Ensurepass

QUESTION 61

Click the Exhibit button.

 

[edit security policies]

user@hostl# show

from-zone Private to-zone External {

policy MyTraffic {

match {

source-address myHosts;

destination-address ExtServers;

application [ junos-ftp junos-bgp ];

}

then {

permit {

tunnel {

ipsec-vpn vpnTunnel;

}}}}}

policy-rematch;

 

In the configuration shown in the exhibit, you decided to eliminate the junos-ftp application from the match condition of the policy MyTraffic. What will happen to the existing FTP and BGP sessions?

 

A.

The existing FTP and BGP sessions will continue.

B.

The existing FTP and BGP sessions will be re-evaluated and only FTP sessions will be dropped.

C.

The existing FTP and BGP sessions will be re-evaluated and all sessions will be dropped.

D.

The existing FTP sessions will continue and only the existing BGP sessions will be dropped.

 

Correct Answer: B

 

 

QUESTION 62

Click the Exhibit button.

 

[edit security policies from-zone HR to-zone trust] user@host# show

policy two {

match {

source-address subnet_a;

destination-address host_b;

application [ junos-telnet junos-ping ];

}

then {

reject;

}} policy one {

match {

source-address host_a;

destination-address subnet_b;

application any;

}

then {

permit;

}}

host_a is in subnet_a and host_b is in subnet_b.

 

Given the configuration shown in the exhibit, which statement is true about traffic from host_a to host_b?

 

A.

DNS traffic is denied.

B.

Telnet traffic is denied.

C.

SMTP traffic is denied.

D.

Ping traffic is permitted.

 

Correct Answer: B

 

 

QUESTION 63

Click the Exhibit button.

 

[edit security policies from-zone HR to-zone trust] user@host# show

policy one {

match {

source-address any;

destination-address any;

application [ junos-http junos-ftp ];

}

then {

permit;

}}

policy two {

match {

source-address host_a;

destination-address host_b;

application [ junos-http junos-smtp ];

}

then {

deny;

}}

 

Assume the default-policy has not been configured. Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? (Choose two.)

 

A.

DNS traffic is denied.

B.

HTTP traffic is denied.

C.

FTP traffic is permitted.

D.

SMTP traffic is permitted.

 

Correct Answer: AC

 

 

QUESTION 64

What are two uses of NAT? (Choose two.)

 

A.

conserving public IP addresses

B.

allowing stateful packet inspection

C.

preventing unauthorized connections from outside the network

D.

allowing networks with overlapping private address space to communicate

 

Correct Answer: AD

 

 

QUESTION 65

Which two are uses of NAT? (Choose two.)

 

A.

enabling network migrations

B.

conserving public IP addresses

C.

allowing stateful packet inspection

D.

preventing unauthorized connections from outside the network

&nb
sp;

Correct Answer: AB

 

 

QUESTION 66

Which three methods of source NAT does JUNOS Software support? (Choose three.)

 

A.

interface-based source NAT

B.

source NAT with address shifting

C.

source NAT using static source pool

D.

interface-based source NAT without PAT

E.

source NAT with address shifting and PAT

 

Correct Answer: ABC

 

 

QUESTION 67

Which statement describes the behavior of source NAT with address shifting?

 

A.

Source NAT with address shifting translates both the source IP address and the source port of a packet.

B.

Source NAT with address shifting defines a one-to-one mapping from an original source IP address to a translated source IP address.

C.

Source NAT with address shifting can translate multiple source IP addresses to the same translated IP address.

D.

Source NAT with address shifting allows inbound connections to be initiated to the static source pool IP addresses.

 

Correct Answer: B

 

 

QUESTION 68

Which statement is true about interface-based source NAT?

 

A.

PAT is a requirement.

B.

It requires you to configure address entries in the junos-nat zone.

C.

It requires you to configure address entries in the junos-global zone.

D.

The IP addresses being translated must be in the same subnet as the egress interface.

 

Correct Answer: A

 

 

QUESTION 69

Which two statements are true about pool-based destination NAT? (Choose two.)

 

A.

It also supports PAT.

B.

PAT is not supported.

C.

It allows the use of an address pool.

D.

It requires you to configure an address in the junos-global zone.

 

Correct Answer: AC

 

 

QUESTION 70

Interface ge-0/0/2.0 of your device is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A webserver with IP address 10.20.20.1 is running an

HTTP service on TCP port 8080. The webserver is attached to the ge-0/0/0.0 interface of your device. You must use NAT to make the webserver reachable from the Internet using port translation. Which type of NAT must you configure?

 

A.

source NAT with address shifting

B.

pool-based source NAT

C.

static destination NAT

D.

pool-based destination NAT

 

Correct Answer: D

 

Free VCE & PDF File for Juniper JN0-331 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.