JN0-332 题目列表
单选题Which command do you use to display the status of an antivirus database update?()Ashow security utm anti-virus statusBshow security anti-virus database statusCshow security utm anti-virus databaseDshow security utm anti-virus update
单选题When using UTM features in an HA cluster, which statement is true for installing the licenses on the cluster members?()AOne UTM cluster license will activate UTM features on both members.BEach device will need a UTM license generated for its serial number.CEach device will need a UTM license generated for the cluster, but licenses can be applied to either member.DHA clustering automatically comes with UTM licensing, no additional actions are needed.
单选题Which command do you use to manually remove antivirus patterns?()Arequest security utm anti-virus juniper-express-engine pattern-deleteBrequest security utm anti-virus juniper-express-engine pattern-reloadCrequest security utm anti-virus juniper-express-engine pattern-removeDdelete security utm anti-virus juniper-express-engine antivirus-pattern
单选题What is the default session timeout for TCP sessions?()A1 minuteB15 minutesC30 minutesD90 minutes
单选题Under which Junos hierarchy level are security policies configured?()A[edit security]B[edit protocols]C[edit firewall]D[edit policy-options]
多选题Which two statements are true about the relationship between static NAT and proxy ARP? ()(Choose two.)AIt is necessary to forward ARP requests to remote hosts.BIt is necessary when translated traffic belongs to the same subnet as the ingress interface.CIt is not automatic and you must configure it.DIt is enabled by default and you do not need to configure it.
多选题Which two parameters are configured in IPsec policy? ()(Choose two.)AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()Afrom-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Bfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }Cfrom-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }Dfrom-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
多选题Which two parameters are configured in IPsec policy? ()(Choose two.)AmodeBIKE gatewayCsecurity proposalDPerfect Forward Secrecy
多选题Which three methods of source NAT does the Junos OS support?() (Choose three.)Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT
多选题Which three parameters are configured in the IKE policy? ()(Choose three.)AmodeBpreshared keyCexternal interfaceDsecurity proposalsEdead peer detection settings
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by AH?() (Choose three.)Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication
多选题Which two statements regarding symmetric key encryption are true?() (Choose two.)AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decryption.DAn attacker can decrypt data if the attacker captures the key used for encryption.
单选题Which statement is true regarding NAT?()ANAT is not supported on SRX Series devices.BNAT requires special hardware on SRX Series devices.CNAT is processed in the control plane.DNAT is processed in the data plane.