Black Friday Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Juniper JN0-231 Security-Associate (JNCIA-SEC) Exam Practice Test

Page: 1 / 10
Total 101 questions

Security-Associate (JNCIA-SEC) Questions and Answers

Question 1

Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?

Options:

A.

infected host cloud feed

B.

Geo IP feed

C.

C&C cloud feed

D.

blocklist feed

Question 2

Which two components are configured for host inbound traffic? (Choose two.)

Options:

A.

zone

B.

logical interface

C.

physical interface

D.

routing instance

Question 3

You want to provide remote access to an internal development environment for 10 remote developers.

Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

Options:

A.

an additional license for an SRX Series device

B.

Juniper Secure Connect client software

C.

an SRX Series device with an SPC3 services card

D.

Marvis virtual network assistant

Question 4

You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file.

In this scenario, which command would accomplish this task?

Options:

A.

configure master

B.

cli privileged

C.

configure exclusive

D.

configure

Question 5

You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are allocated a single public IP address.

In this scenario, which two NAT elements should you configure? (Choose two.)

Options:

A.

destination NAT

B.

NAT pool

C.

source NAT

D.

static NAT

Question 6

Which two UTM features should be used for tracking productivity and corporate user behavior? (Choose two.)

Options:

A.

the content filtering UTM feature

B.

the antivirus UTM feature

C.

the Web filtering UTM feature

D.

the antispam UTM feature

Question 7

When configuring antispam, where do you apply any local lists that are configured?

Options:

A.

custom objects

B.

advanced security policy

C.

antispam feature-profile

D.

antispam UTM policy

Question 8

Which Web filtering solution uses a direct Internet-based service for URL categorization?

Options:

A.

Juniper ATP Cloud

B.

Websense Redirect

C.

Juniper Enhanced Web Filtering

D.

local blocklist

Question 9

What must be enabled on an SRX Series device for the reporting engine to create reports?

Options:

A.

System logging

B.

SNMP

C.

Packet capture

D.

Security logging

Question 10

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

Options:

A.

firewall filters

B.

UTM

C.

Juniper ATP Cloud

D.

IPS

Question 11

Which statement is correct about static NAT?

Options:

A.

Static NAT supports port translation.

B.

Static NAT rules are evaluated after source NAT rules.

C.

Static NAT implements unidirectional one-to-one mappings.

D.

Static NAT implements unidirectional one-to-many mappings.

Question 12

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the

Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.

Which two NAT types must be used to complete this project? (Choose two.)

Options:

A.

static NAT

B.

hairpin NAT

C.

destination NAT

D.

source NAT

Question 13

What is the main purpose of using screens on an SRX Series device?

Options:

A.

to provide multiple ports for accessing security zones

B.

to provide an alternative interface into the CLI

C.

to provide protection against common DoS attacks

D.

to provide information about traffic patterns traversing the network

Question 14

Which statement is correct about global security policies on SRX Series devices?

Options:

A.

The to-zone any command configures a global policy.

B.

The from-zone any command configures a global policy.

C.

Global policies are always evaluated first.

D.

Global policies can include zone context.

Question 15

Which two statements are correct about IKE security associations? (Choose two.)

Options:

A.

IKE security associations are established during IKE Phase 1 negotiations.

B.

IKE security associations are unidirectional.

C.

IKE security associations are established during IKE Phase 2 negotiations.

D.

IKE security associations are bidirectional.

Page: 1 / 10
Total 101 questions