JN0-331 题目列表
多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
多选题Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a inthe HR zone to host_b in the trust zone are true?() [edit security policies from-zone HR to-zone trust] user@host# show policy one { match { source-address any; destination-address any; application [ junos-http junos-ftp ]; } then { permit; } } policy two { match { source-address host_a; destination-address host_b; application [ junos-http junos-smtp ]; } then { deny; } }ADNS traffic is denied.BHTTP traffic is denied.CFTP traffic is permitted.DSMTP traffic is permitted.
单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()Aclose-connectionBterminate-connectionCclose-client-and-serverDterminate-session
单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }AThe traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.BThe traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.CThe traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.DThe traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
多选题Which three functions are provided by JUNOS Software for security platforms?()AVPN establishmentBstateful ARP lookupsCDynamic ARP inspectionDNetwork Address TranslationEinspection of packets at higher levels (Layer 4 and above)
多选题What are two uses of NAT?()Aconserving public IP addressesBallowing stateful packet inspectionCpreventing unauthorized connections from outside the networkDallowing networks with overlapping private address space to communicate
多选题Which two statements regarding external authentication servers for firewall userauthentication are true?()AUp to three external authentication server types can be used simultaneously.BOnly one external authentication server type can be used simultaneously.CIf the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is not performed.DIf the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is not performed
多选题Which three statements are true when working with high-availability clusters?()AThe valid cluster-id range is between 0 and 255.BJUNOS security devices can belong to more than one cluster if cluster virtualization is enabled.CIf the cluster-id value is set to 0 on a JUNOS security device, the device will not participate in the cluster.DA reboot is required if the cluster-id or node value is changed.EJUNOS security devices can belong to one cluster only.
单选题What is the default session timeout for UDP sessions?()A30 secondsB1 minuteC5 minutesD30 minutes
单选题Which statement regarding the implementation of an IDP policy template is true?()AIDP policy templates are automatically installed as the active IDP policy.BIDP policy templates are enabled using a commit script.CIDP policy templates can be downloaded without an IDP license.DIDP policy templates are included in the factory-default configuration.
多选题Which three methods of source NAT does JUNOS Software support?()Ainterface-based source NATBsource NAT with address shiftingCsource NAT using static source poolDinterface-based source NAT without PATEsource NAT with address shifting and PAT
多选题Which two statements about JUNOS Software packet handling are correct?()AJUNOS Software applies service ALGs only for the first packet of a flow.BJUNOS Software uses fast-path processing only for the first packet of a flow.CJUNOS Software performs route and policy lookup only for the first packet of a flow.DJUNOS Software applies SCREEN options for both first and consecutive packets of a flow.
单选题When devices are in cluster mode, which new interfaces are created?()ANo new interface is created.BOnly the st interface is created.Cfxp1, fab0, and fab1 are created.Dst,fxp1,reth,fab0,and fab1 are created.
多选题Users can define policy to control traffic flow between which two components?()Afrom a zone to the device itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface