2025年最新の100%無料JN0-231日常練習試験には107問があります
JN0-231試験資料Juniper学習ガイド
質問 # 14
Which three Web filtering deployment actions are supported by Junos? (Choose three.)
- A. Use Websense Redirect.
- B. Use IPS.
- C. Use local lists.
- D. Use Juniper Enhanced Web Filtering.
- E. Use remote lists.
正解:A、C、D
解説:
https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html
質問 # 15
Which two statements about security policy processing on SRX series devices are true? (choose two)
- A. Traffic matching a global policy cannot be processed against a firewall filter
- B. Zone-Based security policies are processed after global policies
- C. Traffic matching a zone-based policy is not processed against global polices.
- D. Zone-Based security policies are processed before global policies.
正解:B、D
質問 # 16
Which statements about NAT are correct? (Choose two.)
- A. When multiple NAT rules have overlapping match conditions, the rule listed first is chosen.
- B. When multiple NAT rules have overlapping match conditions, the most specific rule is chosen.
- C. Source NAT translates the source IP address of packet.
- D. Source NAT translates the source port and destination IP address.
正解:A、C
質問 # 17
Which source NAT rule set would be used when a packet matches the conditions in multiple rule sets?
- A. The most specific rule set will be used
- B. The first rule set matched will be used
- C. The least specific rule set will be used
- D. The last rule set matched will be used
正解:B
質問 # 18
Click the Exhibit button.
Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)
- A. The 10.10.102.10 IP address is the source.
- B. The 10.10.102.10 IP address is the destination.
- C. The DMZ routing-instance is the destination.
- D. The DMZ routing-instance is the source.
正解:B、D
質問 # 19
Unified threat management (UTM) inspects traffic from which three protocols? (Choose three.)
- A. HTTP
- B. SMTP
- C. FTP
- D. SSH
- E. SNMP
正解:A、B、C
解説:
https://www.inetzero.com/blog/unified-threat-management-deeper-dive-traffic-inspection/
質問 # 20
Which type of security policy protect restricted services from running on non-standard ports?
- A. Application firewall
- B. antivirus
- C. Sky ATP
- D. IDP
正解:D
質問 # 21
What is the default timeout value for TCP sessions on an SRX Series device?
- A. 60 seconds
- B. 60 minutes
- C. 30 seconds
- D. 30 minutes
正解:D
解説:
By default, TCP has a 30-minute idle timeout, and UDP has a 60-second idle timeout. Additionally, known IP protocols have a 30-minute timeout, whereas unknown ones have a 60-second timeout. Setting the inactivity timeout is very useful, particularly if you are concerned about applications either timing out or remaining idle for too long and filling up the session table. According to the Juniper SRX Series Services Guide, this can be configured using the 'timeout inactive' statement for the security policy.
質問 # 22
You want to integrate an SRX Series device with SKY ATP.
What is the first action to accomplish task?
- A. Issue the commit script to register the SRX Series device.
- B. Create an account with the Sky ATP Web UI.
- C. Create the SSL VPN tunnel between the SRX Series device and Sky ATP.
- D. Copy the operational script from the Sky ATP Web UI.
正解:B
質問 # 23
Which two IKE Phase 1 configuration options must match on both peers to successfully establish a tunnel? (Choose two.)
- A. IKE mode
- B. VPN name
- C. Diffie-Hellman group
- D. gateway interfaces
正解:A、C
質問 # 24
Your company uses SRX Series devices to secure the edge of the network. You are asked protect the company from ransom ware attacks.
Which solution will satisfy this requirement?
- A. screens
- B. AppSecure
- C. Unified security policies
- D. Sky ATP
正解:D
質問 # 25
Which two elements are needed on an SRX Series device to set up a remote syslog server? (Choose two.)
- A. IP address
- B. Data type
- C. Data size
- D. Data throughput
正解:A、B
質問 # 26
You are creating Ipsec connections.
In this scenario, which two statements are correct about proxy IDs? (Choose two.)
- A. Proxy IDs are used to configure traffic selectors.
- B. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs.
- C. Proxy IDs must match for Phase 2 session establishment.
- D. Proxy IDs are optional for Phase 2 session establishment.
正解:A、D
質問 # 27
Which two statements are correct about functional zones? (Choose two.)
- A. A function is used for special purpose, such as management interface
- B. Traffic received on the management interface in the functional zone cannot transit out other interface.
- C. Functional zones separate groups of users based on their function.
- D. A functional zone uses security policies to enforce rules for transit traffic.
正解:A、B
質問 # 28
Which two security features inspect traffic at Layer 7? (Choose two.)
- A. IPS/IDP
- B. application firewall
- C. security zones
- D. integrated user firewall
正解:A、B
質問 # 29
Which statement is correct about packet mode processing?
- A. Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security services.
- B. Packet mode bypasses the flow module.
- C. Packet mode is the basis for stateful processing.
- D. Packet mode enables session-based processing of incoming packets.
正解:B
質問 # 30
You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file.
In this scenario, which command would accomplish this task?
- A. configure exclusive
- B. configure
- C. cli privileged
- D. configure master
正解:A
質問 # 31
What is the correct order of processing when configuring NAT rules and security policies?
- A. Destination NAT > policy lookup > source NAT > static NAT
- B. Static NAT > destination NAT> policy lookup > source NAT
- C. Policy lookup > source NAT > static NAT > destination NAT
- D. Source NAT > static NAT > destination NAT > policy lookup
正解:B
質問 # 32
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.
In this scenario, what must be configured to solve this problem?
- A. A host-inbound-traffic setting on the incoming zone
- B. A screen on the internal interface
- C. A security policy allowing SSH traffic.
- D. An MTU value target than the default value
正解:A
質問 # 33
......
有効な問題最新版を試そうJN0-231テスト解釈JN0-231有効な試験ガイド:https://jp.fast2test.com/JN0-231-premium-file.html
JN0-231実際の問題解答PDFは100%カバー率でリアル試験問題:https://drive.google.com/open?id=1asCq9g4-9KHBBg3PtqnV--Y9gmUfEddk