Juniper JN0-231 JNCIA-SEC Exam Questions Instant Access

Question 1

Which two criteria should a zone-based security policy include? (Choose two.)

Aa source port

Ba destination port

Czone context

Dan action

Answer : A, B

A security policy is a set of statements that controls traffic from a specified source to a specified destination using a specified service. A policy permits, denies, or tunnels specified types of traffic unidirectionally between two points.

Each policy consists of:

A unique name for the policy.

A from-zone and a to-zone, for example: user@host# set security policies from-zone untrust to-zone untrust

A set of match criteria defining the conditions that must be satisfied to apply the policy rule. The match criteria are based on a source IP address, destination IP address, and applications. The user identity firewall provides greater granularity by including an additional tuple, source-identity, as part of the policy statement.

A set of actions to be performed in case of a match---permit, deny, or reject.

Accounting and auditing elements---counting, logging, or structured system logging.

https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html

Question 2

Which statement about NAT is correct?

ADestination NAT takes precedence over static NAT.

BSource NAT is processed before security policy lookup.

CStatic NAT is processed after forwarding lookup.

DStatic NAT takes precedence over destination NAT.

Answer : D

Question 3

You want to enable the minimum Juniper ATP services on a branch SRX Series device.

In this scenario, what are two requirements to accomplish this task? (Choose two.)

AInstall a basic Juniper ATP license on the branch device.

BConfigure the juniper-atp user account on the branch device.

CRegister for a Juniper ATP account on https://sky.junipersecurity.net.

DExecute the Juniper ATP script on the branch device.

Answer : C, D

https://manuals.plus/m/95fded847e67e8f456453182a54526ba3224a61a337c47177244d345d1f3b19e.pdf

Question 4

What are two valid address books? (Choose two.)

A66.129.239.128/25

B66.129.239.154/24

C66.129.239.0/24

D66.129.239.50/25

Answer : A, C

Network Prefixes in Address Books

You can specify addresses as network prefixes in the prefix/length format. For example, 203.0.113.0/24 is an acceptable address book address because it translates to a network prefix. However, 203.0.113.4/24 is not acceptable for an address book because it exceeds the subnet length of 24 bits. Everything beyond the subnet length must be entered as 0 (zero). In special scenarios, you can enter a hostname because it can use the full 32-bit address length.

https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-address-books-sets.html

Question 5

You are asked to verify that a license for AppSecure is installed on an SRX Series device.

In this scenario, which command will provide you with the required information?

Auser@srx> show system license

Buser@srx> show services accounting

Cuser@srx> show configuration system

Duser@srx> show chassis firmware

Answer : A

Question 6

Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.

In this scenario, which security feature would you use to satisfy this request?

Aantivirus

BWeb filtering

Ccontent filtering

Dantispam

Answer : C

Question 7

You want to provide remote access to an internal development environment for 10 remote developers.

Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

Aan additional license for an SRX Series device

BJuniper Secure Connect client software

Can SRX Series device with an SPC3 services card

DMarvis virtual network assistant

Answer : A, B

Juniper Security, Associate Exam JN0-231 JNCIA-SEC Exam Questions