JN0-332 题目列表
多选题Which two statements regarding symmetric key encryption are true?() (Choose two.)AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decryption.DAn attacker can decrypt data if the attacker captures the key used for encryption.
多选题What are two rulebase types within an IPS policy on an SRX Series device?() (Choose two.)Arulebase-ipsBrulebase-ignoreCrulebase-idpDrulebase-exempt
单选题You want to allow your device to establish OSPF adjacencies with a neighboring device connected to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone.Under which configuration hierarchy must you permit OSPF traffic?()A[edit security policies from-zone HR to-zone HR]B[edit security zones functional-zone management protocols]C[edit security zones protocol-zone HR host-inbound-traffic]D[edit security zones security-zone HR host-inbound-traffic protocols]
多选题Which two statements are true about the relationship between static NAT and proxy ARP? ()(Choose two.)AIt is necessary to forward ARP requests to remote hosts.BIt is necessary when translated traffic belongs to the same subnet as the ingress interface.CIt is not automatic and you must configure it.DIt is enabled by default and you do not need to configure it.
多选题At which two levels of the Junos CLI hierarchy is the host-inbound-traffic command configured? ()(Choose two.)A[edit security idp]B[edit security zones security-zone trust interfaces ge-0/0/0.0]C[edit security zones security-zone trust]D[edit security screen]
多选题Which two statements regarding external authentication servers for firewall user authentication are true?() (Choose two.)AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server bypassed.DIf the local password database is not configured in the authentication order, and the configured authentication server authentication is rejected.
单选题The Junos OS blocks an HTTP request due to the category of the URL.Which form of Web filtering is being used?()Aredirect Web filteringBintegrated Web filteringCcategorized Web filteringDlocal Web filtering
单选题Which statement is true regarding NAT?()ANAT is not supported on SRX Series devices.BNAT requires special hardware on SRX Series devices.CNAT is processed in the control plane.DNAT is processed in the data plane.
单选题Which Web-filtering technology can be used at the same time as integrated Web filtering on a single branch SRX Series device?()AWebsense redirect Web filteringBlocal Web filtering (blacklist or whitelist)Cfirewall user authenticationDICAP
单选题How do you apply UTM enforcement to security policies on the branch SRX series?()AUTM profiles are applied on a security policy by policy basis.BUTM profiles are applied at the global policy level.CIndividual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.DIndividual UTM features like anti-spam or anti-virus are applied directly at the global policy level.
单选题Which statement is true regarding the Junos OS for security platforms?()ASRX Series devices can store sessions in a session table.BSRX Series devices accept all traffic by default.CSRX Series devices must operate only in packet-based mode.DSRX Series devices must operate only in flow-based mode.
单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
多选题Which two functions of the Junos OS are handled by the data plane? ()(Choose two.)ANATBOSPFCSNMPDSCREEN options
单选题For which network anomaly does Junos provide a SCREEN?()Aa telnet to port 80Ba TCP packet with the SYN and ACK flags setCan SNMP getnext requestDan ICMP packet larger than 1024 bytes