have also created a whitelist and a blacklist on the SRX device. One particular Web site is m...

You have deployed enhanced Web filtering on an SRX Series device. A user requests a URL that is not in the URL filtering cache. What happens?

You are configuring a blacklist for Web filtering on a branch SRX Series device. Which two URL patterns are valid? (Choose two.)

Which two criteria does the enhanced Web filtering solution use to make decisions? (Choose two.)

Referring to the exhibit, you need to allow ping traffic into interface ge-0/0/1. Which configuration step will accomplish this task? [edit interfaces] ge-0/0/1 { unit 0 { family e...

Referring to the exhibit, which two services are allowed on the ge-0/0/2.0 interface? (Choose two.)

Referring to the exhibit, you want to be able to manage your SRX Series device from the Internet using SSH. You have created a security policy to allow the traffic to flow into the...

Referring to the exhibit, you have configured a scheduler to allow hosts access to the Internet during specific times. You notice that hosts are still accessing the Internet during...

Referring to the exhibit, you have configured a scheduler to allow hosts access to the Internet during specific times. You notice that hosts are unable to access the Internet. What...

Referring to the exhibit, which policy will allow traffic from Host 1, Host 2, and Host 3 to the Internet?

Click the Exhibit button. You want to permit access to the Internet from the hr zone during a specified time. Which configuration will accomplish this task? [edit security policies...

Click the Exhibit button. You are asked to configure a hub-and-spoke VPN. All the VPN components have been configured, and you are able to ping the remote tunnel interfaces at Site...

Click the Exhibit button. Referring to the exhibit, you need to allow FTP traffic from the Internet to the FTP server in the Trust zone. You have built a custom application so that...

A server in the DMZ of your company is under attack. The attacker is opening a large number of TCP connections to your server which causes resource utilization problems on the serv...

Referring to the exhibit, you want to use source NAT to translate the Web server's IP address to the IP address of ge-0/0/2. Which source NAT type accomplishes this task and always...

The output of show security flow sessions is shown in the exhibit. user@srx> show security flow session Session ID. 10702, Policy name: default-permit/4, Timeout: 1794, Valid In: 2...