Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Juniper > Associate JNCIA-SEC > JN0-232

JN0-232 Security, Associate (JNCIA-SEC) Question and Answers

Question # 4

Which two statements about SRX Series zones are correct? (Choose two.)

A.

The null zone allows the use of security policies to log dropped control plane traffic.

B.

The functional zone is used to define the management interface on smaller SRX Series Firewalls.

C.

A security zone processes intra-zone traffic without a security policy.

D.

The Junos-host zone allows the use of security policies to control access to the SRX Series Firewall.

Full Access
Question # 5

Which two statements are correct about a Juniper Packet Forwarding Engine? (Choose two.)

A.

The Packet Forwarding Engine is responsible for forwarding transit traffic.

B.

The Packet Forwarding Engine is managed by the Routing Engine.

C.

The Packet Forwarding Engine manages the Routing Engine.

D.

The Packet Forwarding Engine creates the routing and switching tables.

Full Access
Question # 6

What happens if no match is found in both zone-based and global security policies?

A.

The traffic is discarded by the default security policy.

B.

The traffic is redirected to a predefined safe zone.

C.

The traffic is logged for further analysis.

D.

The traffic is allowed by default.

Full Access
Question # 7

Which two statements are correct about security zones and functional zones? (Choose two.)

A.

Traffic entering an interface in a functional zone cannot exit any other transit interface.

B.

Traffic entering transit interfaces can exit an interface in a functional zone.

C.

Traffic entering an interface in a functional zone can exit any other transit interface.

D.

Traffic entering transit interfaces cannot exit an interface in a functional zone.

Full Access
Question # 8

Referring to the exhibit, the top table shows the source and destination IP addresses and also the source and destination ports of the incoming packet.

The lower table represents the security policies from the trust zone to the untrust zone.

In this scenario, which two statements are correct? (Choose two.)

A.

The incoming packet is permitted by the HTTPS application.

B.

The incoming packet is permitted because it does not match any policy listed.

C.

The incoming packet is denied by the final security policy.

D.

The firewall processes security policies in a top-down manner.

Full Access
Question # 9

You are asked to reduce security configuration complexity on your external facing firewalls. You notice that a previous administrator included hundreds of private subnet NAT rules covering various RFC1918 addresses. You want to replace all these rules with a single rule covering all RFC1918 addresses.

Which rule would you use in this scenario?

A.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.168.0.0/16 172.16.0.0/12]

B.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.16.0.0/12 172.168.0.0/16]

C.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 172.168.0.0/16 192.0.2.0/24 203.1.113.0/24]

D.

set security nat source rule-set private-to-pub rule RFC1918 match source-address [10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 192.0.2.0/24]

Full Access
Question # 10

You want to verify that your NextGen Web Filtering (NGWF) feature is connected to the Juniper cloud.

Which operational mode command would you use for this task?

A.

show security utm anti-spam status

B.

show security utm content-filtering statistics

C.

show security utm anti-virus status

D.

show security utm web-filtering status

Full Access
Question # 11

Which two statements are correct about unified security policies on SRX Series Firewalls? (Choose two.)

A.

Unified security policies match applications before processing policy statements.

B.

Unified security policies can be zone-based or global.

C.

Unified security policies use the application identification (AppID) engine.

D.

Unified security policies with multiple matches use the most restrictive match.

Full Access
Question # 12

What is the processing order for the antispam feature?

A.

allowlist → blocklist → Spam Block List (SBL) server

B.

Spam Block List (SBL) server → allowlist → blocklist

C.

blocklist → allowlist → Spam Block List (SBL) server

D.

blocklist → Spam Block List (SBL) server → allowlist

Full Access
Question # 13

Which two statements are correct about Junos OS? (Choose two.)

A.

It is a network operating system.

B.

It is supported on physical and virtual devices.

C.

It is a network management system for Juniper devices.

D.

It is a network operating system for IoT devices.

Full Access
Question # 14

You want to show the effectiveness of your SRX Series Firewall content filter.

Which operational mode command would you use in this scenario?

A.

show security utm anti-spam status

B.

show security utm anti-virus status

C.

show security web filtering status

D.

show security utm content-filtering statistics

Full Access
Question # 15

Which two statements are correct about unified security policies? (Choose two.)

A.

Traffic that matches a unified policy will not be evaluated by traditional security policy.

B.

Dynamic applications in unified security policies analyze traffic based on Layer 4 information.

C.

Traffic that matches a traditional policy will not be evaluated by unified security policy.

D.

Dynamic applications in unified security policies analyze traffic based on Layer 7 information.

Full Access
Question # 16

Which two statements about management functional zones are correct? (Choose two.)

A.

The management functional zone is used to control the management-related traffic that is allowed to access your device.

