JN0-231 Exam Dumps - Security-Associate (JNCIA-SEC)

Question # 4

Click the Exhibit button.

You are asked to allow only ping and SSH access to the security policies shown in the exhibit.

Which statement will accomplish this task?

Rename policy Rule-2 to policy Rule-0.

Insert policy Rule-2 before policy Rule-1.

Replace application any with application [junos-ping junos-ssh] in policy Rule-1.

Rename policy Rule-1 to policy Rule-3.

Full Access

Question # 5

You want to block executable files ("exe) from being downloaded onto your network.

Which UTM feature would you use in this scenario?

IPS

Web filtering

content filtering

antivirus

Full Access

Question # 6

Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)

Junos-host

functional

null

management

Full Access

Question # 7

Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

UDP traffic matched by the deny-all policy will be silently dropped.

TCP traffic matched by the reject-all policy will have a TCP RST sent.

TCP traffic matched from the zone trust is allowed by the permit-all policy.

UDP traffic matched by the reject-all policy will be silently dropped.

Full Access

Question # 8

What are two features of the Juniper ATP Cloud service? (Choose two.)

sandbox

malware detection

EX Series device integration

honeypot

Full Access

Question # 9

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.

Which NAT type must be used to complete this project?

source NAT

destination NAT

static NAT

hairpin NAT

Full Access

Question # 10

Which two statements are correct about global policies? (Choose two.)

Global policies are evaluated after default policies.

Global policies do not have to reference zone context.

Global policies are evaluated before default policies.

Global policies must reference zone contexts.

Full Access

Question # 11

Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You configure destination NAT to your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server.

In this scenario, which two configuration features need to be added? (Choose two.)

firewall filter

security policy

proxy-ARP

UTM policy

Full Access

Question # 12

You are investigating a communication problem between two hosts and have opened a session on the SRX Series device closest to one of the hosts and entered the show security flow session command.

What information will this command provide? (Choose two.)

The total active time of the session.

The end-to-end data path that the packets are taking.

The IP address of the host that initiates the session.

The security policy name that is controlling the session.

Full Access

Question # 13

When creating a site-to-site VPN using the J-Web shown in the exhibit, which statement is correct?

The remote gateway is configured automatically based on the local gateway settings.

RIP, OSPF, and BGP are supported under Routing mode.

The authentication method is pre-shared key or certificate based.

Privately routable IP addresses are required.