Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Juniper JN0-232 Security, Associate (JNCIA-SEC) Exam Practice Test

Page: 1 / 11
Total 110 questions

Security, Associate (JNCIA-SEC) Questions and Answers

Question 1

Content filtering supports which two of the following protocols? (Choose two.)

Options:

A.

SMTP

B.

SNMP

C.

TFTP

D.

HTTP

Question 2

Which statement is correct about capturing transit packets on an SRX Series Firewall?

Options:

A.

You can capture transit packets on the egress interface using a firewall filter.

B.

You can capture transit packets by using a firewall filter on the loopback interface.

C.

You can capture transit packets by using the tcpdump utility in the shell.

D.

You can capture transit packets using sampling and port mirroring.

Question 3

You are asked to reduce security configuration complexity on your external facing firewalls. You notice that a previous administrator included hundreds of private subnet NAT rules covering various RFC1918 addresses. You want to replace all these rules with a single rule covering all RFC1918 addresses.

Which rule would you use in this scenario?

Options:

A.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.168.0.0/16 172.16.0.0/12]

B.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.16.0.0/12 172.168.0.0/16]

C.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 172.168.0.0/16 192.0.2.0/24 203.1.113.0/24]

D.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 192.0.2.0/24]

Question 4

Which statement is correct about exception traffic?

Options:

A.

Exception traffic is only handled on the Packet Forwarding Engine.

B.

Exception traffic is rate-limited on the connection between the Packet Forwarding Engine and the Routing Engine.

C.

Exception traffic is anything that is rejected by security policies and requires additional processing.

D.

Exception traffic refers to malformed IP packets received on the Packet Forwarding Engine.

Question 5

Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)

Question # 5

Options:

A.

There is no change to the original source IP address.

B.

The original destination IP address was translated to a new destination IP address.

C.

There is no change to the original destination IP address.

D.

The original source IP address was translated to a new source IP address.

Question 6

Which two statements about Juniper NextGen Web Filtering are correct? (Choose two.)

Options:

A.

You can re-categorize a URL using the Junos configuration.

B.

You can re-categorize a URL using a Junos operational mode command.

C.

There is a predefined set of URL categories.

D.

You cannot add a custom URL category.

Question 7

Which two statements about functional zones are correct? (Choose two.)

Options:

A.

You can create only one functional zone called management.

B.

Functional zones consist of logical interfaces belonging to multiple zones.

C.

You reference the management functional zone in a security policy.

D.

The management functional zone controls management access to the firewall.

Question 8

What is the purpose of assigning logical interfaces to separate security zones in Junos OS?

Options:

A.

to simplify the configuration of network interfaces

B.

to manage routing protocols and updates

C.

to control traffic that traverses different VLANs using security policies

D.

to enable network monitoring through SNMP

Question 9

Which two statements are correct about the processing of NAT rules within a rule set? (Choose two.)

Options:

A.

NAT rule processing processes all rules.

B.

NAT rule processing stops at the first match.

C.

NAT rules are processed from top to bottom.

D.

NAT rules are processed from bottom to top.

Question 10

Referring to the exhibit, which two statements are correct? (Choose two.)

Question # 10

Options:

A.

Traffic does not match this NAT rule.

B.

All traffic that ingresses the trust security zone and egresses the untrust security zone matches this NAT rule.

C.

Only traffic that matches the default route matches this NAT rule.

D.

This is the first NAT rule in the rule set.

Question 11

Which two statements about management functional zones are correct? (Choose two.)

Options:

A.

The management functional zone is used to control the management-related traffic that is allowed to access your device.

B.

The management functional zone contains all available revenue ports until they are assigned to a user-defined security zone.

C.

The management functional zone is automatically created on the SRX Series Firewalls.

D.

The management functional zone cannot be referenced in any security policies.

Question 12

You want to show the effectiveness of your SRX Series Firewall content filter.

Which operational mode command would you use in this scenario?

Options:

A.

show security utm anti-spam status

B.

show security utm anti-virus status

C.

show security web filtering status

D.

show security utm content-filtering statistics

Question 13

Click the Exhibit button.

Question # 13

Which security policy component is highlighted in the exhibit?

Options:

A.

security zone context

B.

unique policy name

C.

match criteria

D.

policy action

Question 14

Which two criteria would be used for matching in security policies? (Choose two.)

Options:

A.

MAC address

B.

source address

C.

interface name

D.

applications

Question 15

You want to enable NextGen Web Filtering (NGWF) on your SRX Series Firewall.

Which two actions must you perform in this scenario? (Choose two.)

Options:

A.

Install a NextGen Web Filtering feature license.

B.

Enable NextGen Web Filtering as the default Web Filtering type.

C.

Assign a public IP address to the loopback interface.

D.

Enable SSL host inbound traffic on the untrust security zone.

Question 16

What is the purpose of a feature profile in a UTM configuration?

Options:

A.

It applies a UTM feature to a security policy.

B.

It applies a UTM feature to protocol traffic.

C.

It defines the operation of a specific UTM feature.

D.

