[Free] 2018(Jan) EnsurePass Dumpsleader Juniper JN0-332 Dumps with VCE and PDF 361-370
Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-332
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-332.html
Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
Question No: 361 – (Topic 4)
Click the Exhibit button.
You want to permit access to the Internet from the hr zone during a specified time. Which configuration will accomplish this task?
-
Configure a scheduler, apply it to a new policy, and insert it after internet-access to permit Internet access.
-
Configure a scheduler and apply it to the policy internet-access to deny Internet access.
-
Configure a scheduler and apply it to the policy internet-access to permit Internet access.
-
Configure a scheduler, apply it to a new policy, and insert it before internet-access to permit Internet access.
Answer: C
Question No: 362 – (Topic 4)
Click the Exhibit button.
Referring to the exhibit, you have two SRX Series devices in a chassis cluster, and Node 0 is currently the primary node. You want to ensure that traffic, using those interfaces, fails over to Node 1 when all interfaces go down.
Which configuration change should be made to ensure failover to Node 1?
-
Decrease the weight of the interfaces to 1.
-
Increase the weight of the interfaces to 255.
-
Increase the weight of the interfaces to between 86 and 128.
-
Decrease the weight of the interfaces to between 64 and 84.
Answer: D
Question No: 363 – (Topic 4)
Click the Exhibit button.
Referring to the exhibit, you have two SRX Series devices in a chassis cluster, and Node 0 is currently the primary node. You want to ensure that traffic using those interfaces fails over to Node 1 if one interface goes down.
Which configuration change should be made to ensure failover to Node 1?
-
Decrease the weight of the interfaces to 1.
-
Increase the weight of the interfaces to 255.
-
Increase the weight of the interfaces to between 128 and 254.
-
Decrease the weight of the interfaces to between 1 and 64.
Answer: B
Question No: 364 – (Topic 4)
Click the Exhibit button.
Referring to the exhibit, you have configured a scheduler to allow hosts access to the Internet during specific times. You notice that hosts are still accessing the Internet during times outside of the scheduler#39;s parameters.
What is allowing hosts to access the Internet?
-
The policy allow is allowing hosts access during unscheduled hours.
-
The policy hosts-allow should have a then statement of deny.
-
The policy hosts-allow should have an application of junos-http.
-
The policy deny should have the scheduler applied.
Answer: A
Question No: 365 – (Topic 4)
Which two statements are true when configuring security zones? (Choose two.)
-
You can assign one or more logical interfaces to a zone.
-
You can assign a logical interface to multiple zones.
-
You can assign one or more logical interfaces to a routing instance.
-
You can assign a logical interface to multiple routing instances.
Answer: A,C
Question No: 366 – (Topic 4)
Redundant Ethernet interfaces (reths) have a virtual MAC address based on which two attributes? (Choose two.)
-
interface ID of the reth
-
MAC of member interfaces
-
redundancy group ID
-
cluster ID
Answer: A,D
Question No: 367 – (Topic 4)
Click the Exhibit button.
Referring to the exhibit, which statement is correct about the IPsec configuration?
-
The IPsec tunnel endpoint does not have a static IP address.
-
IKE Phase 2 is established immediately from the hub.
-
Protocol AH is used with IKE Phase 2.
-
IKE Phase 2 uses a standard proposal.
Answer: A
Question No: 368 – (Topic 4)
You want to silently drop HTTP traffic. Which action will accomplish this task?
-
[edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show
match {
source-address any; destination-address any; application junos-http;
}
then { deny;
}
-
[edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show
match {
source-address any; destination-address any; application junos-http;
}
then { reject;
}
-
[edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show
match {
source-address any; destination-address any; application junos-http;
}
then { block;
}
-
[edit security policies from-zone untrust to-zone trust policy drop-http] user@host# show
match {
source-address any; destination-address any; application junos-http;
}
then { terminate;
}
Answer: A
Question No: 369 – (Topic 4)
You have just manually failed over Redundancy Group 0 on Node 0 to Node 1. You notice Node 0 is now in a secondary-hold state.
Which statement is correct?
-
The previous primary node moves to the secondary-hold state because an issue occurred during failover. It stays in that state until the issue is resolved.
-
The previous primary node moves to the secondary-hold state and stays there until manually reset, after which it moves to the secondary state.
-
The previous primary node moves to the secondary-hold state and stays there until the hold-down interval expires, after which it moves to the secondary state.
-
The previous primary node moves to the secondary-hold state and stays there until manually failed back to the primary node.
Answer: C
Question No: 370 – (Topic 4)
You are asked to implement the hashing algorithm that uses the most bits in the calculation on your Junos security device.
Which algorithm should you use?
-
SHA-512
-
SHA-256
-
MD5-Plus
-
MD5
Answer: B