New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

JN0-231 Questions and Answers

Question # 6

Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

A.

[edit security policies from-zone trust to-zone dmz]

user@vSRX-1#

B.

[edit]

user@vSRX-1#

C.

[edit security policies]

user@vSRX-1#

D.

user@vSRX-1>

Full Access
Question # 7

What is the correct order in which interface names should be identified?

A.

system slot number –> interface media type –> port number –> line card slot number

B.

system slot number –> port number –> interface media type –> line card slot number

C.

interface media type –> system slot number –> line card slot number –> port number

D.

interface media type –> port number –> system slot number –> line card slot number

Full Access
Question # 8

Which two statements are correct about global policies? (Choose two.)

A.

Global policies are evaluated after default policies.

B.

Global policies do not have to reference zone context.

C.

Global policies are evaluated before default policies.

D.

Global policies must reference zone contexts.

Full Access
Question # 9

Which two security features inspect traffic at Layer 7? (Choose two.)

A.

IPS/IDP

B.

security zones

C.

application firewall

D.

integrated user firewall

Full Access
Question # 10

What is the number of concurrent Secure Connect user licenses that an SRX Series device has by default?

A.

3

B.

4

C.

2

D.

5

Full Access
Question # 11

You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.

Which Juniper ATP solution will accomplish this task?

A.

Geo IP

B.

unified security policies

C.

IDP

D.

C&C feed

Full Access
Question # 12

What are two functions of Juniper ATP Cloud? (Choose two.)

A.

malware inspection

B.

Web content filtering

C.

DDoS protection

D.

Geo IP feeds

Full Access
Question # 13

What are two Juniper ATP Cloud feed analysis components? (Choose two.)

A.

IDP signature feed

B.

C&C cloud feed

C.

infected host cloud feed

D.

US CERT threat feed

Full Access
Question # 14

You want to block executable files ("exe) from being downloaded onto your network.

Which UTM feature would you use in this scenario?

A.

IPS

B.

Web filtering

C.

content filtering

D.

antivirus

Full Access
Question # 15

Which statement about global NAT address persistence is correct?

A.

The same IP address from a source NAT pool will be assigned for all sessions from a given host.

B.

The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.

C.

The same IP address from a destination NAT pool will be assigned for all sessions for a given host.

D.

The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.

Full Access
Question # 16

Which feature would you use to protect clients connected to an SRX Series device from a SYN flood attack?

A.

security policy

B.

host inbound traffic

C.

application layer gateway

D.

screen option

Full Access
Question # 17

You want to verify the peer before IPsec tunnel establishment.

What would be used as a final check in this scenario?

A.

traffic selector

B.

perfect forward secrecy

C.

st0 interfaces

D.

proxy ID

Full Access
Question # 18

Which two addresses are valid address book entries? (Choose two.)

A.

173.145.5.21/255.255.255.0

B.

153.146.0.145/255.255.0.255

C.

203.150.108.10/24

D.

191.168.203.0/24

Full Access
Question # 19

Which statement is correct about Junos security policies?

A.

Security policies enforce rules that should be applied to traffic transiting an SRX Series device.

B.

Security policies determine which users are allowed to access an SRX Series device.

C.

Security policies control the flow of internal traffic within an SRX Series device.

D.

Security policies identity groups of users that have access to different features on an SRX Series device.

Full Access
Question # 20

What does the number ‘’2’’ indicate in interface ge—0/1/2?

A.

The interface logical number

B.

The physical interface card (PIC)

C.

The port number

D.

The flexible PIC concentrator (FPC)

Full Access
Question # 21

Which order is correct for Junos security devices that examine policies for transit traffic?

A.

zone policies

global policies

default policies

B.

default policies

zone policies

global policies

C.

default policies

global policies

zone policies

D.

global policies

zone policies

default policies

Full Access
Question # 22

You have multiple branch locations using an SRX Series device. You want a cloud-based solution to configure and monitor this device.

this scenario, which solution would you use?

A.

J-Web

B.

Juniper Sky Enterprise

C.

Junos Space Security Director

D.

Juniper Secure Analytics

Full Access
Question # 23

What does the number “2” indicate in interface ge-0/1/2?

A.

the physical interface card (PIC)

B.

the flexible PIC concentrator (FPC)

C.

the interface logical number

D.

the port number

Full Access
Question # 24

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.

Which NAT type must be used to complete this project?

A.

source NAT

B.

destination NAT

C.

static NAT

D.

hairpin NAT

Full Access
Question # 25

You want to enable the minimum Juniper ATP services on a branch SRX Series device.

In this scenario, what are two requirements to accomplish this task? (Choose two.)

A.

Install a basic Juniper ATP license on the branch device.

B.

Configure the juniper-atp user account on the branch device.

C.

Register for a Juniper ATP account on https://sky.junipersecurity.net.

D.

Execute the Juniper ATP script on the branch device.

Full Access
Question # 26

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the

Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.

Which two NAT types must be used to complete this project? (Choose two.)

A.

static NAT

B.

hairpin NAT

C.

destination NAT

D.

source NAT

Full Access
Question # 27

A security zone is configured with the source IP address 192.168.0.12/255.255.0.255 wildcard match.

In this scenario, which two IP packets will match the criteria? (Choose two.)

A.

192.168.1.21

B.

192.168.0.1

C.

192.168.1.12

D.

192.168.22.12

Full Access
Question # 28

An application firewall processes the first packet in a session for which the application has not yet been identified.

In this scenario, which action does the application firewall take on the packet?

A.

It allows the first packet.

B.

It denies the first packet and sends an error message to the user.

C.

It denies the first packet.

D.

It holds the first packet until the application is identified.

Full Access
Question # 29

Which security policy type will be evaluated first?

A.

A zone policy with no dynamic application set

B.

A global with no dynamic application set

C.

A zone policy with a dynamic application set

D.

A global policy with a dynamic application set

Full Access
Question # 30

Which two statements are correct about the default behavior on SRX Series devices? (Choose two.)

A.

The SRX Series device is in flow mode.

B.

The SRX Series device supports stateless firewalls filters.

C.

The SRX Series device is in packet mode.

D.

The SRX Series device does not support stateless firewall filters.

Full Access
Question # 31

You are deploying an SRX Series firewall with multiple NAT scenarios.

In this situation, which NAT scenario takes priority?

A.

interface NAT

B.

source NAT

C.

static NAT

D.

destination NAT

Full Access