JN0-332 testing material(181 to 195) for client: Apr 2016 Edition

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW JN0-332 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/JN0-332-dumps.html


Free of JN0-332 exam question materials and pack for Juniper certification for IT specialist, Real Success Guaranteed with Updated JN0-332 pdf dumps vce Materials. 100% PASS uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC) exam Today!

2016 Apr JN0-332 Study Guide Questions:

Q181. Which three elements are contained in a session-close log message? (Choose three.) 

A. source IP address 

B. DSCP value 

C. number of packets transferred 

D. policy name 

E. MAC address 

Answer: ACD 


Q182. Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP? (Choose three.) 

A. data integrity 

B. data confidentiality 

C. data authentication 

D. outer IP header confidentiality 

E. outer IP header authentication 

Answer: ABC 


Q183. Which two statements about the use of SCREEN options are correct? (Choose two.) 

A. SCREEN options offer protection against various attacks. 

B. SCREEN options are deployed prior to route and policy processing in first path packet processing. 

C. SCREEN options are deployed at the ingress and egress sides of a packet flow. 

D. When you deploy SCREEN options, you must take special care to protect OSPF. 

Answer: AB 


Q184. -- Exhibit --[edit interfaces] 

ge-0/0/1 { 

unit 0 { 

family ethernet-switching { 

vlan { 

members vlan-trust; 

[edit vlans] 

vlan-trust { 

vlan-id 3; 


l3-interface vlan.0; 

-- Exhibit --

Click the Exhibit button. 

Referring to the exhibit, you need to allow ping traffic into interface ge-0/0/1. 

Which configuration step will accomplish this task? 

A. set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping 

B. set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services ping 

C. set security zones security-zone trust interfaces vlan-trust host-inbound-traffic system-services ping 

D. set security zones security-zone trust interfaces vlan.0 host-inbound-traffic system-services ping 

Answer: D 


Q185. Which statement is true when express AV detects a virus in a TCP session? 

A. A TCP RST is sent and the session is restarted. 

B. The TCP connection is closed gracefully and the data content is dropped. 

C. TCP traffic is allowed and an SNMP trap is sent. 

D. AV scanning is restarted. 

Answer: B 


JN0-332 test question

Latest JN0-332 question:

Q186. -- Exhibit – -- Exhibit --

Click the Exhibit button. 

Referring to the exhibit, failover to Node 0 occurred for Redundancy Group 2 because of an interface failure. The interface has since been restored, but Node 0 is still the primary node for Redundancy Group 2. 

Which two actions will restore Node 1 as the primary node for Redundancy Group 2? (Choose two.) 

A. Decrease the priority of Node 1 to 100. 

B. Increase the priority of Node 1 to 255. 

C. Configure preempt under Redundancy Group 2. 

D. Manually fail over to Redundancy Group 2. 

Answer: CD 


Q187. Which three options represent IDP policy match conditions? (Choose three.) 

A. service 

B. to-zone 

C. attacks 

D. port 

E. destination-address 

Answer: BCE 


Q188. -- Exhibit – 

-- Exhibit --

Click the Exhibit button. 

Referring to the exhibit, which policy will allow traffic from Host 1, Host 2, and Host 3 to the Internet? 

A. [edit security policies] user@host# show global { policy allow-internet { match { 

source-address [ host-1 host-2 host-3 ]; 

destination-address any; 

application any; 

then permit; 


B. [edit security policies] 

user@host# show 

from-zone all to-zone all { 

policy allow-internet { 

match { 

source-address [ host-1 host-2 host-3 ]; 

destination-address any; 

application any; 

then permit; 


C. [edit security policies] 

user@host# show 

default { 

policy allow-internet { 

match { 

source-address [ host-1 host-2 host-3 ]; 

destination-address any; 

application any; 

then permit; 


D. [edit security policies] 

user@host# show 

from-zone any to-zone any { 

policy allow-internet { 

match { 

source-address [ host-1 host-2 host-3 ]; 

destination-address any; 

application any; 

then permit; 

Answer: A 


Q189. Which attribute is required for all IKE phase 2 negotiations? 

A. proxy-ID 

B. preshared key 

C. Diffie-Hellman group key 

D. main or aggressive mode 

Answer: A 


Q190. Which zone is system-defined? 

A. security 

B. functional 

C. junos-global 

D. management 

Answer: C 


JN0-332 rapidshare

Guaranteed JN0-332 questions:

Q191. A PC in the trust zone is trying to ping a host in the untrust zone. Referring to the exhibit, which type of NAT is configured? 

A. source NAT 

B. destination NAT 

C. static NAT 

D. NAT pool 

Answer: A 


Q192. You are deploying a branch site which connects to two hub locations over an IPsec VPN. The branch SRX Series device should send all traffic to the first hub unless it is unreachable and should then direct traffic to the second hub. You must use static routes to send traffic towards the hub site. 

Which two technologies should you use to fail over from a primary to a secondary tunnel in less than 60 seconds? (Choose two.) 

A. dead peer detection 

B. VPN monitoring 

C. floating static routes 

D. IP monitoring 

Answer: BD 


Q193. What is a security policy? 

A. a set of rules that controls traffic from a specified source to a specified destination using a specified service 

B. a collection of one or more network segments sharing identical security requirements 

C. a method of providing a secure connection across a network 

D. a tool to protect against DoS attacks 

Answer: A 


Q194. You have deployed enhanced Web filtering on an SRX Series device. A user requests a URL that is not in the URL filtering cache. 

What happens? 

A. The request is permitted immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests. 

B. The request is blocked immediately but the SRX device then requests the category from the configured server and caches the response for use with subsequent requests. 

C. The SRX device requests the category from the configured server. Once the response is received, the SRX device processes the request against the policy based on the information received and caches the response. 

D. The SRX device will either permit or deny the request immediately depending on the configuration in the UTM policy. The SRX device then requests the category from the central server and caches the response for use with subsequent requests. 

Answer: C 


Q195. Click the Exhibit button. 

-- Exhibit --

user@host> show security utm web-filtering statistics 

UTM web-filtering statistics: 

Total requests: 298171 

white list hit: 0 

Black list hit: 0 

Queries to server: 17641 

Server reply permit: 14103 Server reply block: 3538 Custom category permit: 0 Custom category block: 0 Cache hit permit: 171020 Cache hit block: 109510 Web-filtering sessions in total: 4000 Web-filtering sessions in use: 0 Fallback: log-and-permit block Default 0 0 Timeout 0 0 Connectivity 0 0 

Too-many-requests 758 0 -- Exhibit --

Which two statements are true about the output shown in the exhibit on the branch SRX device? (Choose two.) 

A. Redirect Web filtering is being used. 

B. Integrated Web filtering is being used. 

C. At some point the SRX had more than 4000 concurrent Web sessions. 

D. Local Web filtering is being used. 

Answer: BC 



see more uniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)