B.

The management functional zone contains all available revenue ports until they are assigned to a user-defined security zone.

C.

The management functional zone is automatically created on the SRX Series Firewalls.

D.

The management functional zone cannot be referenced in any security policies.

Full Access
Question # 17

Which two statements are correct about security zones? (Choose two.)

A.

An interface can exist in multiple security zones.

B.

Interfaces in the same security zone must share the same routing instance.

C.

Interfaces in the same security zone must use separate routing instances.

D.

A security zone can contain multiple interfaces.

Full Access
Question # 18

Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)

A.

There is no change to the original source IP address.

B.

The original destination IP address was translated to a new destination IP address.

C.

There is no change to the original destination IP address.

D.

The original source IP address was translated to a new source IP address.

Full Access
Question # 19

Which statement is correct about security policies?

A.

Security policies are evaluated before screens in first path processing.

B.

Zone-based security policies reference both source and destination zones.

C.

Security policies are evaluated in both first path and fast path processing.

D.

Zone-based security policies only apply to intra-zone traffic.

Full Access
Question # 20

Which two statements are correct about enabling the Avira Antivirus engine on an SRX Series Firewall? (Choose two.)

A.

A license is required.

B.

A license is not required.

C.

A reboot is required.

D.

A reboot is not required.

Full Access
Question # 21

When traffic enters an interface, which two results does a route lookup determine? (Choose two.)

A.

egress interface

B.

egress security zone

C.

ingress interface

D.

DNS name

Full Access
Question # 22

Click the Exhibit button.

Which security policy component is highlighted in the exhibit?

A.

security zone context

B.

unique policy name

C.

match criteria

D.

policy action

Full Access
Question # 23

What are two ways that an SRX Series device identifies content? (Choose two.)

A.

It identifies and inspects the file extension of each file.

B.

It uses AppID.

C.

It identifies file types in HTTP, FTP, and e-mail protocols.

D.

It uses ALGs.

Full Access
Question # 24

What are two purposes of configuring application sets? (Choose two.)

A.

to organize multiple applications into a single group

B.

to open dynamic ports used by particular applications for the duration of a session

C.

to organize multiple addresses into a single group

D.

to change the applications referenced in a security policy without editing the security policy

Full Access
Question # 25

What must also be enabled when using source NAT if the address pool is in the same subnet as the interface?

A.

static NAT

B.

dynamic DNS

C.

destination NAT

D.

proxy ARP

Full Access
Question # 26

What are two valid security address objects within Juniper Networks? (Choose two.)

A.

global address object

B.

prefix address object

C.

routing address object

D.

MAC address object

Full Access
Question # 27

Click the Exhibit button.

You must ensure that sessions can only be established from the external device.

Referring to the exhibit, which type of NAT is being performed?

A.

destination NAT only

B.

source NAT only

C.

static PAT only

D.

static NAT and source NAT

Full Access
Question # 28

Which two statements correctly describe static NAT? (Choose two.)

A.

It requires address ranges of the same size.

B.

Address pools are necessary.

C.

No address pools are necessary.

D.

It performs PAT.

Full Access
Question # 29

You want to enable NextGen Web Filtering (NGWF) on your SRX Series Firewall.

Which two actions must you perform in this scenario? (Choose two.)

A.

Install a NextGen Web Filtering feature license.

B.

Enable NextGen Web Filtering as the default Web Filtering type.

C.

Assign a public IP address to the loopback interface.

D.

Enable SSL host inbound traffic on the untrust security zone.

Full Access
Question # 30

Which two characteristics of destination NAT and static NAT are correct? (Choose two.)

A.

Static NAT automatically creates a matching rule for the opposite direction.

B.

Destination NAT requires address range sizes that match the devices being translated.

C.

Static NAT uses Port Address Translation.

D.

Destination NAT supports port forwarding.

Full Access
Question # 31

Referring to the exhibit, which two statements are correct? (Choose two.)

A.

This security policy is a zone-based security policy.

B.

This security policy uses a non-default inactivity timeout.

C.

This security policy permits HTTPS traffic.

D.

This security policy is the second security policy in the list.

Full Access
Question # 32

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)

A.

There is no change to the original source IP address.

B.

The original source IP address was translated to a new source IP address.

C.

There is no change to the original destination IP address.

D.

The original destination IP address was translated to a new destination IP address.

Full Access
Question # 33

Referring to the exhibit, which two statements are correct? (Choose two.)

A.

Traffic does not match this NAT rule.

B.

All traffic that ingresses the trust security zone and egresses the untrust security zone matches this NAT rule.

C.

Only traffic that matches the default route matches this NAT rule.

D.

This is the first NAT rule in the rule set.

Full Access