ExamGecko
Search Search Login
Home Home / Juniper / JN0-231

Juniper JN0-231 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When configuring antispam, where do you apply any local lists that are configured?
Which two IKE Phase 1 configuration options must match on both peers to successfully establish a tunnel? (Choose two.)
What is the default timeout value for TCP sessions on an SRX Series device?
Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)
You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file. In this scenario, which command would accomplish this task?
Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)
Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?
Which statement is correct about unified security policies on an SRX Series device?
Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall. In this scenario, which security feature would you use to satisfy this request?
Which two statements are correct about screens? (Choose two.)

Question 91

Report
Export
Collapse

Which two statements about the Junos OS CLI are correct? (Choose two.)

A.
The default configuration requires you to log in as the admin user.
A.
The default configuration requires you to log in as the admin user.
Answers
B.
A factory-default login assigns the hostname Amnesiac to the device.
B.
A factory-default login assigns the hostname Amnesiac to the device.
Answers
C.
Most Juniper devices identify the root login prompt using the % character.
C.
Most Juniper devices identify the root login prompt using the % character.
Answers
D.
Most Juniper devices identify the root login prompt using the > character.
D.
Most Juniper devices identify the root login prompt using the > character.
Answers
Suggested answer: A, D

Explanation:

The two correct statements about the Junos OS CLI are that the default configuration requires you to log in as the admin user, and that most Juniper devices identify the root login prompt using the > character. The factory-default login assigns the hostname "juniper" to the device and the root login prompt is usually identified with the % character. More information about the Junos OS CLI can be found in the Juniper Networks technical documentation here:https:// www.juniper.net/documentation/en_US/junos/topics/reference/commandsummary/ cli-overview.html.

Question 92

Report
Export
Collapse

Which two statements about user-defined security zones are correct? (Choose two.)

A.
Users cannot share security zones between routing instances.
A.
Users cannot share security zones between routing instances.
Answers
B.
Users can configure multiple security zones.
B.
Users can configure multiple security zones.
Answers
C.
Users can share security zones between routing instances.
C.
Users can share security zones between routing instances.
Answers
D.
User-defined security zones do not apply to transit traffic.
D.
User-defined security zones do not apply to transit traffic.
Answers
Suggested answer: B, C

Explanation:

User-defined security zones allow users to configure multiple security zones and share them between routing instances. This allows users to easily manage multiple security zones and their associated policies. For example, a user can create a security zone for corporate traffic, a security zone for guest traffic, and a security zone for public traffic, and then configure policies to control the flow of traffic between each of these security zones. Transit traffic can also be managed using userdefined security zones, as the policies applied to these zones will be applied to the transit traffic as well.

Reference:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-zonesoverview-configuring.html

https://www.juniper.net/documentation/en_US/junos/topics/task/security/security-zonesconfiguring-shared.html

Question 93

Report
Export
Collapse

Which Web filtering solution uses a direct Internet-based service for URL categorization?

A.
Juniper ATP Cloud
A.
Juniper ATP Cloud
Answers
B.
Websense Redirect
B.
Websense Redirect
Answers
C.
Juniper Enhanced Web Filtering
C.
Juniper Enhanced Web Filtering
Answers
D.
local blocklist
D.
local blocklist
Answers
Suggested answer: C

Explanation:

Juniper Enhanced Web Filtering is a web filtering solution that uses a direct Internet-based service for URL categorization. This service allows Enhanced Web Filtering to quickly and accurately categorize URLs and other web content, providing real-time protection against malicious content.

Additionally, Enhanced Web Filtering is able to provide detailed reporting on web usage, as well as the ability to define and enforce acceptable use policies.

Reference: https://www.juniper.net/documentation/en_US/junos-space-securitydirector/topics/task/configuration/security-services-web-filtering-enhanced.html

https://www.juniper.net/documentation/en_US/junos-space-securitydirector/topics/task/configuration/security-services-web-filtering-enhanced-overview.html

Question 94

Report
Export
Collapse

Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)

A.
Junos-host
A.
Junos-host
Answers
B.
functional
B.
functional
Answers
C.
null
C.
null
Answers
D.
management
D.
management
Answers
Suggested answer: A, C

Explanation:

Junos-host and null are two non-configurable zones that exist by default on an SRX Series device.

Junos-host is the default zone for all internal interfaces and services, such as management and other loopback interfaces. The null zone is used to accept all traffic that is not explicitly accepted by other security policies, and is the default zone for all unclassified traffic. Both zones cannot be modified or deleted.

Reference:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-zonesoverview.html

https://www.juniper.net/documentation/en_US/junos/topics/reference/configurationstatement/security-zones-default-zone-configuration.html

Question 95

Report
Export
Collapse

Which two statements are true about Juniper ATP Cloud? (Choose two.)

