Free JN0-231 Dump

Question #20

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)

• A. The DMZ routing-instance is the source.
• B. The 10.10.102.10 IP address is the source.
• C. The 10.10.102.10 IP address is the destination.
• D. The DMZ routing-instance is the destination.

Correct Answer: AC

Question #21

Which IPsec protocol is used to encrypt the data payload?

• A. ESP
• B. IKE
• C. AH
• D. TCP

Correct Answer: A

Question #22

What are three primary match criteria used in a Junos security policy? (Choose three.)

• A. application
• B. source address
• C. source port
• D. class
• E. destination address

Correct Answer: ABE

Question #23

You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are allocated a single public IP address.

In this scenario, which two NAT elements should you configure? (Choose two.)

• A. destination NAT
• B. NAT pool
• C. source NAT
• D. static NAT

Correct Answer: AD

Question #24

Which three Web filtering deployment actions are supported by Junos? (Choose three.)

• A. Use IPS.
• B. Use local lists.
• C. Use remote lists.
• D. Use Websense Redirect.
• E. Use Juniper Enhanced Web Filtering.

Correct Answer: BDE

Question #25

Which two IPsec hashing algorithms are supported on an SRX Series device? (Choose two.)

• A. SHA-1
• B. SHAKE128
• C. MD5
• D. RIPEMD-256

Correct Answer: AC

Question #26

Click the Exhibit button.

What is the purpose of the host-inbound-traffic configuration shown in the exhibit?

• A. to permit host inbound HTTP traffic and deny all other traffic on the internal security zone
• B. to deny and log all host inbound traffic on the internal security zone, except for HTTP traffic
• C. to permit all host inbound traffic on the internal security zone, but deny HTTP traffic
• D. to permit host inbound HTTP traffic on the internal security zone

Correct Answer: C

Question #27

When operating in packet mode, which two services are available on the SRX Series device? (Choose two.)

• A. MPLS
• B. UTM
• C. CoS
• D. IDP

Correct Answer: AC

Question #28

Which two statements are correct about the default behavior on SRX Series devices? (Choose two.)

• A. The SRX Series device is in flow mode.
• B. The SRX Series device supports stateless firewalls filters.
• C. The SRX Series device is in packet mode.
• D. The SRX Series device does not support stateless firewall filters.

Correct Answer: AB

Question #29

Which two statements are correct about functional zones? (Choose two.)

• A. Functional zones must have a user-defined name.
• B. Functional zone cannot be referenced in security policies or pass transit traffic.
• C. Multiple types of functional zones can be defined by the user.
• D. Functional zones are used for out-of-band device management.

Correct Answer: BD

Question #30

What must be enabled on an SRX Series device for the reporting engine to create reports?

• A. packet capture
• B. security logging
• C. system logging
• D. SNMP

Correct Answer: B

Question #31

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.

Which NAT type must be used to complete this project?

• A. source NAT
• B. destination NAT
• C. static NAT
• D. hairpin NAT

Correct Answer: B

Question #32

Which two user authentication methods are supported when using a Juniper Secure Connect VPN? (Choose two.)

• A. certificate-based
• B. multi-factor authentication
• C. local authentication
• D. active directory

Correct Answer: AC

Question #33

Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

• A. UDP traffic matched by the deny-all policy will be silently dropped.
• B. TCP traffic matched by the reject-all policy will have a TCP RST sent.
• C. TCP traffic matched from the zone trust is allowed by the permit-all policy.
• D. UDP traffic matched by the reject-all policy will be silently dropped.

Correct Answer: AB

Question #34

You are monitoring an SRX Series device that has the factory-default configuration applied.

In this scenario, where are log messages sent by default?

• A. Junos Space Log Director
• B. Junos Space Security Director
• C. to a local syslog server on the management network
• D. to a local log file named messages

Correct Answer: C

Question #35

When transit traffic matches a security policy, which three actions are available? (Choose three.)

• A. Allow
• B. Discard
• C. Deny
• D. Reject
• E. Permit

Correct Answer: CDE

Question #36

Which two services does Juniper Connected Security provide? (Choose two.)

• A. protection against zero-day threats
• B. IPsec VPNs
• C. Layer 2 VPN tunnels
• D. inline malware blocking

Correct Answer: AD

Question #37

You are creating Ipsec connections.

In this scenario, which two statements are correct about proxy IDs? (Choose two.)

• A. Proxy IDs are used to configure traffic selectors.
• B. Proxy IDs are optional for Phase 2 session establishment.
• C. Proxy IDs must match for Phase 2 session establishment.
• D. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs.

Correct Answer: AB

Question #38

Which two components are configured for host inbound traffic? (Choose two.)

• A. zone
• B. logical interface
• C. physical interface
• D. routing instance

Correct Answer: AB

Question #39

Which two security features inspect traffic at Layer 7? (Choose two.)

• A. IPS/IDP
• B. security zones
• C. application firewall
• D. integrated user firewall

Correct Answer: AC