How to pass Juniper JN0-332 Real Exam in 24 Hours [answers 141-150]

Exam Code: JN0-332 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
Certification Provider: Juniper
Free Today! Guaranteed Training- Pass JN0-332 Exam.

2016 Jun JN0-332 Study Guide Questions:

Q141. You are required to configure a SCREEN option that enables IP source route option detection. Which two configurations meet this requirement? (Choose two.) 

A. [edit security screen] 

user@host# show 

ids-option protectFromFlood { 

ip { 

loose-source-route-option; 

strict-source-route-option; 

B. [edit security screen] 

user@host# show 

ids-option protectFromFlood { 

ip { 

source-route-option; 

C. [edit security screen] 

user@host# show 

ids-option protectFromFlood { 

ip { 

record-route-option; 

security-option; 

D. [edit security screen] 

user@host# show 

ids-option protectFromFlood { 

ip { 

strict-source-route-option; 

record-route-option; 

Answer: AB 

Q142. Which configuration shows a pool-based source NAT without PAT? 

A. [edit security nat source] 

user@host# show 

pool A { 

address { 

207.17.137.1/32 to 207.17.137.254/32; 

rule-set 1A { 

from zone trust; 

to zone untrust; 

rule 1 { 

match { 

source-address 10.1.10.0/24; 

then { 

source-nat pool A; 

port no-translation; 

B. [edit security nat source] 

user@host# show 

pool A { 

address { 

207.17.137.1/32 to 207.17.137.254/32; 

overflow-pool interface; 

rule-set 1A { 

from zone trust; 

to zone untrust; 

rule 1 { 

match { 

source-address 10.1.10.0/24; 

then { 

source-nat pool A; 

port no-translation; 

C. [edit security nat source] 

user@host# show 

pool A { 

address { 

207.17.137.1/32 to 207.17.137.254/32; 

port no-translation; 

rule-set 1A { 

from zone trust; 

to zone untrust; 

rule 1 { 

match { 

source-address 10.1.10.0/24; 

then { 

source-nat pool A; 

D. [edit security nat source]. 

user@host# show 

pool A { 

address { 

207.17.137.1/32 to 207.17.137.254/32; 

overflow-pool interface; 

rule-set 1A 

from zone trust; 

to zone untrust; 

rule 1 { 

match { 

source-address 10.1.10.0/24; 

then { 

source-nat pool A; 

Answer: C 

Q143. — Exhibit – 

— Exhibit –Click the Exhibit button. 

Referring to the exhibit, you are setting up the hub in a hub-and-spoke IPsec VPN. You have verified that all configured parameters are correct at all sites, but your IPsec VPN is not establishing to both sites. 

Which configuration parameter is missing at the hub to complete the configuration? 

A. A different external-interface is needed for vpn1. 

B. A different st0 logical interface is needed for vpn2. 

C. Establish-tunnels immediately must be configured for vpn1. 

D. Multipoint needs to be configured under the st0.0 interface. 

Answer: D 

JN0-332  exam engine

Latest JN0-332 rapidshare:

Q144. Click the Exhibit button. 

[edit security policies from-zone HR to-zone trust] 

user@host# show 

policy two { 

match { 

source-address subnet_a; 

destination-address host_b; 

application [ junos-telnet junos-ping ]; 

then { 

reject; 

}} policy one { 

match { 

source-address host_a; 

destination-address subnet_b; 

application any; 

then { 

permit; 

}} 

host_a is in subnet_a and host_b is in subnet_b. 

Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b? 

A. DNS traffic is denied. 

B. Telnet traffic is denied. 

C. SMTP traffic is denied. 

D. Ping traffic is permitted. 

Answer: B 

Q145. Which two content-filtering features does FTP support? (Choose two.) 

A. block extension list 

B. block MIME type 

C. protocol command list 

D. notifications-options 

Answer: AC 

Q146. Which statement describes an ALG? 

A. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to deny the traffic. 

B. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to permit the traffic to pass. 

C. An ALG intercepts and analyzes the specified traffic, allocates resources, and defines dynamic policies to deny the traffic. 

D. An ALG intercepts and analyzes all traffic, allocates resources, and defines dynamic policies to permit the traffic to pass. 

Answer: B 

JN0-332  exam engine

Precise JN0-332 :

Q147. Which statement is true regarding IPsec VPNs? 

A. There are five phases of IKE negotiation. 

B. There are two phases of IKE negotiation. 

C. IPsec VPN tunnels are not supported on SRX Series devices. 

D. IPsec VPNs require a tunnel PIC in SRX Series devices. 

Answer: C 

Q148. Click the Exhibit button. 

Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem? 

A. The untrust zone does not have a management policy configured. 

B. The trust zone does not have ping enabled as a host-inbound-traffic service. 

C. The security policy from the trust zone to the untrust zone does not permit ping. 

D. No security policy exists for the ICMP reply packet from the untrust zone to the trust zone. 

Answer: C 

Q149. You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under which configuration hierarchy must you permit OSPF traffic? 

A. [edit security policies from-zone HR to-zone HR] 

B. [edit security zones functional-zone management protocols] 

C. [edit security zones protocol-zone HR host-inbound-traffic] 

D. [edit security zones security-zone HR host-inbound-traffic protocols] 

Answer: D 

Q150. Which two commands can be used to monitor firewall user authentication? (Choose two.) 

A. show access firewall-authentication 

B. show security firewall-authentication users 

C. show security audit log 

D. show security firewall-authentication history 

Answer: BD 

About JN0-332 Information: JN0-332 Dumps

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.