Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

JN0-232 Questions and Answers

Question # 6

Which two statements about SRX Series zones are correct? (Choose two.)

A.

The null zone allows the use of security policies to log dropped control plane traffic.

B.

The functional zone is used to define the management interface on smaller SRX Series Firewalls.

C.

A security zone processes intra-zone traffic without a security policy.

D.

The Junos-host zone allows the use of security policies to control access to the SRX Series Firewall.

Full Access
Question # 7

Your manager asks you to verify when your antivirus definitions were last updated on your SRX Series Firewall.

Which operational mode command allows you to see this information?

A.

show security utm content-filtering statistics

B.

show security utm anti-spam status

C.

show security web filtering status

D.

show security utm anti-virus status

Full Access
Question # 8

When traffic enters an interface, which two results does a route lookup determine? (Choose two.)

A.

egress interface

B.

egress security zone

C.

ingress interface

D.

DNS name

Full Access
Question # 9

Which two statements are correct about enabling the Avira Antivirus engine on an SRX Series Firewall? (Choose two.)

A.

A license is required.

B.

A license is not required.

C.

A reboot is required.

D.

A reboot is not required.

Full Access
Question # 10

Which two statements are correct about the processing of NAT rules within a rule set? (Choose two.)

A.

NAT rule processing processes all rules.

B.

NAT rule processing stops at the first match.

C.

NAT rules are processed from top to bottom.

D.

NAT rules are processed from bottom to top.

Full Access
Question # 11

Which statement is correct about exception traffic?

A.

Exception traffic is only handled on the Packet Forwarding Engine.

B.

Exception traffic is rate-limited on the connection between the Packet Forwarding Engine and the Routing Engine.

C.

Exception traffic is anything that is rejected by security policies and requires additional processing.

D.

Exception traffic refers to malformed IP packets received on the Packet Forwarding Engine.

Full Access
Question # 12

Click the Exhibit button.

Question # 12

Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)

A.

There is no change to the original source IP address.

B.

The original source IP address was translated to a new source IP address.

C.

There is no change to the original destination IP address.

D.

The original destination IP address was translated to a new destination IP address.

Full Access
Question # 13

Which two security policies are installed by default on SRX 300 Series Firewalls? (Choose two.)

A.

a security policy to allow all traffic from the untrust zone to the trust zone

B.

a security policy to allow all traffic from the trust zone to the untrust zone

C.

a security policy to allow all traffic from the management zone to the trust zone

D.

a security policy to allow all traffic from the trust zone to the trust zone

Full Access
Question # 14

Your company is acquiring a smaller company that uses the same private address range that your company currently uses in its North America division. You have a limited number of public IP addresses to use for the acquisition. You want to allow the new acquisition ' s users to connect to the existing services in North America.

Which two features would you enable on your SRX Series Firewall to accomplish this task? (Choose two.)

A.

IDP

B.

NAT

C.

BGP

D.

PAT

Full Access
Question # 15

Which two products will allow security policy management on SRX Series devices? (Choose two.)

A.

Juniper Mist

B.

Security Director

C.

JIMS

D.

JSA

Full Access
Question # 16

What happens when traffic is matched by a unified security policy?

A.

Further processing stops and traffic is assigned a dynamic application.

B.

Processing continues until it matches three or more policies.

C.

Further policy processing stops and applies the action.

D.

Processing continues to any additional unified policies.

Full Access
Question # 17

Click the Exhibit button.

Question # 17

Which security policy component is highlighted in the exhibit?

A.

security zone context

B.

unique policy name

C.

match criteria

D.

policy action

Full Access
Question # 18

What is transit traffic in the Junos OS?

A.

It is traffic that is processed solely through the forwarding plane.

B.

It is traffic that is rate-limited to prevent denial-of-service attacks.

C.

It is traffic that is processed by the control plane.

D.

It is traffic that requires special handling by the Routing Engine.

Full Access
Question # 19

Which type of NAT performs port address translation?

A.

interface-based source NAT

B.

static NAT

C.

source NAT with address shifting

D.

destination NAT without port forwarding

Full Access
Question # 20

A new packet arrives on an interface on your SRX Series Firewall that is assigned to the trust security zone.

In this scenario, how does the SRX Series Firewall determine the egress security zone?

