That is swift altering strong planet every its altering were always on proceed. This is just a regular career account that lots of people today desire so you can get a person, nevertheless, you have to challenge as well as experienced yourself being a certified person who matches many higher than requiems, anyone aren?¡¥t moving get your desire career conveniently, the particular suggestion which will experienced yourself to new dimension of the usb ports become some sort of Juniper JN0-332 Certificaion.
2021 Sep JN0-332 exam prep
Q141. What is a security policy?
A. a set of rules that controls traffic from a specified source to a specified destination using a specified service
B. a collection of one or more network segments sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks
Answer: A
Q142. Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?
A. message 1 and 2
B. message 3 and 4
C. message 5 and 6
D. message 7 and 8
Answer: A
Q143. Which two functions of the Junos OS are handled by the data plane? (Choose two.)
A. NAT
B. OSPF
C. SNMP
D. SCREEN options
Answer: AD
Q144. Which configuration shows the correct application of a security policy scheduler?
A. [edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}
scheduler-name now;
}
}
}
B. [edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}
}
}
scheduler-name now;
}
C. [edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
scheduler-name now;
}
}
}
}
D. [edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
scheduler-name now;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}
}
}
scheduler-name now;
}
Answer: B
Q145. -- Exhibit --[edit security nat source]
user@host# show
pool snat-pool {
address {
10.10.10.10/32;
10.10.10.11/32;
}
}
pool-utilization-alarm raise-threshold 50 clear-threshold 40;
rule-set user-nat {
from zone trust;
to zone untrust;
rule snat {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
pool {
snat-pool;
}
}
}
}
}
-- Exhibit --
Click the Exhibit button.
Your network management station has generated an alarm regarding NAT utilization based on an SNMP trap received from an SRX Series device.
Referring to the exhibit, which statement is correct about the alarm?
A. The network management station will require manual intervention to clear the alarm.
B. Once utilization is below 40 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.
C. Once utilization is below 50 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.
D. Once utilization is below 80 percent, the Junos OS will send an SNMP trap to the network management station to clear the alarm.
Answer: B
Avant-garde JN0-332 test:
Q146. Which two configuration options must be present for IPv4 transit traffic to pass between the ge-0/0/0.0 and ge-0/0/2.0 interfaces? (Choose two.)
A. family inet
B. a security zone
C. a routing instance
D. host-inbound-traffic
Answer: AB
Q147. Which two statements are true about AH? (Choose two.)
A. AH provides data integrity.
B. AH is identified by IP protocol 50.
C. AH is identified by IP protocol 51.
D. AH cannot work in conjunction with ESP
Answer: AC
Q148. Which three Diffie-Hellman groups are supported during IKE Phase 1 by the Junos OS? (Choose three.)
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: ABE
Q149. Which operational mode command displays all active IPsec phase 2 security associations?
A. show ike security-associations
B. show ipsec security-associations
C. show security ike security-associations
D. show security ipsec security-associations
Answer: D
Q150. -- Exhibit --user@host# show chassis cluster
reth-count 2;
redundancy-group 1 {
node 0 priority 200;
node 1 priority 100;
interface-monitor {
ge-0/0/5 weight 85;
ge-0/0/6 weight 85;
ge-0/0/7 weight 85;
ge-0/0/8 weight 85;
ge-5/0/5 weight 85;
ge-5/0/6 weight 85;
ge-5/0/7 weight 85;
ge-5/0/8 weight 85;
}
}
-- Exhibit --
Click the Exhibit button.
Referring to the exhibit, you have two SRX Series devices in a chassis cluster, and Node 0 is currently the primary node. You want to ensure that traffic using those interfaces fails over to Node 1 if one interface goes down.
Which configuration change should be made to ensure failover to Node 1?
A. Decrease the weight of the interfaces to 1.
B. Increase the weight of the interfaces to 255.
C. Increase the weight of the interfaces to between 128 and 254.
D. Decrease the weight of the interfaces to between 1 and 64.
Answer: B