Juniper qualifications is a vital qualifications in the market of data know-how. The brand Juniper is plenty with regard to encouraging a good bright future for yourself. The particular Juniper accreditation examine the quality of expertness that this specific includes. The particular Juniper is devoted to helping the innovativeness in the industry experts. Most of these Juniper certificationssuch while JN0-332 boost your functions plus completely transform you actually in to really accomplished applicants in the place.
2021 Oct JN0-332 exam prep
Q101. Which Junos security feature helps protect against spam, viruses, trojans, and malware?
A. session-based stateful firewall
B. IPsec VPNs
C. security policies
D. Unified Threat Management
Answer: D
Q102. Which two statements about the use of SCREEN options are correct? (Choose two.)
A. SCREEN options offer protection against various attacks.
B. SCREEN options are deployed prior to route and policy processing in first path packet processing.
C. SCREEN options are deployed at the ingress and egress sides of a packet flow.
D. When you deploy SCREEN options, you must take special care to protect OSPF.
Answer: AB
Q103. Which IDP policy action drops a packet before it can reach its destination, but does not close the connection?
A. discard-packet
B. drop-traffic
C. discard-traffic
D. drop-packet
Answer: D
Q104. Click the Exhibit button.
user@host> show interfaces ge-0/0/0.0 | match host-inbound
Allowed host-inbound traffic : ping ssh telnet
Which configuration would result in the output shown in the exhibit?
A. [edit security zones security-zone trust]
user@host# show
host-inbound-traffic {
system-services {
ping;
telnet;
}}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
telnet;
}}}}
B. [edit security zones functional-zone management]
user@host# show
interfaces {
all;
}
host-inbound-traffic {
system-services {
all;
ftp {
except;
}}}
C. [edit security zones functional-zone management]
user@host# show
interfaces {
all {
host-inbound-traffic {
system-services {
ping;
}}}}
host-inbound-traffic {
system-services {
telnet;
ssh;
}}
D. [edit security zones security-zone trust]
user@host# show
host-inbound-traffic {
system-services {
ssh;
ping;
telnet;
}}
interfaces {
ge-0/0/3.0 {
host-inbound-traffic {
system-services {
ping;
}}}
ge-0/0/0.0;
}
Answer: D
Q105. -- Exhibit --[edit security policies from-zone untrust to-zone junos-host]
user@host# show
policy allow-management {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
[edit security zones security-zone untrust]
user@host# show
host-inbound-traffic {
protocols {
ospf;
}
}
interfaces {
ge-0/0/0.0;
}
-- Exhibit --
Click the Exhibit button.
Referring to the exhibit, you want to be able to manage your SRX Series device from the Internet using SSH. You have created a security policy to allow the traffic to flow into the SRX device.
Which additional configuration step is required?
A. Define the junos-host zone and add the SSH service to it.
B. Add the SSH service to the untrust zone.
C. Define the junos-host zone, add the SSH service and the loopback interface to it.
D. Rewrite the security policy to allow SSH traffic from the untrust zone to the global zone.
Answer: B
Rebirth JN0-332 exam:
Q106. What are two rulebase types within an IPS policy on an SRX Series device? (Choose two.)
A. rulebase-ips
B. rulebase-ignore
C. rulebase-idp
D. rulebase-exempt
Answer: AD
Q107. Which URL database do branch SRX Series devices use when leveraging local Web filtering?
A. The SRX Series device will download the database from an online repository to locally inspect HTTP traffic for Web filtering.
B. The SRX Series device will use an offline database to locally inspect HTTP traffic for Web filtering.
C. The SRX Series device will redirect local HTTP traffic to an external Websense server for Web filtering.
D. The SRX Series administrator will define the URLs and their associated action in the local database to inspect the HTTP traffic for Web filtering.
Answer: D
Q108. Click the Exhibit button.
[edit schedulers]
user@host# show
scheduler now {
monday all-day;
tuesday exclude;
wednesday {
start-time 07:00:00 stop-time 18:00:00;
}
thursday {
start-time 07:00:00 stop-time 18:00:00;
}}
[edit security policies from-zone Private to-zone External]
user@host# show
policy allowTransit {
match {
source-address PrivateHosts;
destination-address ExtServers;
application ExtApps;
}
then {
permit {
tunnel {
ipsec-vpn myTunnel;
}}}
scheduler-name now;
}
Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?
A. The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
B. The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.
C. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.
D. The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
Answer: C
Q109. Which card performs flow lookup on incoming packets on high-end SRX Series devices?
A. Network Processing Card (NPC)
B. Services Processing Card (SPC)
C. Switch Control Board (SCB)
D. Routing Engine (RE)
Answer: A
Q110. Which two statements about the Diffie-Hellman (DH) key exchange process are correct? (Choose two.)
A. In the DH key exchange process, the session key is never passed across the network.
B. In the DH key exchange process, the public and private keys are mathematically related using the DH algorithm.
C. In the DH key exchange process, the session key is passed across the network to the peer for confirmation.
D. In the DH key exchange process, the public and private keys are not mathematically related, ensuring higher security.
Answer: AB