Ensurepass

QUESTION 51

Click the Exhibit button.

 

[edit security policies]

user@host# show

from-zone trust to-zone untrust {

policy AllowHTTP{

match {

source-address HOSTA;

destination-address any;

application junos-ftp;

}

then {

permit;

}}

policy AllowHTTP2{

match {

source-address any;

destination-address HOSTA;

application junos-http;

}

then {

permit;

}}

policy AllowHTTP3{

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}}}

 

A flow of HTTP traffic needs to go from HOSTA to HOSTB. Assume that traffic will initiate from HOSTA and that HOSTA is in zone trust and HOSTB is in zone untrust. What will happen to the traffic given the configuration in the exhibit?

 

A.

The traffic will be permitted by policy AllowHTTP.

B.

The traffic will be permitted by policy AllowHTTP3.

C.

The traffic will be permitted by policy AllowHTTP2.

D.

The traffic will be dropped as no policy match will be found.

 

Correct Answer: B

 

 

QUESTION 52

Which three advanced permit actions within security policies are valid? (Choose three.)

 

A.

Mark permitted traffic for firewall user authentication.

B.

Mark permitted traffic for SCREEN options.

C.

Associate permitted traffic with an IPsec tunnel.

D.

Associate permitted traffic with a NAT rule.

E.

Mark permitted traffic for IDP processing.

 

Correct Answer: ACE

 

 

QUESTION 53

Which two security policy actions are valid? (Choose two.)

 

A.

deny

B.

discard

C.

reject

D.

close

 

Correct Answer: AC

 

 

 

 

QUESTION 54

Your task is to provision the JUNOS security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.

Which configuration meets this requirement?

 

A.

[edit security policies from-zone Private to-zone External]

user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

}

}

log {

session-init;

}}}

B.

[edit security policies from-zone Private to-zone External]

user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

}}

count {

session-close;

}}}

C.

[edit security policies from-zone Private to-zone External]

user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

}}

log {

session-close;

}}}

D.

[edit security policies from-zone Private to-zone External]

user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn VPN;

log;

count session-close;

}}}}

 

Correct Answer: C

 

 

QUESTION 55

You want to create a security policy allowing traffic from any host in the Trust zone to hostb.example.com (172.19.1.1) in the Untrust zone. How do you create this policy?

 

A.

Specify the IP address (172.19.1.1/32) as the destination address in the policy.

B.

Specify the DNS entry (hostb.example.com.) as the destination address in the policy.

C.

Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

D.

Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.

 

Correct Answer: D

 

 

QUESTION 56

What is the purpose of an address book?

 

A.

It holds security policies for particular hosts.

B.

It holds statistics about traffic to and from particular hosts.

C.

It defines hosts in a zone so they can be referenced by policies.

D.

It maps hostnames to IP addresses to serve as a backup to DNS resolution.

 

Correct Answer: C

 

 

QUESTION 57

Click the Exhibit button.

 

[edit schedulers]

user@host# show

scheduler now {

monday all-day;

tuesday exclude;

wednesday {

start-time 07:00:00 stop-time 18:00:00;

}

thursday {

start-time 07:00:00 stop-time 18:00:00;

}}

[edit security policies from-zone Private to-zone External]

user@host# show

policy allowTransit {

match {

source-address PrivateHosts;

destination-address ExtServers;

application ExtApps;

}

then {

permit {

tunnel {

ipsec-vpn myTunnel;

}}}

scheduler-name now;

}

 

Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?

 

A.

The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.

B.

The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.

C.

The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.

D.

The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.

 

Correct Answer: C

 

 

QUESTION 58

Which configuration keyword ensures that all in-progress sessions are re-evaluated upon committing a security policy change?

 

A.

policy-rematch


B.

policy-evaluate

C.

rematch-policy

D.

evaluate-policy

 

Correct Answer: A

 

 

QUESTION 59

Click the Exhibit button.

 

[edit security policies]

user@host# show

from-zone Private to-zone External {

policy MyTraffic {

match {

source-address myHosts;

destination-address ExtServers;

application [ junos-ftp junos-bgp ];

}

then {

permit {

tunnel {

ipsec-vpn vpnTunnel;

}}}}}

policy-rematch;

 

In the exhibit, you decided to change myHosts addresses. What will happen to the new sessions matching the policy and in-progress sessions that had already matched the policy?

 

A.

New sessions will be evaluated. In-progress sessions will be re-evaluated.

B.

New sessions will be evaluated. All in-progress sessions will continue.

C.

New sessions will be evaluated. All in-progress sessions will be dropped.

D.

New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

 

Correct Answer: A

 

 

QUESTION 60

Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessions when you change the policy action from permit to deny?

 

A.

The new sessions matching the policy are denied. The existing sessions are dropped.

B.

The new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.

C.

The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.

D.

The new sessions matching the policy are denied. The existing sessions continue until they are
completed or their timeout is reached.

 

Correct Answer: A

 

Free VCE & PDF File for Juniper JN0-331 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.