Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Juniper JN0-231 Security-Associate (JNCIA-SEC) Exam Practice Test

Demo: 15 questions
Total 101 questions

Security-Associate (JNCIA-SEC) Questions and Answers

Question 1

You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.

Which NAT configuration is appropriate in this scenario?

Options:

A.

source NAT with PAT

B.

destination NAT

C.

NAT-T

D.

static NAT

Question 2

You want to enable the minimum Juniper ATP services on a branch SRX Series device.

In this scenario, what are two requirements to accomplish this task? (Choose two.)

Options:

A.

Install a basic Juniper ATP license on the branch device.

B.

Configure the juniper-atp user account on the branch device.

C.

Register for a Juniper ATP account on https://sky.junipersecurity.net.

D.

Execute the Juniper ATP script on the branch device.

Question 3

SRX Series devices have a maximum of how many rollback configurations?

Options:

A.

40

B.

60

C.

50

D.

10

Question 4

Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

Options:

A.

UDP traffic matched by the deny-all policy will be silently dropped.

B.

TCP traffic matched by the reject-all policy will have a TCP RST sent.

C.

TCP traffic matched from the zone trust is allowed by the permit-all policy.

D.

UDP traffic matched by the reject-all policy will be silently dropped.

Question 5

Which statement is correct about global security policies on SRX Series devices?

Options:

A.

The to-zone any command configures a global policy.

B.

The from-zone any command configures a global policy.

C.

Global policies are always evaluated first.

D.

Global policies can include zone context.

Question 6

Which statement is correct about static NAT?

Options:

A.

Static NAT supports port translation.

B.

Static NAT rules are evaluated after source NAT rules.

C.

Static NAT implements unidirectional one-to-one mappings.

D.

Static NAT implements unidirectional one-to-many mappings.

Question 7

In J-Web. the management and loopback address configuration option allows you to configure which area?

Options:

A.

the IP address of the primary Gigabit Ethernet port

B.

the IP address of the Network Time Protocol server

C.

the CIDR address

D.

the IP address of the device management port

Question 8

You want to verify the peer before IPsec tunnel establishment.

What would be used as a final check in this scenario?

Options:

A.

traffic selector

B.

perfect forward secrecy

C.

st0 interfaces

D.

proxy ID

Question 9

What is the default timeout value for TCP sessions on an SRX Series device?

Options:

A.

30 seconds

B.

60 minutes

C.

60 seconds

D.

30 minutes

Question 10

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the

Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.

Which two NAT types must be used to complete this project? (Choose two.)

Options:

A.

static NAT

B.

hairpin NAT

C.

destination NAT

D.

source NAT

Question 11

Click the Exhibit button.

What is the purpose of the host-inbound-traffic configuration shown in the exhibit?

Options:

A.

to permit host inbound HTTP traffic and deny all other traffic on the internal security zone

B.

to deny and log all host inbound traffic on the internal security zone, except for HTTP traffic

C.

to permit all host inbound traffic on the internal security zone, but deny HTTP traffic

D.

to permit host inbound HTTP traffic on the internal security zone

Question 12

Which statement is correct about packet mode processing?

Options:

A.

Packet mode enables session-based processing of incoming packets.

B.

Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security services.

C.

Packet mode bypasses the flow module.

D.

Packet mode is the basis for stateful processing.

Question 13

What are three Junos UTM features? (Choose three.)

Options:

A.

screens

B.

antivirus

C.

Web filtering

D.

IDP/IPS

E.

content filtering

Question 14

What are two functions of Juniper ATP Cloud? (Choose two.)

Options:

A.

malware inspection

B.

Web content filtering

C.

DDoS protection

D.

Geo IP feeds

Question 15

Which two security features inspect traffic at Layer 7? (Choose two.)

Options:

A.

IPS/IDP

B.

security zones

C.

application firewall

D.

integrated user firewall

Demo: 15 questions
Total 101 questions