JN0-331 题目列表
多选题You are creating a destination NAT rule-set. Which two are valid for use with the from clause?()Asecurity policyBinterfaceCrouting-instanceDIP address
多选题Which two functions of JUNOS Software are handled by the data plane?()ANATBOSPFCSNMPDSCREEN options
多选题Which two statements are true regarding firewall user authentication?()AWhen configured for pass-through firewall user authentication, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.BWhen configured for Web firewall user authentication only, the user must first open a connection to the JUNOS security platform before connecting to a remote network resource.CIf a JUNOS security device is configured for pass-through firewall user authentication, new sessions are automatically intercepted to perform authentication.DIf a JUNOS security device is configured for Web firewall user authentication, new sessions are automatically intercepted to perform authentication.
单选题Which attribute is required for all IKE phase 2 negotiations?()Aproxy-IDBpreshared keyCDiffie-Hellman group keyDmain or aggressive mode
多选题Which two statements are true about pool-based destination NAT?()AIt also supports PAT.BPAT is not supported.CIt allows the use of an address pool.DIt requires you to configure an address in the junos-global zone.
多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
单选题Given the configuration shown in the exhibit, which configuration object would be used to associate bothNancy and Walter with firewall user authentication within a security policy?() profile ftp-users { client nancy { firewall-user { password "$9$lJ8vLNdVYZUHKMi.PfzFcyrvX7"; ## SECRET-DATA } } client walter { firewall-user { password "$9$a1UqfTQnApB36pBREKv4aJUk.5QF"; ## SECRET-DATA } } session-options { client-group ftp-group; } } firewall-authentication { pass-through { default-profile ftp-users;ftp { banner { login "JUNOS Rocks!"; } } } }Aftp-groupBftp-usersCfirewall-userDnancy and walter
单选题You want to allow all hosts on interface ge-0/0/0.0 to be able to ping the device’s ge-0/0/0.0 IP address.Where do you configure this functionality?()A[edit interfaces]B[edit security zones]C[edit system services]D[edit security interfaces]
单选题An attacker sends a low rate of TCP SYN segments to hosts, hoping that at least one port replies. Which type of an attack does this scenario describe?()ADoSBSYN floodCport scanningDIP address sweep
单选题Which statement is true about a NAT rule action of off?()AThe NAT action of off is only supported for destination NAT rule-sets.BThe NAT action of off is only supported for source NAT rule-sets.CThe NAT action of off is useful for detailed control of NATDThe NAT action of off is useful for disabling NAT when a pool is exhausted.
多选题What are three configuration objects used to build JUNOS IDP rules?()Azone objectsBpolicy objectsCattack objectsDalert and notify objectsEnetwork and address objects
多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
多选题Which three options represent IDP policy match conditions?()AprotocolBsource-addressCportDapplicationEattacks
单选题Which statement is true about a NAT rule action of off?()AThe NAT action of off is only supported for destination NAT rule-sets.BThe NAT action of off is only supported for source NAT rule-sets.CThe NAT action of off is useful for detailed control of NATDThe NAT action of off is useful for disabling NAT when a pool is exhausted.