Ensurepass

QUESTION 31

Click the Exhibit button.

 

[edit security zones security-zone HR]

user@host# show

host-inbound-traffic {

system-services {

ping;

ssh;

https;

}}

interfaces {

ge-0/0/0.0;

ge-0/0/1.0 {

host-inbound-traffic {

system-services {

ping;

}}}

ge-0/0/2.0 {

host-inbound-traffic {

system-services {

ping;

ftp;

}}}

< font face="Arial">ge-0/0/3.0 {

host-inbound-traffic {

system-services {

all;

ssh {

except;

}}}

}}

 

All system services have been enabled. Given the configuration shown in the exhibit, which interface allows both ping and SSH traffic?

 

A.

ge-0/0/0.0

B.

ge-0/0/1.0

C.

ge-0/0/2.0

D.

ge-0/0/3.0

 

Correct Answer: A

 

 

QUESTION 32

Click the Exhibit button.

 

user@host> show interfaces ge-0/0/0.0 | match host-inbound

Allowed host-inbound traffic: bgp ospf

 

Which configuration would result in the output shown in the exhibit?

 

A.

[edit security zones functional-zone management]

user@host# show

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

protocols {

bgp;

ospf;

vrrp;

}}}}

host-inbound-traffic {

protocols {

all;

vrrp {

except;

}}}

B.

[edit security zones functional-zone management]

user@host# show

host-inbound-traffic {

protocols {

bgp;

ospf;

}}

C.

[edit security zones security-zone trust]

user@host# show

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

protocols {

ospf;

bgp;

}}}}

D.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

protocols {

bgp;

}}

interfaces {

all {

host-inbound-traffic {

protocols {

ospf;

}}}}

 

Correct Answer: C

 

 

QUESTION 33

Click the Exhibit button.

 

user@host> show interfaces ge-0/0/0.0 | match host-inbound

Allowed host-inbound traffic: ping ssh telnet

 

Which configuration would result in the output shown in the exhibit?

 

A.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

system-services {

ping;

telnet;

}}

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

system-services {

ssh;

telnet;

}}}}

B.

[edit security zones functional-zone management]

user@host# show

interfaces {

all;

}

host-inbound-traffic {

system-services {

all;

ftp {

except;

}}}

C.

[edit security zones functional-zone management]

user@host# show

interfaces {

all {

host-inbound-traffic {

system-services {

ping;

}}}}

host-inbound-traffic {

system-services {

telnet;

ssh;

}}

D.

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

system-services {

ssh;

ping;

telnet;

}}

interfaces {

ge-0/0/3.0 {

host-inbound-traffic {

system-services {

ping;

}}}

ge-0/0/0.0;

}

 

Correct Answer: D

 

QUESTION 34

Click the Exhibit button.

 

[edit security]

user@host# show

zones {

security-zone ZoneA {

tcp-rst;

host-inbound-traffic {

system-services {

ping;

telnet;

}}

interfaces {

ge-0/0/0.0;

ge-0/0/1.0;

}}

security-zone ZoneB {

interfaces {

ge-0/0/3.0;

}}}

policies {

from-zone ZoneA to-zone ZoneB {

policy A-to-B {

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}}}}

 

In the exhibit, a host attached to interface ge-0/0/0.0 sends a SYN packet to open a Telnet connection to the device’s ge-0/0/1.0 IP address. What does the device do?

 

A.

The device sends back a TCP reset packet.

B.

The device silently discards the packet.

C.

The device forwards the packet out the ge-0/0/1.0 interface.

D.

The device responds with a TCP SYN/ACK packet and opens the connection.

 

Correct Answer: B

 

 

QUESTION 35

Which two commands can be used to monitor firewall user authentication? (Choose two.)

 

A.

show access firewall-authentication

B.

show security firewall-authentication users

C.

show security audit log

D.

show security firewall-authentication history

 

Correct Answer: BD

 

 

QUESTION 36

Which two statements regarding external authentication servers for firewall user authentication are true? (Choose two.)

 

A.

Up to three external authentication server types can be used simultaneously.

B.

Only one external authentication server type can be used simultaneously.

C.

If the local password database is not configured in the authentication order, and the configured authentication server is unreachable, authentication is not performed.

D.

If the local password database is not configured in the authentication order, and the configured authentication server rejects the authentication request, authentication is not performed.

 

Correct Answer: BD

 

 

QUESTION 37

Which two external authentication server types are supported by JUNOS Software for firewall user authentication? (Choose two.)

 

A.

RADIUS

B.

TACACS+

C.

LDAP

D.

IIS

 

Correct Answer: AC

 

 

QUESTION 38

Click the Exhibit button.

 

[edit security zones security-zone trust]

user@host# show

host-inbound-traffic {

system-services {

all;

}}

interfaces {

ge-0/0/0.0;

}

 

Referring to the exhibit, which two traffic types are permitted when the destination is the ge-0/0/0.0 IP address? (Choose two.)

 

A.

Telnet

B.

OSPF

C.

ICMP

D.

RIP

 

Correct Answer: AC

 

 

QUESTION 39

Which two statements about the use of SCREEN options are correct? (Choose two.)

 

A.

SCREEN options are deployed at the ingress and egress sides of a packet flow.

B.

Although SCREEN options are very useful, their use can result in more session creation.

C.

SCREEN options offer protection against various attacks at the ingress zone of a packet flow.

D.

SCREEN opti
ons examine traffic prior to policy processing, thereby resulting in fewer resouces used for malicious packet processing.

 

Correct Answer: CD

 

 

QUESTION 40

Which two statements about the use of SCREEN options are correct? (Choose two.)

 

A.

SCREEN options offer protection against various attacks.

B.

SCREEN options are deployed prior to route and policy processing in first path packet processing.

C.

SCREEN options are deployed at the ingress and egress sides of a packet flow.

D.

When you deploy SCREEN options, you must take special care to protect OSPF.

 

Correct Answer: AB

 

Free VCE & PDF File for Juniper JN0-331 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.