Free JN0-231 Dump

Question #40

Which two UTM features should be used for tracking productivity and corporate user behavior? (Choose two.)

• A. the content filtering UTM feature
• B. the antivirus UTM feature
• C. the Web filtering UTM feature
• D. the antispam UTM feature

Correct Answer: AC

Question #41

What is the order in which malware is detected and analyzed?

• A. antivirus scanning –> cache lookup –> dynamic analysis –> static analysis
• B. cache lookup –> antivirus scanning –> static analysis –> dynamic analysis
• C. antivirus scanning –> cache lookup –> static analysis –> dynamic analysis
• D. cache lookup –> static analysis –> dynamic analysis –> antivirus scanning

Correct Answer: B

Question #42

What are two valid address books? (Choose two.)

• A. 66.129.239.128/25
• B. 66.129.239.154/24
• C. 66.129.239.0/24
• D. 66.129.239.50/25

Correct Answer: BD

Question #43

What is the order of the first path packet processing when a packet enters a device?

• A. security policies –> screens –> zones
• B. screens –> security policies –> zones
• C. screens –> zones –> security policies
• D. security policies –> zones –> screens

Correct Answer: C

Question #44

Which two components are part of a security zone? (Choose two.)

• A. inet.0
• B. fxp0
• C. address book
• D. ge-0/0/0.0

Correct Answer: BD

Question #45

Which statement is correct about packet mode processing?

• A. Packet mode enables session-based processing of incoming packets.
• B. Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security services.
• C. Packet mode bypasses the flow module.
• D. Packet mode is the basis for stateful processing.

Correct Answer: C

Question #46

Which two traffic types are considered exception traffic and require some form of special handling by the PFE? (Choose two.)

• A. SSH sessions
• B. ICMP reply messages
• C. HTTP sessions
• D. traceroute packets

Correct Answer: BD

Question #47

What is the correct order in which interface names should be identified?

• A. system slot number –> interface media type –> port number –> line card slot number
• B. system slot number –> port number –> interface media type –> line card slot number
• C. interface media type –> system slot number –> line card slot number –> port number
• D. interface media type –> port number –> system slot number –> line card slot number

Correct Answer: C

Question #48

What are two characteristics of a null zone? (Choose two.)

• A. The null zone is configured by the super user.
• B. By default, all unassigned interfaces are placed in the null zone.
• C. All ingress and egress traffic on an interface in a null zone is permitted.
• D. When an interface is deleted from a zone, it is assigned back to the null zone.

Correct Answer: BD

Question #49

Which two statements are correct about screens? (Choose two.)

• A. Screens process inbound packets.
• B. Screens are processed on the routing engine.
• C. Screens process outbound packets.
• D. Screens are processed on the flow module.

Correct Answer: AD

Question #50

Which statement about NAT is correct?

• A. Destination NAT takes precedence over static NAT.
• B. Source NAT is processed before security policy lookup.
• C. Static NAT is processed after forwarding lookup.
• D. Static NAT takes precedence over destination NAT.

Correct Answer: D

Question #51

Which statement is correct about global security policies on SRX Series devices?

• A. The to-zone any command configures a global policy.
• B. The from-zone any command configures a global policy.
• C. Global policies are always evaluated first.
• D. Global policies can include zone context.

Correct Answer: D

Question #52

What information does the show chassis routing-engine command provide?

• A. chassis serial number
• B. resource utilization
• C. system version
• D. routing tables

Correct Answer: B

Question #53

Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.

In this scenario, which security feature would you use to satisfy this request?

• A. antivirus
• B. Web filtering
• C. content filtering
• D. antispam

Correct Answer: C

Question #54

Which statement is correct about unified security policies on an SRX Series device?

• A. A zone-based policy is always evaluated first.
• B. The most restrictive policy is applied regardless of the policy level.
• C. A global policy is always evaluated first.
• D. The first policy rule is applied regardless of the policy level.

Correct Answer: A

Question #55

Click the Exhibit button.

You are asked to allow only ping and SSH access to the security policies shown in the exhibit.

Which statement will accomplish this task?

• A. Rename policy Rule-2 to policy Rule-0.
• B. Insert policy Rule-2 before policy Rule-1.
• C. Replace application any with application [junos-ping junos-ssh] in policy Rule-1.
• D. Rename policy Rule-1 to policy Rule-3.

Correct Answer: B

Question #56

What are two features of the Juniper ATP Cloud service? (Choose two.)

• A. sandbox
• B. malware detection
• C. EX Series device integration
• D. honeypot

Correct Answer: AB

Question #57

You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file.

In this scenario, which command would accomplish this task?

• A. configure master
• B. cli privileged
• C. configure exclusive
• D. configure

Correct Answer: C

Question #58

Which order is correct for Junos security devices that examine policies for transit traffic?

• A. 1. zone policies2. global policies

  3. default policies

• B. 1. default policies2. zone policies

  3. global policies

• C. 1. default policies2. global policies

  3. zone policies

• D. 1. global policies2. zone policies

  3. default policies

Correct Answer: A

Question #59

What is an IP addressing requirement for an IPsec VPN using main mode?

• A. One peer must have dynamic IP addressing.
• B. One peer must have static IP addressing.
• C. Both peers must have dynamic IP addresses.
• D. Both peers must have static IP addressing.

Correct Answer: D