JN0-332無料問題集「Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)」

質問 1

An engineer has just created a single policy allowing ping traffic from a host in the Users zone to a server in the Servers zone.
When the host pings the server, what will happen to the return traffic?

（A）The return traffic will match the new policy and will be permitted.

（B）The return traffic will match the session and will be permitted.

（C）The return traffic will not be permitted; it will need a separate policy.

（D）The return traffic will not be permitted; it will match the system default policy.

正解：B 解答を投票する

質問 2

Click the Exhibit button.

Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?

（A）The security policy from the trust zone to the untrust zone does not permit ping.

（B）The trust zone does not have ping enabled as a host-inbound-traffic service.

（C）The untrust zone does not have a management policy configured.

（D）No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.

正解：A 解答を投票する

質問 3

-- Exhibit - -- Exhibit -

Click the Exhibit button.
A server in the DMZ of your company is under attack. The attacker is opening a large number of TCP connections to your server which causes resource utilization problems on the server. All of the connections from the attacker appear to be coming from a single IP address.
Referring to the exhibit, which Junos Screen option should you enable to limit the effects of the attack while allowing legitimate traffic?

（A）Apply the Junos Screen option limit-session destination-based-ip to the Untrust security zone.

（B）Apply the Junos Screen option limit-session source-based-ip to the Untrust security zone.

（C）Apply the Junos Screen option limit-session source-based-ip to the DMZ security zone.

（D）Apply the Junos Screen option limit-session destination-based-ip to the DMZ security zone.

正解：B 解答を投票する

質問 4

You must configure a SCREEN option that would protect your device from a session table flood. Which configuration meets this requirement?

（A）[edit security screen]
user@host# show
ids-option protectFromFlood {
udp {
flood threshold 5000;
}
}

（B）[edit security screen]
user@host# show
ids-option protectFromFlood {
limit-session {
source-ip-based 1200;
destination-ip-based 1200;
}
}

（C）[edit security screen]
user@host# show
ids-option protectFromFlood {
tcp {
syn-flood {
attack-threshold 2000;
destination-threshold 2000;
}
}
}

（D）[edit security screen]
user@host# show
ids-option protectFromFlood {
icmp {
ip-sweep threshold 5000;
flood threshold 2000;
}
}

正解：B 解答を投票する

質問 5

You have just manually failed over Redundancy Group 0 on Node 0 to Node 1. You notice Node 0 is now in a secondary-hold state.
Which statement is correct?

（A）The previous primary node moves to the secondary-hold state because an issue occurred during failover. It stays in that state until the issue is resolved.

（B）The previous primary node moves to the secondary-hold state and stays there until manually reset, after which it moves to the secondary state.

（C）The previous primary node moves to the secondary-hold state and stays there until manually failed back to the primary node.

（D）The previous primary node moves to the secondary-hold state and stays there until the hold-down interval expires, after which it moves to the secondary state.

正解：D 解答を投票する

質問 6

-- Exhibit -

-- Exhibit --
Click the Exhibit button.
Referring to the exhibit, you have just committed the UTM configuration.
Which statement is correct?

（A）Intelligent prescreening is configured.

（B）Intelligent prescreening is not configured.

（C）Kaspersky scanning is configured.

（D）Sophos scanning is configured.

正解：A 解答を投票する

質問 7

-- Exhibit --
[edit security nat]
user@host# show source
pool pool-one {
address {
68.183.13.0/24;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule pool-nat {
match {
source-address 10.10.10.1/24;
}
then {
source-nat {
pool {
pool-one;
}
}
}
}
rule no-nat {
match {
destination-address 192.150.2.140/32;
}
then {
source-nat {
off;
}
}
}
}
-- Exhibit --
Click the Exhibit button.
You have implemented source NAT using a source pool for address translation. However, traffic destined for 192.150.2.140 should not have NAT applied to it. The configuration shown in the exhibit is not working correctly.
Which change is needed to correct this problem?

（A）The no-nat rule should be in a separate rule-set.

（B）Destination NAT should be used to exclude the traffic destined for 192.150.2.140.

（C）Proxy ARP needs to be applied on the 192.150.2.140 address for the rule to function.

（D）Insert no-nat before pool-nat.

正解：D 解答を投票する

質問 8

You want to configure one-to-one static mapping of IP addresses using an address pool without using PAT on an SRX Series device. Which source NAT option would you use?

（A）Proxy ARP

（B）Overflow pool

（C）Address shifting

（D）Interface-based source NAT

正解：C 解答を投票する

質問 9

Which antivirus solution integrated on branch SRX Series devices do you use to ensure maximum virus coverage for network traffic?

（A）ICAP

（B）full AV

（C）desktop AV

（D）express AV

正解：B 解答を投票する

質問 10

Which Junos NAT implementation requires the use of proxy ARP?

（A）destination NAT using a pool outside the IP network of the device's interface

（B）source NAT using a pool in the same IP network as the device's interface

（C）source NAT using a pool outside the IP network of the device's interface

（D）source NAT using the device's egress interface

正解：B 解答を投票する

JN0-332 無料問題集「Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)」

弊社を連絡する

関連リンク

トップ試験