Juniper JN0-231 JNCIA-SEC Exam Practice Test Instant Access

Question 1

Which two statements are correct about the default behavior on SRX Series devices? (Choose two.)

AThe SRX Series device is in flow mode.

BThe SRX Series device supports stateless firewalls filters.

CThe SRX Series device is in packet mode.

DThe SRX Series device does not support stateless firewall filters.

Answer : A, B

Question 2

You want to enable the minimum Juniper ATP services on a branch SRX Series device.

In this scenario, what are two requirements to accomplish this task? (Choose two.)

AInstall a basic Juniper ATP license on the branch device.

BConfigure the juniper-atp user account on the branch device.

CRegister for a Juniper ATP account on https://sky.junipersecurity.net.

DExecute the Juniper ATP script on the branch device.

Answer : C, D

https://manuals.plus/m/95fded847e67e8f456453182a54526ba3224a61a337c47177244d345d1f3b19e.pdf

Question 3

You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.

Which NAT configuration is appropriate in this scenario?

Asource NAT with PAT

Bdestination NAT

CNAT-T

Dstatic NAT

Answer : D

https://www.juniper.net/documentation/en_US/day-one-books/nat-and-pat-en.html

And the specific text that would support the above answer is as follows: 'Static NAT, which requires manual configuration, is often the most appropriate configuration for mapping one internal address to one external address.'

Question 4

Which order is correct for Junos security devices that examine policies for transit traffic?

Azone policies
global policies
default policies

Bdefault policies
zone policies
global policies

Cdefault policies
global policies
zone policies

Dglobal policies
zone policies
default policies

Answer : A

Question 5

What is the default timeout value for TCP sessions on an SRX Series device?

A30 seconds

B60 minutes

C60 seconds

D30 minutes

Answer : D

By default, TCP has a 30-minute idle timeout, and UDP has a 60-second idle timeout. Additionally, known IP protocols have a 30-minute timeout, whereas unknown ones have a 60-second timeout. Setting the inactivity timeout is very useful, particularly if you are concerned about applications either timing out or remaining idle for too long and filling up the session table. According to the Juniper SRX Series Services Guide, this can be configured using the 'timeout inactive' statement for the security policy.

Question 6

Which two statements are correct about functional zones? (Choose two.)

AFunctional zones must have a user-defined name.

BFunctional zone cannot be referenced in security policies or pass transit traffic.

CMultiple types of functional zones can be defined by the user.

DFunctional zones are used for out-of-band device management.

Answer : B, D

Question 7

What is the correct order in which interface names should be identified?

Asystem slot number --> interface media type --> port number --> line card slot number

Bsystem slot number --> port number --> interface media type --> line card slot number

Cinterface media type --> system slot number --> line card slot number --> port number

Dinterface media type --> port number --> system slot number --> line card slot number

Answer : C

Juniper Security, Associate Exam JN0-231 JNCIA-SEC Exam Practice Test