站内搜索
JN0-331 问题列表
问题
多选题What are three benefits of using chassis clustering?()AProvides stateful session failover for sessions.BIncreases security capabilities for IPsec sessions.CProvides active-passive control and data plane redundancy.DEnables automated fast-reroute capabilities.ESynchronizes configuration files and session state
问题
单选题What is the purpose of a zone in JUNOS Software?()A
A zone defines a group of security devices with a common management.B
A zone defines the geographic region in which the security device is deployed.C
A zone defines a group of network segments with similar security requirements.D
A zone defines a group of network segments with similar class-of-service requirements.
问题
多选题Which three statements are true regarding IDP?()AIDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.BIDP inspects traffic up to the Application layer.CIDP searches the data stream for specific attack patterns.DIDP inspects traffic up to the Presentation layer.EIDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
问题
单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()A
close-connectionB
terminate-connectionC
close-client-and-serverD
terminate-session
问题
单选题Regarding secure tunnel (st) interfaces, which statement is true?()A
You cannot assign st interfaces to a security zone.B
You cannot apply static NAT on an st interface logical unit.C
st interfaces are optional when configuring a route-based VPND
A static route can reference the st interface logical unit as the next-hop
问题
多选题Which two statements are true regarding high-availability chassis clustering?()AA chassis cluster consists of two devices.BA chassis cluster consists of two or more devices.CDevices participating in a chassis cluster can be different models.DDevices participating in a chassis cluster must be the same models
问题
多选题Which two statements describe the difference between JUNOS Software for securityplatforms and a traditional router?()AJUNOS Software for security platforms supports NAT and PAT; a traditional router does not support NAT or PAT.BJUNOS Software for security platforms does not forward traffic by default; a traditional router forwards traffic by default.CJUNOS Software for security platforms uses session-based forwarding; a traditional router uses packet-based forwarding.DJUNOS Software for security platforms performs route lookup for every packet; a traditional router performs route lookup only for the first packet.
问题
单选题When applying the configuration in the exhibit and initializing a chassis cluster, which statement is correct?() [edit chassis] user@host# show cluster { reth-count 3; redundancy-group 1 { node 0 priority 1; node 1 priority 100; } }A
Three physical interfaces are redundant.B
You must define an additional redundancy group.C
node 0 will immediately become primary for redundancy group 1.D
You must issue an operational command and reboot the system for the above configuration to take effect.
问题
单选题By default, which condition would cause a session to be removed from the session table?()A
Route entry for the session changed.B
Security policy for the session changed.C
The ARP table entry for the source IP address timed out.D
No traffic matched the session during the timeout period.
问题
单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A
The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B
The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C
The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D
The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
问题
多选题Which two external authentication server types are supported by JUNOS Software for firewall user authentication?()ARADIUSBTACACS+CLDAPDIIS
问题
单选题Which statement is true about interface-based source NAT?()A
PAT is a requirement.B
It requires you to configure address entries in the junos-nat zone.C
It requires you to configure address entries in the junos-global zone.D
The IP addresses being translated must be in the same subnet as the egress interface.
问题
多选题Which two statements about static NAT are true?()AStatic NAT can only be used with destination NAT.BStatic NAT rules take precedence over overlapping dynamic NAT rules.CDynamic NAT rules take precedence over overlapping static NAT rules.DA reverse mapping is automatically created.
问题
多选题Which two are uses of NAT?()Aenabling network migrationsBconserving public IP addressesCallowing stateful packet inspectionDpreventing unauthorized connections from outside the network