当前分类: JN0-331
问题:多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the devic...
查看答案
问题:单选题Which statement describes the behavior of source NAT with address shifting?()A Source NAT with address shifting translates both the source IP address and the source port of a packet.B Source NAT with address shifting defines a one-to-one mapping from a...
问题:多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options...
问题:多选题Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()AJUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.BJUNOS Software for secur...
问题:单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vL...
问题:单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()A DoSB SYN floodC port scanningD IP address sweep...
问题:多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address...
问题:多选题You have been tasked with performing an update to the IDP attack database. Which three requirements areincluded as part of this task?()AThe IDP security package must be installed after it is downloaded.BThe device must be rebooted to complete the updat...
问题:单选题Which attribute is required for all IKE phase 2 negotiations?()A proxy-IDB preshared keyC Diffie-Hellman group keyD main or aggressive mode...
问题:多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.B...
问题:单选题Which statement is true regarding redundancy groups?()A The preempt option determines the primary and secondary roles for redundancy group 0 during a failure and recovery scenario.B When priority settings are equal and the members participating in a cl...
问题:单选题What is the purpose of an address book?()A It holds security policies for particular hosts.B It holds statistics about traffic to and from particular hosts.C It defines hosts in a zone so they can be referenced by policies.D It maps hostnames to IP add...
问题:单选题Which statement is true about a NAT rule action of off?()A The NAT action of off is only supported for destination NAT rule-sets.B The NAT action of off is only supported for source NAT rule-sets.C The NAT action of off is useful for detailed control o...
问题:多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks...
问题:单选题Which parameters are valid SCREEN options for combating operating system probes?()A syn-fin, syn-flood, and tcp-no-fragB syn-fin, port-scan, and tcp-no-flagC syn-fin, fin-no-ack, and tcp-no-fragD syn-fin, syn-ack-ack-proxy, and tcp-no-frag...
问题:多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone....
问题:单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A [edit interfaces]B [edit security zones]C [edit system services]D [edit security interfaces]...
问题:多选题What are three benefits of using chassis clustering?()AProvides stateful session failover for sessions.BIncreases security capabilities for IPsec sessions.CProvides active-passive control and data plane redundancy.DEnables automated fast-reroute capabi...
问题:多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN...
问题:多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)...