It defines an object list.

Question 17

Which two security policies are installed by default on SRX 300 Series Firewalls? (Choose two.)

Options:

A.

a security policy to allow all traffic from the untrust zone to the trust zone

B.

a security policy to allow all traffic from the trust zone to the untrust zone

C.

a security policy to allow all traffic from the management zone to the trust zone

D.

a security policy to allow all traffic from the trust zone to the trust zone

Question 18

Which two statements are correct about the Junos OS architecture? (Choose two.)

Options:

A.

Junos is built using a collection of interdependent software processes.

B.

Junos is built using independent software processes.

C.

Restarting a single software process causes synchronization issues until other processes are restarted.

D.

Individual software processes can be restarted without impacting the others.

Question 19

Which two statements are correct about security zones? (Choose two.)

Options:

A.

An interface can exist in multiple security zones.

B.

Interfaces in the same security zone must share the same routing instance.

C.

Interfaces in the same security zone must use separate routing instances.

D.

A security zone can contain multiple interfaces.

Question 20

Which two statements about global security policies are correct? (Choose two.)

Options:

A.

The from-zone and to-zone contexts are not required for a global security policy.

B.

Global security policies require specific zone contexts.

C.

Global policies are processed before zone-based security policies.

D.

You can use both zone-based security policies and global security policies at the same time.

Question 21

Click the Exhibit button.

Question # 21

Which two statements are correct about the content filter shown in the exhibit? (Choose two.)

Options:

A.

.exe files will not be allowed to be uploaded over HTTP.

B.

.exe files will not be allowed to be downloaded over HTTP.

C.

There will be a notice added to the SRX log file about the file being blocked.

D.

There will be an e-mail sent to the user about why the SRX is blocking the file.

Question 22

Which two statements are true about the NextGen Web Filtering (NGWF) feature on an SRX Series device? (Choose two.)

Options:

A.

The NGWF feature consults the Juniper cloud before consulting your local lists.

B.

The NGWF feature requires a license.

C.

The NGWF feature consults your local lists before consulting the Juniper cloud.

D.

The NGWF feature does not require a license.

Question 23

Referring to the exhibit,

Question # 23

which two statements are correct? (Choose two.)

Options:

A.

The SRX Series Firewall is performing destination NAT.

B.

The SRX Series Firewall is performing source NAT.

C.

The SRX Series Firewall is not performing PAT.

D.

The SRX Series Firewall is performing PAT.

Question 24

Which two statements are correct about Junos OS? (Choose two.)

Options:

A.

It is a network operating system.

B.

It is supported on physical and virtual devices.

C.

It is a network management system for Juniper devices.

D.

It is a network operating system for IoT devices.

Question 25

You must ensure that sessions can only be established from the external device.

Question # 25

Referring to the exhibit, which type of NAT is being performed?

Options:

A.

static NAT and source NAT

B.

static PAT only

C.

source NAT only

D.

destination NAT only

Question 26

Which two statements are true about content filtering on SRX Series devices? (Choose two.)

Options:

A.

Content filtering requires a license.

B.

Content filtering examines the file extension to determine the file type.

C.

Content filtering does not require a license.

D.

Content filtering examines the file contents to determine the file type.

Question 27

What must also be enabled when using source NAT if the address pool is in the same subnet as the interface?

Options:

A.

static NAT

B.

dynamic DNS

C.

destination NAT

D.

proxy ARP

Question 28

Which two statements describe what Port Address Translation (PAT) does? (Choose two.)

Options:

A.

It maps an external IP address to an internal IP address.

B.

It enables multiple external clients to initiate a connection with multiple internal devices.

C.

It enables multiple internal devices to share a single external IP address.

D.

It maps an internal IP address to an external IP address and port number.

Question 29

Which two security features are applied in a security policy? (Choose two.)

Options:

A.

SSL proxy

B.

firewall authentication

C.

captive portal authentication

D.

MAC bypass

Question 30

You want to verify that your NextGen Web Filtering (NGWF) feature is connected to the Juniper cloud.

Which operational mode command would you use for this task?

Options:

A.

show security utm anti-spam status

B.

show security utm content-filtering statistics

C.

show security utm anti-virus status

D.

show security utm web-filtering status

Question 31

When a new traffic flow enters an SRX Series device, in which order are these processes performed?

Options:

A.

screens → security policies → zones → routes

B.

screens → routes → zones → security policies

C.

routes → zones → screens → security policies

D.

screens → zones → security policies → routes

Question 32

Which UI enables you to manage, monitor, and maintain multiple firewalls using a single interface?

Options:

A.

Juniper Secure Analytics

B.

Security Director

C.

Juniper Identity Management Service

D.

Secure Connect

Question 33

Which statement about the flow module is correct in the context of destination NAT?

Options:

A.

The flow module performs NAT during both first path and fast path processing.

B.

The flow module performs NAT only for source IP addresses.

C.

The flow module performs NAT only during fast path processing.

D.

The flow module performs NAT only during first path processing.

Page: 1 / 11
Total 110 questions