A.

by performing a session lookup

B.

by examining the destination port

C.

by performing a route lookup

D.

by examining the ingress security zone properties

Full Access
Question # 21

Referring to the exhibit, which type of NAT is the SRX Series Firewall performing?

Question # 21

A.

source NAT without PAT

B.

destination NAT with PAT

C.

source NAT with PAT

D.

destination NAT without PAT

Full Access
Question # 22

Which two criteria would be used for matching in security policies? (Choose two.)

A.

MAC address

B.

source address

C.

interface name

D.

applications

Full Access
Question # 23

In which order does Junos OS process the various forms of NAT?

A.

static NAT, destination NAT, source NAT

B.

destination NAT, source NAT, static NAT

C.

source NAT, static NAT, destination NAT

D.

source NAT, destination NAT, static NAT

Full Access
Question # 24

Which two statements are correct about the Junos OS architecture? (Choose two.)

A.

Junos is built using a collection of interdependent software processes.

B.

Junos is built using independent software processes.

C.

Restarting a single software process causes synchronization issues until other processes are restarted.

D.

Individual software processes can be restarted without impacting the others.

Full Access
Question # 25

You are troubleshooting first path traffic not passing through an SRX Series Firewall. You have determined that the traffic is ingressing and egressing the correct interfaces using a route lookup.

In this scenario, what is the next step in troubleshooting why the device may be dropping the traffic?

A.

Verify that the interfaces are in the correct security zones.

B.

Verify the routing protocol being used.

C.

Verify that source NAT is occurring.

D.

Verify that the correct ALG is being used.

Full Access
Question # 26

You want to enable NextGen Web Filtering (NGWF) on your SRX Series Firewall.

Which two actions must you perform in this scenario? (Choose two.)

A.

Install a NextGen Web Filtering feature license.

B.

Enable NextGen Web Filtering as the default Web Filtering type.

C.

Assign a public IP address to the loopback interface.

D.

Enable SSL host inbound traffic on the untrust security zone.

Full Access
Question # 27

Click the Exhibit button.

Question # 27

Which type of policy is shown in the exhibit?

A.

global policy

B.

inter-zone policy

C.

intra-zone policy

D.

default policy

Full Access
Question # 28

Your manager asks you to ping 192.0.2.128. The ping fails and you do not know why, so you enable a trace option on your SRX Series Firewall.

Question # 28

Referring to the exhibit, what is the reason for this behavior?

A.

It is matching a web filter.

B.

It is matching an ALG.

C.

It is matching a screen.

D.

There is no known route.

Full Access
Question # 29

Which two statements describe what Port Address Translation (PAT) does? (Choose two.)

A.

It maps an external IP address to an internal IP address.

B.

It enables multiple external clients to initiate a connection with multiple internal devices.

C.

It enables multiple internal devices to share a single external IP address.

D.

It maps an internal IP address to an external IP address and port number.

Full Access
Question # 30

You want to show the effectiveness of your SRX Series Firewall content filter.

Which operational mode command would you use in this scenario?

A.

show security utm anti-spam status

B.

show security utm anti-virus status

C.

show security web filtering status

D.

show security utm content-filtering statistics

Full Access
Question # 31

You are not able to ping an interface on an SRX Series Firewall.

Which two actions should you take to solve this issue? (Choose two.)

A.

Assign the interface to a security zone.

B.

Create a security policy to allow ping traffic.

C.

Assign the interface to the null zone.

D.

Configure the ICMP protocol for host-inbound-traffic.

Full Access
Question # 32

Which statement is correct about capturing transit packets on an SRX Series Firewall?

A.

You can capture transit packets on the egress interface using a firewall filter.

B.

You can capture transit packets by using a firewall filter on the loopback interface.

C.

You can capture transit packets by using the tcpdump utility in the shell.

D.

You can capture transit packets using sampling and port mirroring.

Full Access
Question # 33

You need to capture control plane traffic on a high-end SRX Series device.

How would you accomplish this task?

A.

Configure a packet capture under the edit security datapath-debug capture hierarchy.

B.

Apply a firewall filter matching the desired traffic using the sample action.

C.

Start a shell then use the tcpdump tool.

D.

Apply a port mirroring configuration under the edit forwarding options hierarchy.

Full Access