JN0-332 Online Practice Questions and Answers

Which three components can be leveraged when defining a local whitelist or blacklist for antispam on a branch SRX Series device? (Choose three.)

A. spam assassin filtering score

B. sender country

C. sender IP address

D. sender domain

E. sender e-mail address

Which IDP policy action closes the connection and sends an RST packet to both the client and the server?

A. close-connection

B. terminate-connection

C. close-client-and-server

D. terminate-session

Which two packet attributes contribute to the identification of a session? (Choose two.)

A. Destination port

B. TTL

C. IP options

D. Protocol number

Which three advanced permit actions within security policies are valid? (Choose three.)

A. Mark permitted traffic for firewall user authentication.

B. Mark permitted traffic for SCREEN options.

C. Associate permitted traffic with an IPsec tunnel.

D. Associate permitted traffic with a NAT rule.

E. Mark permitted traffic for IDP processing.

Review Below:

[edit security nat destination]

user@host# show

pool A {

address 10.1.10.5/32;

}

rule-set 1 {

from zone untrust;

rule 1A {

match {

destination-address 100.0.0.1/32;

}

then {

destination-nat pool A;

}

}

}

Which type of NAT is configured in the exhibit?

A. static destination NAT

B. static source NAT

C. pool-based destination NAT without PAT

D. pool-based destination NAT with PAT

Which statement is correct about zone and interface dependencies?

A. A logical interface can be assigned to multiple zones.

B. A zone can be assigned to multiple routing instances.

C. Logical interfaces are assigned to a zone.

D. A logical interface can be assigned to multiple routing instances.

When configuring a destination NAT rule, you notice that you are unable to configure the to match condition on an SRX Series device in this scenario, which two statements are correct? (Choose two)

A. Destination NAT occurs before the zone lookup in the flow module

B. Destination NAT occurs after the zone lookup in the flow module

C. Destination NAT occurs after the route lookup in the How module

D. Destination NAT occurs before the route lookup in the flow module

Which two types of attacks does the SRX Series device identify using screens? (Choose two)

A. Cross site scripting

B. Reconnaissance

C. Phishing

D. Suspicious packets

The local side of an IPSec VPN is an SRX Series device. The remote side of the IPSec VPN is a third-party vendor and it is using a local proxy ID of 1.1.1.1/32 and a remote proxy ID of 2.2.2 2/32.

Which two actions would you take to ensure that the IPSec VPN comes up? (Choose two.)

A. Set the proxy ID to 1.1.1.1/32 for the local ID and 2.2.2.2/32 for the remote ID for the VPN

B. Set the proxy ID to 2.2.2.2/32 for the local ID and 1.1.1.1/322 for the remote ID for the VPN

C. Set the proxy ID to 0.0.0/0/0 for the local ID and 0.0.0.0/0 for the remote ID for the VPN

D. Set the proxy ID to 0.0.0.0/32 for the local ID and 0.0.0.0/32 for the remote ID for the VPN

Click the Exhibit button.

Referring to the exhibit, which security policy configuration change must be made to allow FTP traffic to server l92.l68.l.50 from user1?

A. Change policy 2 to match on source-address user1.

B. Change policy l to match on source-address user1.

C. Change policy 2 to match on destination-address l92.l68.l.50/32.

D. Change policy l to match on destination-address l92.l68.l.50/32.