JN0-330 题目列表
单选题You are not able to telnet to the interface IP of your JUNOS software with enhanced services devicefrom a PC on the same subnet. What is causing the problem? ()ATelnet is not being permitted by self policy.BTelnet is not being permitted by security policy.CTelnet is not allowed because it is not considered secure.DTelnet is not enabled as a host-inbound service on the zone.

多选题Which two statements regarding asymmetric key encryption are true?() (Choose two.)AThe same key is used for encryption and decryption.BIt is commonly used to create digital certificate signatures.CIt uses two keys: one for encryption and a different key for decryption.DAn attacker can decrypt data if the attacker captures the key used for encryption.

单选题Click the Exhibit button. In the exhibit, which statement is correct? ()A Three physical interfaces are redundant.B You must define an additional Redundancy Group.C node 0 will immediately become primary in the cluster.D You must issue an operational command and reboot the system for the above configuration to take effect.

单选题Which statement is true about interface-based static NAT? ()AIt also supports PAT.BIt requires you to configure address entries in the junos-nat zone.CIt requires you to configure address entries in the junos-global zone.DThe IP addresses being translated must be in the same subnet as the incoming interface.

单选题Click the Exhibit button. In the exhibit, what is the purpose of this OSPF configuration?()A The router sends the file debugOSPF (containing hellos sent and LSA updates) to the syslog server.B The router traces both OSPF hellos sent and LSA updates, and stores the results in the debugOSPFfile.C The router traces both OSPF hellos sent and LSA updates, and sends the results to the syslog process with the debugOSPF facility.D The router traces all OSPF operations, stores the results in the debugOSPF file, and marks both hellos sent and LSAupdates in the file with a special flag.

单选题A route-based VPN is required for which scenario? ()Awhen the remote VPN peer is behind a NAT deviceBwhen multiple networks need to be reached across the tunnelCwhen the remote VPN peer is a dialup or remote access clientDwhen a dynamic routing protocol such as OSPF is required across the VPN

多选题Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by AH?()(Choose three.)Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication

单选题Click the Exhibit button. Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this problem?()A The untrust zone does not have a management policy configured.B The trust zone does not have ping enabled as host-inbound-traffic service.C The security policy from the trust zone to the untrust zone does not permit ping.D No security policy exists for the ICMP reply packet from the untrust zone to the trust zone.

多选题Users can define policy to control traffic flow between which two components? ()(Choose two.)Afrom a zone to the router itselfBfrom a zone to the same zoneCfrom a zone to a different zoneDfrom one interface to another interface

单选题Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessionswhen you change the policy action from permit to deny? ()AThe new sessions matching the policy are denied. The existing sessions are dropped.BThe new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.CThe new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.DThe new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.

多选题Click the Exhibit button. host_a is in subnet_a and host_b is in subnet_b. Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?()ADNS traffic is denied.BTelnet traffic is denied.CSMTP traffic is denied.DPing traffic is permitted.

多选题In JUNOS software with enhanced services, which three packet elements are inspected to determineif a session already exists? ()(Choose three.)AIP protocolBIP time-to-liveCsource and destination IP addressDsource and destination MAC addressEsource and destination TCP/UDP port

多选题On which three traffic types does firewall pass-through authentication work? ()(Choose three.)ApingBFTPCTelnetDHTTPEHTTPS

单选题Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections. How many flows exist between Host A and Host B? ()A1B2C3D4

多选题Which two are components of the enhanced services software architecture?() (Choose two.)ALinux kernelBrouting protocol daemonCsession-based forwarding moduleDseparate routing and security planes