ExamGecko
Search Search Login
Home Home / Juniper / JN0-231

Juniper JN0-231 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When configuring antispam, where do you apply any local lists that are configured?
Which two IKE Phase 1 configuration options must match on both peers to successfully establish a tunnel? (Choose two.)
What is the default timeout value for TCP sessions on an SRX Series device?
Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)
Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)
Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?
You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file. In this scenario, which command would accomplish this task?
Which statement is correct about unified security policies on an SRX Series device?
Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall. In this scenario, which security feature would you use to satisfy this request?
Which two statements are correct about screens? (Choose two.)

Question 11

Report
Export
Collapse

Which statement about global NAT address persistence is correct?

A.
The same IP address from a source NAT pool will be assigned for all sessions from a given host.
A.
The same IP address from a source NAT pool will be assigned for all sessions from a given host.
Answers
B.
The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
B.
The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
Answers
C.
The same IP address from a destination NAT pool will be assigned for all sessions for a given host.
C.
The same IP address from a destination NAT pool will be assigned for all sessions for a given host.
Answers
D.
The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.
D.
The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.
Answers
Suggested answer: A

Explanation:

Use the persistent-nat feature to ensure that all requests from the same internal transport address are mapped to the same reflexive transport address (the public IP address and port created by the NAT device closest to the STUN server).

The source NAT rule action can use a source NAT pool (with or without port translation) or an egress interface.

Question 12

Report
Export
Collapse

You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.

Which Juniper ATP solution will accomplish this task?

A.
Geo IP
A.
Geo IP
Answers
B.
unified security policies
B.
unified security policies
Answers
C.
IDP
C.
IDP
Answers
D.
C&C feed
D.
C&C feed
Answers
Suggested answer: A

Explanation:

Juniper ATP Geo IP can help to accomplish this task by using geolocation services to determine the geographical location of IP addresses. As IP prefixes get allocated to the countries that you have specified, the Geo IP solution will automatically update the configured firewall policies to block any traffic that is coming from those specific countries.

This is a great solution for blocking specific countries - as it will allow for a more personalized and targeted approach to firewall policies - and thus, to increase the effectiveness of the solution at blocking potential malicious traffic.

Question 13

Report
Export
Collapse

Which two statements are correct about IKE security associations? (Choose two.)

A.
IKE security associations are established during IKE Phase 1 negotiations.
A.
IKE security associations are established during IKE Phase 1 negotiations.
Answers
B.
IKE security associations are unidirectional.
B.
IKE security associations are unidirectional.
Answers
C.
IKE security associations are established during IKE Phase 2 negotiations.
C.
IKE security associations are established during IKE Phase 2 negotiations.
Answers
D.
IKE security associations are bidirectional.
D.
IKE security associations are bidirectional.
Answers
Suggested answer: A, D

Question 14

Report
Export
Collapse

You want to deploy a NAT solution.

In this scenario, which solution would provide a static translation without PAT?

A.
interface-based source NAT
A.
interface-based source NAT
Answers
B.
pool-based NAT with address shifting
B.
pool-based NAT with address shifting
Answers
C.
pool-based NAT with PAT
C.
pool-based NAT with PAT
Answers
D.
pool-based NAT without PAT
D.
pool-based NAT without PAT
Answers
Suggested answer: B

Explanation:

Translation of the original source IP address to an IP address from a user-defined address pool by shifting the IP addresses. This type of translation is one-to-one, static, and without port address translation. If the original source IP address range is larger than the IP address range in the userdefined pool, untranslated packets are dropped.

https://www.juniper.net/documentation/us/en/software/junos/nat/topics/topic-map/nat-securitysource-and-source-pool.html

Question 15

Report
Export
Collapse

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

A.
firewall filters
A.
firewall filters
Answers
B.
UTM
B.
UTM
Answers
C.
Juniper ATP Cloud
C.
Juniper ATP Cloud
Answers
D.
IPS
D.
IPS
Answers
Suggested answer: C

Explanation:

Malware Sandboxing

Detect and stop zero-day and commodity malware within web, email, data center, and application traffic targeted for Windows, Mac, and IoT devices.

https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html

Question 16

Report
Export
Collapse

You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.

Which NAT configuration is appropriate in this scenario?

A.
source NAT with PAT
A.
source NAT with PAT
Answers
B.
destination NAT
B.
destination NAT
Answers
C.
NAT-T
C.
NAT-T
Answers
D.
static NAT
D.
static NAT
Answers
Suggested answer: D

Explanation:

https://www.juniper.net/documentation/en_US/day-one-books/nat-and-pat-en.htmlAnd the specific text that would support the above answer is as follows: "Static NAT, which requiresmanual configuration, is often the most appropriate configuration for mapping one internal addressto one external address."

Question 17

Report
Export
Collapse

You want to provide remote access to an internal development environment for 10 remote developers.

Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

A.
an additional license for an SRX Series device
A.
an additional license for an SRX Series device
Answers
B.
Juniper Secure Connect client software
B.
Juniper Secure Connect client software
Answers
C.
an SRX Series device with an SPC3 services card
C.
an SRX Series device with an SPC3 services card
Answers
D.
Marvis virtual network assistant
D.
Marvis virtual network assistant
Answers
Suggested answer: A, B

Question 18

Report
Export
Collapse

You are deploying an SRX Series firewall with multiple NAT scenarios.

In this situation, which NAT scenario takes priority?

A.
interface NAT
A.
interface NAT
Answers
B.
source NAT
B.
source NAT
Answers
C.
static NAT
C.
static NAT
Answers
D.
destination NAT
D.
destination NAT
Answers
Suggested answer: A

Explanation:

This is because the interface NAT would allow the connections to pass through the firewall - and thus, would ensure that the appropriate ports are open in order to allow for the connections to be established.

This is a really important step in order to ensure that all of the appropriate traffic is allowed through the SRX Series firewall - and thus, it must be a priority when deploying the firewall.

Question 19

Report
Export
Collapse

Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You configure destination NAT to your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server.

In this scenario, which two configuration features need to be added? (Choose two.)

A.
firewall filter
A.
firewall filter
Answers
B.
security policy
B.
security policy
Answers
C.
proxy-ARP
C.
proxy-ARP
Answers
D.
UTM policy
D.
UTM policy
Answers
Suggested answer: B, C

Question 20

Report
Export
Collapse

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)

A.
The DMZ routing-instance is the source.
A.
The DMZ routing-instance is the source.
Answers
B.
The 10.10.102.10 IP address is the source.
B.
The 10.10.102.10 IP address is the source.
Answers
C.
The 10.10.102.10 IP address is the destination.
C.
The 10.10.102.10 IP address is the destination.
Answers
D.
The DMZ routing-instance is the destination.
D.
The DMZ routing-instance is the destination.
Answers
Suggested answer: A, C
Total 101 questions
Go to page: of 11
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms