Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC) v25.0 (JN0-332)

Page:    1 / 35   
Total 517 questions

Regarding content filtering, what are two pattern lists that can be configured inthe Junos
OS? (Choose two.)

  • A. protocol list
  • B. MIME
  • C. block list
  • D. extension


Answer : B,D

If both nodes in a chassis cluster initialize at different times, which configuration example will allow you to ensure that the node with the higher priority will become primary for your
RGs other than RG0?

  • A. [edit chassis cluster] [email protected]# show redundancy-group 1 { node 0 priority 200; node 1 priority 150; preempt; }
  • B. [edit chassis cluster] [email protected]# show redundancy-group 1 { node 0 priority 200; node 1 priority 150; monitoring; }
  • C. [edit chassis cluster] [email protected]# show redundancy-group 1 { node 0 priority 200; node 1 priority 150; control-link-recovery; }
  • D. [edit chassis cluster] [email protected]# show redundancy-group 1 { node 0 priority 200; node 1 priority 150; strict-priority; }


Answer : A

You are required to configure a SCREEN option that enables IP source route option detection. Which two configurations meet thisrequirement? (Choose two.)

  • A. [edit security screen] [email protected]# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }
  • B. [edit security screen] [email protected]# show ids-option protectFromFlood { ip { source-route-option; } }
  • C. [edit security screen] [email protected]# show ids-option protectFromFlood { ip { record-route-option; security-option; } }
  • D. [edit security screen] [email protected]# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }


Answer : A,B

Which command would you use to enable chassis cluster on an SRX device, setting the clusterID to 1 and node to 0?



Answer : C

Which UTM feature requires a license to function?

  • A. integrated Web filtering
  • B. local Web filtering
  • C. redirect Web filtering
  • D. content filtering


Answer : A

After applying the policy-rematch statement under the security policies stanza, what would happen to an existing flow if the policy source address or the destination address is changed and committed?

  • A. The Junos OS drops any flow that does not match the source address or destination address.
  • B. All traffic is dropped.
  • C. All existing sessions continue.
  • D. The Junos OS does a policy re-evaluation.


Answer : D

What is the functionality of redundant interfaces (reth) in a chassis cluster?

  • A. reth interfaces are used only for VRRP.
  • B. reth interfaces are the same as physical interfaces.
  • C. reth interfaces are pseudo-interfaces that are considered the parent interface for two physical interfaces.
  • D. Each cluster member has a reth interface that can be used to share session state information with the other cluster members.


Answer : C

Which IDP policy action closes the connection and sends an RST packet to both the client and the server?

  • A. close-connection
  • B. terminate-connection
  • C. close-client-and-server
  • D. terminate-session


Answer : C

A user wants to establish an FTP session to a server behind an SRX device but must authenticate to a Web page on the SRX device for additional authentication. Which type of user authentication is configured?

  • A. pass-through
  • B. WebAuth
  • C. WebAuth with Web redirect
  • D. pass-through with Web redirect


Answer : B

Explanation:
Web authentication is valid for all types of traffic. With Web authentication configured, users must first directly access the Junos security platform using HTTP. The user enters the address or hostname of the device into a Web browser and then receives a prompt for a username and password. If authentication is successful, the user can then access the restricted resource directly. Subsequent traffic from the same source IP address is automatically allowed access to the restricted resource, as long as security policy allows for it.

Which zone is system-defined?

  • A. security
  • B. functional
  • C. junos-global
  • D. management


Answer : C

The Junos OS blocks an HTTP request due to a Websense server response. Which form of Web filtering is being used?

  • A. redirect Web filtering
  • B. integrated Web filtering
  • C. categorized Web filtering
  • D. local Web filtering


Answer : A

Click the Exhibit button.


Assume the default-policy has not been configured. Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? (Choose two.)

  • A. DNS traffic is denied.
  • B. HTTP traffic is denied.
  • C. FTP traffic is permitted.
  • D. SMTP traffic is permitted.


Answer : A,C

Which statement contains the correct parameters for a route-based IPsec VPN?

  • A. [edit security ipsec] [email protected]# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
  • B. [edit security ipsec] [email protected]# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
  • C. [edit security ipsec] [email protected]# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
  • D. [edit security ipsec] [email protected]# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }


Answer : D

Under which Junos hierarchy level are security policies configured?

  • A. [edit security]
  • B. [edit protocols]
  • C. [edit firewall]
  • D. [edit policy-options]


Answer : A

Which three statements are true regarding IDP? (Choose three.)

  • A. IDP cannot be used in conjunction with other Junos security features such as SCREEN options, zones, and security policy.
  • B. IDP inspects traffic up to the Application Layer.
  • C. IDP searches the data stream for specific attack patterns.
  • D. IDP inspects traffic up to the Presentation Layer.
  • E. IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.


Answer : B,C,E

Page:    1 / 35   
Total 517 questions