Free Dumps, Free Juniper Dump
Free JN0-231 Dump
Question #1
Which two criteria should a zone-based security policy include? (Choose two.)
- A. a source port
- B. a destination port
- C. zone context
- D. an action
Correct Answer: BD
Community vote distribution
CD (75%)
AB (25%)
Question #2
You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)
- A. static NAT
- B. hairpin NAT
- C. destination NAT
- D. source NAT
Correct Answer: CD
Question #3
You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?
- A. user@srx> show system license
- B. user@srx> show services accounting
- C. user@srx> show configuration system
- D. user@srx> show chassis firmware
Correct Answer: A
Question #4
Click the Exhibit button.
Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?
- A. [edit security policies from-zone trust to-zone dmz]user@vSRX-1#
- B. [edit]user@vSRX-1#
- C. [edit security policies]user@vSRX-1#
- D. user@vSRX-1>
Correct Answer: B
Question #5
You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)
- A. Install a basic Juniper ATP license on the branch device.
- B. Configure the juniper-atp user account on the branch device.
- C. Register for a Juniper ATP account on https://sky.junipersecurity.net.
- D. Execute the Juniper ATP script on the branch device.
Correct Answer: AC
Question #6
SRX Series devices have a maximum of how many rollback configurations?
- A. 40
- B. 60
- C. 50
- D. 10
Correct Answer: C
Question #7
Unified threat management (UTM) inspects traffic from which three protocols? (Choose three.)
- A. FTP
- B. SMTP
- C. SNMP
- D. HTTP
- E. SSH
Correct Answer: ACD
Question #8
When are Unified Threat Management services performed in a packet flow?
- A. before security policies are evaluated
- B. as the packet enters an SRX Series device
- C. only during the first path process
- D. after network address translation
Correct Answer: D
Question #9
When configuring antispam, where do you apply any local lists that are configured?
- A. custom objects
- B. advanced security policy
- C. antispam feature-profile
- D. antispam UTM policy
Correct Answer: B
Question #10
Screens on an SRX Series device protect against which two types of threats? (Choose two.)
- A. IP spoofing
- B. ICMP flooding
- C. zero-day outbreaks
- D. malicious e-mail attachments
Correct Answer: AB
Question #11
Which statement about global NAT address persistence is correct?
- A. The same IP address from a source NAT pool will be assigned for all sessions from a given host.
- B. The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
- C. The same IP address from a destination NAT pool will be assigned for all sessions for a given host.
- D. The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.
Correct Answer: A
Question #12
You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?
- A. Geo IP
- B. unified security policies
- C. IDP
- D. C&C feed
Correct Answer: A
Question #13
Which two statements are correct about IKE security associations? (Choose two.)
- A. IKE security associations are established during IKE Phase 1 negotiations.
- B. IKE security associations are unidirectional.
- C. IKE security associations are established during IKE Phase 2 negotiations.
- D. IKE security associations are bidirectional.
Correct Answer: AD
Question #14
You want to deploy a NAT solution.
In this scenario, which solution would provide a static translation without PAT?
- A. interface-based source NAT
- B. pool-based NAT with address shifting
- C. pool-based NAT with PAT
- D. pool-based NAT without PAT
Correct Answer: D
Question #15
Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?
- A. firewall filters
- B. UTM
- C. Juniper ATP Cloud
- D. IPS
Correct Answer: C
Question #16
You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.
Which NAT configuration is appropriate in this scenario?
- A. source NAT with PAT
- B. destination NAT
- C. NAT-T
- D. static NAT
Correct Answer: D
Question #17
You want to provide remote access to an internal development environment for 10 remote developers.
Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)
- A. an additional license for an SRX Series device
- B. Juniper Secure Connect client software
- C. an SRX Series device with an SPC3 services card
- D. Marvis virtual network assistant
Correct Answer: AB
Question #18
You are deploying an SRX Series firewall with multiple NAT scenarios.
In this situation, which NAT scenario takes priority?
- A. interface NAT
- B. source NAT
- C. static NAT
- D. destination NAT
Correct Answer: C
Question #19
Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You configure destination NAT to your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server.
In this scenario, which two configuration features need to be added? (Choose two.)
- A. firewall filter
- B. security policy
- C. proxy-ARP
- D. UTM policy
Correct Answer: BC
