Pass4Test에서 제공해드리는 Juniper JN0-332 (Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)) 덤프는 가장 출중한 Juniper JN0-332 (Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)) 시험전 공부자료입니다. 덤프품질은 수많은 IT인사들로부터 검증받았습니다. Juniper JN0-332 (Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)) 덤프뿐만아니라 Pass4Test에서는 모든 IT인증시험에 대비한 덤프를 제공해드립니다. IT인증자격증을 취득하려는 분들은 Pass4Test에 관심을 가져보세요. 구매의향이 있으시면 할인도 가능합니다. 고득점으로 패스하시면 지인분들께 추천도 해주실거죠?
NO.1 Review Below:
[edit security nat destination]
user@host# show
pool
A {
address 10.1.10.5/32;
}
rule-set 1 {
from zone untrust;
rule
1A {
match {
destination-address 100.0.0.1/32;
}
then
{
destination-nat pool A;
}
}
}
Which type of NAT is configured
in the exhibit?
A. static destination NAT
B. static source NAT
C.
pool-based destination NAT without PAT
D. pool-based destination NAT with
PAT
Answer: C
NO.2 Click the Exhibit button.
[edit
security]
user@host# show
zones {
security-zone ZoneA
{
tcp-rst;
host-inbound-traffic {
system-services
{
ping;
telnet;
}}
interfaces
{
ge-0/0/0.0;
ge-0/0/1.0;
}}
security-zone ZoneB {
interfaces
{
ge-0/0/3.0;
}}}
policies {
from-zone ZoneA to-zone ZoneB
{
policy A-to-B {
match {
source-address any;
destination-address
any;
application any;
}
then {
permit;
}}}}
In the exhibit, a
host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet
connection
to the device's ge-0/0/1.0 IP address.
What does the device
do?
A. The device sends back a TCP reset packet.
B. The device silently
discards the packet.
C. The device forwards the packet out the ge-0/0/1.0
interface.
D. The device responds with a TCP SYN/ACK packet and opens the
connection.
Answer: B
NO.3 Which IDP policy action closes the
connection and sends an RST packet to both the client and
the server?
A.
close-connection
B. terminate-connection
C. close-client-and-server
D.
terminate-session
Answer: C
NO.4 What is supported on the fabric
link?
A. jumbo frames
B. filters
C. fragmentation
D.
policies
Answer: A
NO.5 Click the Exhibit button.
Given the
configuration shown in the exhibit, which statement is correct?
A. If
interface ge-0/0/2 goes down node 1 will take over as redundancy group 1
primary
B. If interfaces ge-0/0/2 ge-0/0/3 and ge-0/0/4 go down, node 1 will
take over as redundancy group 1
primary
C. If interfaces ge-0/0/2 and
ge-0/0/3 go down, node 1 will take over as redundancy group 1 primary.
D.
Node 1 will never take over as redundancy group 1 primary in this
configuration.
Answer: B
NO.6 Which parameters are valid SCREEN
options for combating operating system probes?
A. syn-fin, syn-flood, and
tcp-no-frag
B. syn-fin, port-scan, and tcp-no-flag
C. syn-fin, fin-no-ack,
and tcp-no-frag
D. syn-fin, syn-ack-ack-proxy, and tcp-no-frag
Answer:
C
NO.7 You are creating a security policy on an SRX Series device with a
permit action.
What are two possible actions the device also performs on
matching traffic? (Choose two)
A. Send the traffic to a
routing-instance.
B. Send the traffic to a logical system
C. Send the
traffic to an IPSec tunnel
D. Send the traffic for IDP evaluation
Answer:
A,C
NO.8 Click the Exhibit button.
Based on the exhibit, client PC
192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for
this
problem?
A. The untrust zone does not have a management policy
configured.
B. The trust zone does not have ping enabled as a
host-inbound-traffic service.
C. The security policy from the trust zone to
the untrust zone does not permit ping.
D. No security policy exists for the
ICMP reply packet from the untrust zone to the trust zone.
Answer: C
[edit security nat destination]
user@host# show
pool
A {
address 10.1.10.5/32;
}
rule-set 1 {
from zone untrust;
rule
1A {
match {
destination-address 100.0.0.1/32;
}
then
{
destination-nat pool A;
}
}
}
Which type of NAT is configured
in the exhibit?
A. static destination NAT
B. static source NAT
C.
pool-based destination NAT without PAT
D. pool-based destination NAT with
PAT
Answer: C
NO.2 Click the Exhibit button.
[edit
security]
user@host# show
zones {
security-zone ZoneA
{
tcp-rst;
host-inbound-traffic {
system-services
{
ping;
telnet;
}}
interfaces
{
ge-0/0/0.0;
ge-0/0/1.0;
}}
security-zone ZoneB {
interfaces
{
ge-0/0/3.0;
}}}
policies {
from-zone ZoneA to-zone ZoneB
{
policy A-to-B {
match {
source-address any;
destination-address
any;
application any;
}
then {
permit;
}}}}
In the exhibit, a
host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet
connection
to the device's ge-0/0/1.0 IP address.
What does the device
do?
A. The device sends back a TCP reset packet.
B. The device silently
discards the packet.
C. The device forwards the packet out the ge-0/0/1.0
interface.
D. The device responds with a TCP SYN/ACK packet and opens the
connection.
Answer: B
NO.3 Which IDP policy action closes the
connection and sends an RST packet to both the client and
the server?
A.
close-connection
B. terminate-connection
C. close-client-and-server
D.
terminate-session
Answer: C
NO.4 What is supported on the fabric
link?
A. jumbo frames
B. filters
C. fragmentation
D.
policies
Answer: A
NO.5 Click the Exhibit button.
Given the
configuration shown in the exhibit, which statement is correct?
A. If
interface ge-0/0/2 goes down node 1 will take over as redundancy group 1
primary
B. If interfaces ge-0/0/2 ge-0/0/3 and ge-0/0/4 go down, node 1 will
take over as redundancy group 1
primary
C. If interfaces ge-0/0/2 and
ge-0/0/3 go down, node 1 will take over as redundancy group 1 primary.
D.
Node 1 will never take over as redundancy group 1 primary in this
configuration.
Answer: B
NO.6 Which parameters are valid SCREEN
options for combating operating system probes?
A. syn-fin, syn-flood, and
tcp-no-frag
B. syn-fin, port-scan, and tcp-no-flag
C. syn-fin, fin-no-ack,
and tcp-no-frag
D. syn-fin, syn-ack-ack-proxy, and tcp-no-frag
Answer:
C
NO.7 You are creating a security policy on an SRX Series device with a
permit action.
What are two possible actions the device also performs on
matching traffic? (Choose two)
A. Send the traffic to a
routing-instance.
B. Send the traffic to a logical system
C. Send the
traffic to an IPSec tunnel
D. Send the traffic for IDP evaluation
Answer:
A,C
NO.8 Click the Exhibit button.
Based on the exhibit, client PC
192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for
this
problem?
A. The untrust zone does not have a management policy
configured.
B. The trust zone does not have ping enabled as a
host-inbound-traffic service.
C. The security policy from the trust zone to
the untrust zone does not permit ping.
D. No security policy exists for the
ICMP reply packet from the untrust zone to the trust zone.
Answer: C