Weekend Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

JN0-231 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

JN0-231 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Security-Associate (JNCIA-SEC)
  • Last Update: Sep 15, 2024
  • Questions and Answers: 101
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

JN0-231 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

JN0-231 Practice Exam Questions with Answers Security-Associate (JNCIA-SEC) Certification

Question # 6

Which statement about NAT is correct?

A.

Destination NAT takes precedence over static NAT.

B.

Source NAT is processed before security policy lookup.

C.

Static NAT is processed after forwarding lookup.

D.

Static NAT takes precedence over destination NAT.

Full Access
Question # 7

You are monitoring an SRX Series device that has the factory-default configuration applied.

In this scenario, where are log messages sent by default?

A.

Junos Space Log Director

B.

Junos Space Security Director

C.

to a local syslog server on the management network

D.

to a local log file named messages

Full Access
Question # 8

You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.

Which NAT configuration is appropriate in this scenario?

A.

source NAT with PAT

B.

destination NAT

C.

NAT-T

D.

static NAT

Full Access
Question # 9

When operating in packet mode, which two services are available on the SRX Series device? (Choose two.)

A.

MPLS

B.

UTM

C.

CoS

D.

IDP

Full Access
Question # 10

You want to implement user-based enforcement of security policies without the requirement of certificates and supplicant software.

Which security feature should you implement in this scenario?

A.

integrated user firewall

B.

screens

C.

802.1X

D.

Juniper ATP

Full Access
Question # 11

Which two traffic types are considered exception traffic and require some form of special handling by the PFE? (Choose two.)

A.

SSH sessions

B.

ICMP reply messages

C.

HTTP sessions

D.

traceroute packets

Full Access
Question # 12

You want to provide remote access to an internal development environment for 10 remote developers.

Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

A.

an additional license for an SRX Series device

B.

Juniper Secure Connect client software

C.

an SRX Series device with an SPC3 services card

D.

Marvis virtual network assistant

Full Access
Question # 13

In J-Web. the management and loopback address configuration option allows you to configure which area?

A.

the IP address of the primary Gigabit Ethernet port

B.

the IP address of the Network Time Protocol server

C.

the CIDR address

D.

the IP address of the device management port

Full Access
Question # 14

Which two components are configured for host inbound traffic? (Choose two.)

A.

zone

B.

logical interface

C.

physical interface

D.

routing instance

Full Access
Question # 15

What is an IP addressing requirement for an IPsec VPN using main mode?

A.

One peer must have dynamic IP addressing.

B.

One peer must have static IP addressing.

C.

Both peers must have dynamic IP addresses.

D.

Both peers must have static IP addressing.

Full Access
Question # 16

Click the Exhibit button.

JN0-231 question answer

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

A.

[edit security policies from-zone trust to-zone dmz]

user@vSRX-1#

B.

[edit]

user@vSRX-1#

C.

[edit security policies]

user@vSRX-1#

D.

user@vSRX-1>

Full Access
Question # 17

SRX Series devices have a maximum of how many rollback configurations?

A.

40

B.

60

C.

50

D.

10

Full Access
Question # 18

Which feature would you use to protect clients connected to an SRX Series device from a SYN flood attack?

A.

security policy

B.

host inbound traffic

C.

application layer gateway

D.

screen option

Full Access
Question # 19

Which two security features inspect traffic at Layer 7? (Choose two.)

A.

IPS/IDP

B.

security zones

C.

application firewall

D.

integrated user firewall

Full Access
Question # 20

Click the Exhibit button.

JN0-231 question answer

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

A.

UDP traffic matched by the deny-all policy will be silently dropped.

B.

TCP traffic matched by the reject-all policy will have a TCP RST sent.

C.

TCP traffic matched from the zone trust is allowed by the permit-all policy.

D.

UDP traffic matched by the reject-all policy will be silently dropped.

Full Access
Question # 21

You are investigating a communication problem between two hosts and have opened a session on the SRX Series device closest to one of the hosts and entered the show security flow session command.

What information will this command provide? (Choose two.)

A.

The total active time of the session.

B.

The end-to-end data path that the packets are taking.

C.

The IP address of the host that initiates the session.

D.

The security policy name that is controlling the session.

Full Access
Question # 22

What is the number of concurrent Secure Connect user licenses that an SRX Series device has by default?

A.

3

B.

4

C.

2

D.

5

Full Access
Question # 23

You want to enable the minimum Juniper ATP services on a branch SRX Series device.

In this scenario, what are two requirements to accomplish this task? (Choose two.)

A.

Install a basic Juniper ATP license on the branch device.

B.

Configure the juniper-atp user account on the branch device.

C.

Register for a Juniper ATP account on https://sky.junipersecurity.net.

D.

Execute the Juniper ATP script on the branch device.

Full Access
Question # 24

What is the main purpose of using screens on an SRX Series device?

A.

to provide multiple ports for accessing security zones

B.

to provide an alternative interface into the CLI

C.

to provide protection against common DoS attacks

D.

to provide information about traffic patterns traversing the network

Full Access
Question # 25

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.

Which NAT type must be used to complete this project?

A.

source NAT

B.

destination NAT

C.

static NAT

D.

hairpin NAT

Full Access
Question # 26

Which two IPsec hashing algorithms are supported on an SRX Series device? (Choose two.)

A.

SHA-1

B.

SHAKE128

C.

MD5

D.

RIPEMD-256

Full Access
Question # 27

Which statement is correct about Web filtering?

A.

The Juniper Enhanced Web Filtering solution requires a locally managed server.

B.

The decision to permit or deny is based on the body content of an HTTP packet.

C.

The decision to permit or deny is based on the category to which a URL belongs.

D.

The client can receive an e-mail notification when traffic is blocked.

Full Access
Question # 28

Which two statements are correct about the default behavior on SRX Series devices? (Choose two.)

A.

The SRX Series device is in flow mode.

B.

The SRX Series device supports stateless firewalls filters.

C.

The SRX Series device is in packet mode.

D.

The SRX Series device does not support stateless firewall filters.

Full Access
Question # 29

Which statement is correct about packet mode processing?

A.

Packet mode enables session-based processing of incoming packets.

B.

Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security services.

C.

Packet mode bypasses the flow module.

D.

Packet mode is the basis for stateful processing.

Full Access
Question # 30

Which security policy type will be evaluated first?

A.

A zone policy with no dynamic application set

B.

A global with no dynamic application set

C.

A zone policy with a dynamic application set

D.

A global policy with a dynamic application set

Full Access