JN0-332 题目列表
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A[edit security policies from-zone HR to-zone HR]B[edit security zones functional-zone management protocols]C[edit security zones protocol-zone HR host-inbound-traffic]D[edit security zones security-zone HR host-inbound-traffic protocols]

多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]

单选题A system administrator detects thousands of open idle connections from the same source.Which problem can arise from this type of attack?()AIt enables an attacker to perform an IP sweep of devices.BIt enables a hacker to know which operating system the system is running.CIt can overflow the session table to its limit, which can result in rejection of legitimate traffic.DIt creates a ping of death and can cause the entire network to be infected with a virus.

多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.

多选题Which three statements are true when working with high-availability clusters? (Choose three.)()AThe valid cluster-id range is between 0 and 255.BJunos OS security devices can belong to more than one cluster if cluster virtualization is enabled.CIf the cluster-id value is set to 0 on a Junos security device, the device will not participate in the cluster.DA reboot is required if the cluster-id or node value is changed.EJunos OS security devices can belong to one cluster only.

单选题Which zone is system-defined?()AsecurityBfunctionalCjunos-globalDmanagement

单选题The Junos OS blocks an HTTP request due to the category of the URL.Which form of Web filtering is being used?()Aredirect Web filteringBintegrated Web filteringCcategorized Web filteringDlocal Web filtering

单选题How do you apply UTM enforcement to security policies on the branch SRX series?()AUTM profiles are applied on a security policy by policy basis.BUTM profiles are applied at the global policy level.CIndividual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.DIndividual UTM features like anti-spam or anti-virus are applied directly at the global policy level.

单选题What is the correct syntax for applying node-specific parameters to each node in a chassis cluster?()Aset apply-groups node$Bset apply-groups (node)Cset apply-groups $(node)Dset apply-groups (node)all

单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

多选题Which two functions of the Junos OS are handled by the data plane? ()(Choose two.)ANATBOSPFCSNMPDSCREEN options

单选题For which network anomaly does Junos provide a SCREEN?()Aa telnet to port 80Ba TCP packet with the SYN and ACK flags setCan SNMP getnext requestDan ICMP packet larger than 1024 bytes

单选题Which statement is true regarding the Junos OS for security platforms?()ASRX Series devices can store sessions in a session table.BSRX Series devices accept all traffic by default.CSRX Series devices must operate only in packet-based mode.DSRX Series devices must operate only in flow-based mode.

单选题Which Web-filtering technology can be used at the same time as integrated Web filtering on a single branch SRX Series device?()AWebsense redirect Web filteringBlocal Web filtering (blacklist or whitelist)Cfirewall user authenticationDICAP

多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined