Ask Question
Juniper JN0-231 Practice Test - Questions Answers
Question list
List of questions
Related questions
Question 1
Which two criteria should a zone-based security policy include? (Choose two.)
Explanation:
A security policy is a set of statements that controls traffic from a specified source to a specified destination using a specified service. A policy permits, denies, or tunnels specified types of traffic unidirectionally between two points.
Each policy consists of:
A unique name for the policy.
A from-zone and a to-zone, for example: user@host# set security policies from-zone untrust to-zone untrust A set of match criteria defining the conditions that must be satisfied to apply the policy rule. The match criteria are based on a source IP address, destination IP address, and applications. The user identity firewall provides greater granularity by including an additional tuple, source-identity, as part of the policy statement.
A set of actions to be performed in case of a match—permit, deny, or reject.
Accounting and auditing elements—counting, logging, or structured system logging.
https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topicmap/security-policy-configuration.html
Question 2
You are assigned a project to configure SRX Series devices to allow connections to your webservers.
The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)
Question 3
You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?
Question 4
Click the Exhibit button.
Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?
Question 5
You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)
Explanation:
https://manuals.plus/m/95fded847e67e8f456453182a54526ba3224a61a337c47177244d345d1f3b19e.pdf
Question 6
SRX Series devices have a maximum of how many rollback configurations?
Question 7
Unified threat management (UTM) inspects traffic from which three protocols? (Choose three.)
Explanation:
https://www.inetzero.com/blog/unified-threat-management-deeper-dive-traffic-inspection/
Question 8
When are Unified Threat Management services performed in a packet flow?
Explanation:
https://iosonounrouter.wordpress.com/2018/07/07/how-does-a-flow-based-srx-work/
Question 9
When configuring antispam, where do you apply any local lists that are configured?
Explanation:
https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/securitylocal-list-antispam-filtering.html
Question 10
Screens on an SRX Series device protect against which two types of threats? (Choose two.)
Explanation:
ICMP flood
Use the ICMP flood IDS option to protect against ICMP flood attacks. An ICMP flood attack typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.
The threshold value defines the number of ICMP packets per second (pps) allowed to be send to the same destination address before the device rejects further ICMP packets.
IP spoofing
Use the IP address spoofing IDS option to prevent spoofing attacks. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.
https://www.juniper.net/documentation/us/en/software/junos/denial-of-service/topics/topicmap/security-introduction-to-adp.html
Question