Free JN0-231 Dump

Question #60

What does the number “2” indicate in interface ge-0/1/2?

• A. the physical interface card (PIC)
• B. the flexible PIC concentrator (FPC)
• C. the interface logical number
• D. the port number

Correct Answer: D

Question #61

Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?

• A. infected host cloud feed
• B. Geo IP feed
• C. C&C cloud feed
• D. blocklist feed

Correct Answer: A

Question #62

Which two IKE Phase 1 configuration options must match on both peers to successfully establish a tunnel? (Choose two.)

• A. VPN name
• B. gateway interfaces
• C. IKE mode
• D. Diffie-Hellman group

Correct Answer: CD

Question #63

What are three Junos UTM features? (Choose three.)

• A. screens
• B. antivirus
• C. Web filtering
• D. IDP/IPS
• E. content filtering

Correct Answer: BCE

Question #64

You are investigating a communication problem between two hosts and have opened a session on the SRX Series device closest to one of the hosts and entered the show security flow session command.

What information will this command provide? (Choose two.)

• A. The total active time of the session.
• B. The end-to-end data path that the packets are taking.
• C. The IP address of the host that initiates the session.
• D. The security policy name that is controlling the session.

Correct Answer: CD

Question #65

A security zone is configured with the source IP address 192.168.0.12/255.255.0.255 wildcard match.

In this scenario, which two IP packets will match the criteria? (Choose two.)

• A. 192.168.1.21
• B. 192.168.0.1
• C. 192.168.1.12
• D. 192.168.22.12

Correct Answer: CD –

Question #66

Which statement about service objects is correct?

• A. All applications are predefined by Junos.
• B. All applications are custom defined by the administrator.
• C. All applications are either custom or Junos defined.
• D. All applications in service objects are not available on the vSRX Series device.

Correct Answer: C

Question #67

You want to block executable files (*.exe) from being downloaded onto your network.

Which UTM feature would you use in this scenario?

• A. IPS
• B. Web filtering
• C. content filtering
• D. antivirus

Correct Answer: B

Question #68

What are two Juniper ATP Cloud feed analysis components? (Choose two.)

• A. IDP signature feed
• B. C&C cloud feed
• C. infected host cloud feed
• D. US CERT threat feed

Correct Answer: B

Question #69

Which two statements are correct about global policies? (Choose two.)

• A. Global policies are evaluated after default policies.
• B. Global policies do not have to reference zone context.
• C. Global policies are evaluated before default policies.
• D. Global policies must reference zone contexts.

Correct Answer: BC

Question #70

Which statement is correct about Web filtering?

• A. The Juniper Enhanced Web Filtering solution requires a locally managed server.
• B. The decision to permit or deny is based on the body content of an HTTP packet.
• C. The decision to permit or deny is based on the category to which a URL belongs.
• D. The client can receive an e-mail notification when traffic is blocked.

Correct Answer: C

Question #71

You have configured a UTM feature profile.

Which two additional configuration steps are required for your UTM feature profile to take effect? (Choose two.)

• A. Associate the UTM policy with an address book.
• B. Associate the UTM policy with a firewall filter.
• C. Associate the UTM policy with a security policy.
• D. Associate the UTM feature profile with a UTM policy.

Correct Answer: CD

Question #72

You want to verify the peer before IPsec tunnel establishment.

What would be used as a final check in this scenario?

• A. traffic selector
• B. perfect forward secrecy
• C. st0 interfaces
• D. proxy ID

Correct Answer: D

Question #73

Which feature would you use to protect clients connected to an SRX Series device from a SYN flood attack?

• A. security policy
• B. host inbound traffic
• C. application layer gateway
• D. screen option

Correct Answer: D

Question #74

What is the default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel?

• A. 20 seconds
• B. 5 seconds
• C. 10 seconds
• D. 40 seconds

Correct Answer: C

Question #75

What is the main purpose of using screens on an SRX Series device?

• A. to provide multiple ports for accessing security zones
• B. to provide an alternative interface into the CLI
• C. to provide protection against common DoS attacks
• D. to provide information about traffic patterns traversing the network

Correct Answer: C

Question #76

What are two functions of Juniper ATP Cloud? (Choose two.)

• A. malware inspection
• B. Web content filtering
• C. DDoS protection
• D. Geo IP feeds

Correct Answer: AD

Question #77

Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)

• A. Windows 7
• B. Android
• C. Windows 10
• D. Linux
• E. macOS

Correct Answer: BCE

Question #78

You want to implement user-based enforcement of security policies without the requirement of certificates and supplicant software.

Which security feature should you implement in this scenario?

• A. integrated user firewall
• B. screens
• C. 802.1X
• D. Juniper ATP

Correct Answer: B

Question #79

Which statement is correct about static NAT?

• A. Static NAT supports port translation.
• B. Static NAT rules are evaluated after source NAT rules.
• C. Static NAT implements unidirectional one-to-one mappings.
• D. Static NAT implements unidirectional one-to-many mappings.

Correct Answer: C