A.
Juniper ATP Cloud is an on-premises ATP appliance.
A.
Juniper ATP Cloud is an on-premises ATP appliance.
Answers
B.
Juniper ATP Cloud can be used to block and allow IPs.
B.
Juniper ATP Cloud can be used to block and allow IPs.
Answers
C.
Juniper ATP Cloud is a cloud-based ATP subscription.
C.
Juniper ATP Cloud is a cloud-based ATP subscription.
Answers
D.
Juniper ATP Cloud delivers intrusion protection services.
D.
Juniper ATP Cloud delivers intrusion protection services.
Answers
Suggested answer: C, D

Explanation:

Juniper ATP Cloud is a cloud-based ATP subscription that delivers advanced threat protection services, such as URL categorization, file reputation analysis, and malware analysis. It is able to quickly and accurately categorize URLs and other web content, and can also provide detailed reporting on web usage, as well as the ability to define and enforce acceptable use policies.

Additionally, Juniper ATP Cloud is able to block and allow specific IPs, providing additional protection against malicious content.

Reference: https://www.juniper.net/documentation/en_US/junos-space-securitydirector/topics/task/configuration/security-services-web-filtering-atp-cloud.html

https://www.juniper.net/documentation/en_US/junos-space-securitydirector/topics/task/configuration/security-services-web-filtering-atp-cloud-overview.html

Question 96

Report
Export
Collapse

Which two addresses are valid address book entries? (Choose two.)

A.
173.145.5.21/255.255.255.0
A.
173.145.5.21/255.255.255.0
Answers
B.
153.146.0.145/255.255.0.255
B.
153.146.0.145/255.255.0.255
Answers
C.
203.150.108.10/24
C.
203.150.108.10/24
Answers
D.
191.168.203.0/24
D.
191.168.203.0/24
Answers
Suggested answer: A, C

Explanation:

The correct address book entries are:

173.145.5.21/255.255.255.0

203.150.108.10/24

Both of these entries represent a valid IP address and subnet mask combination, which can be used as an address book entry in a Juniper device.

Question 97

Report
Export
Collapse

An application firewall processes the first packet in a session for which the application has not yet been identified.

In this scenario, which action does the application firewall take on the packet?

A.
It allows the first packet.
A.
It allows the first packet.
Answers
B.
It denies the first packet and sends an error message to the user.
B.
It denies the first packet and sends an error message to the user.
Answers
C.
It denies the first packet.
C.
It denies the first packet.
Answers
D.
It holds the first packet until the application is identified.
D.
It holds the first packet until the application is identified.
Answers
Suggested answer: D

Explanation:

This is necessary to ensure that the application firewall can properly identify the application and the correct security policies can be applied before allowing any traffic to pass through.

If the first packet was allowed to pass without first being identified, then the application firewall would not know which security policies to apply - and this could potentially lead to security vulnerabilities or breaches. So it's important that the first packet is held until the application is identified.

Question 98

Report
Export
Collapse

Your company is adding IP cameras to your facility to increase physical security. You are asked to help protect these loT devices from becoming zombies in a DDoS attack.

Which Juniper ATP feature should you configure to accomplish this task?

A.
IPsec
A.
IPsec
Answers
B.
static NAT
B.
static NAT
Answers
C.
allowlists
C.
allowlists
Answers
D.
C&C feeds
D.
C&C feeds
Answers
Suggested answer: D

Explanation:

Juniper ATP should be configured with C&C feeds that contain lists of malicious domains and IP addresses in order to prevent IP cameras from becoming zombies in a DDoS attack.

This is an important step to ensure that the IP cameras are protected from malicious requests - and thus, they will not be able to be used in any DDoS attacks against the facility.

Question 99

Report
Export
Collapse

What are two logical properties of an interface? (Choose two.)

A.
link mode
A.
link mode
Answers
B.
IP address
B.
IP address
Answers
C.
VLAN ID
C.
VLAN ID
Answers
D.
link speed
D.
link speed
Answers
Suggested answer: B, C

Explanation:

https://www.juniper.net/documentation/us/en/software/junos/interfaces-securitydevices/topics/topic-map/security-interface-logical.html

Question 100

Report
Export
Collapse

What is the default timeout value for TCP sessions on an SRX Series device?

A.
30 seconds
A.
30 seconds
Answers
B.
60 minutes
B.
60 minutes
Answers
C.
60 seconds
C.
60 seconds
Answers
D.
30 minutes
D.
30 minutes
Answers
Suggested answer: D

Explanation:

By default, TCP has a 30-minute idle timeout, and UDP has a 60-second idle timeout. Additionally, known IP protocols have a 30-minute timeout, whereas unknown ones have a 60-second timeout.

Setting the inactivity timeout is very useful, particularly if you are concerned about applications either timing out or remaining idle for too long and filling up the session table. According to the Juniper SRX Series Services Guide, this can be configured using the 'timeout inactive' statement for the security policy.

Total 101 questions
Go to page: of 11
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms