Juniper JN0-230 Free Practice Questions

NEW QUESTION 1
Exhibit.

Which statement is correct regarding the interface configuration shown in the exhibit?

• A. The interface MTU has been increased.
• B. The IP address has an invalid subnet mask.
• C. The IP address is assigned to unit 0.
• D. The interface is assigned to the trust zone by default.

Answer: C

NEW QUESTION 2
Users should not have access to Facebook, however, a recent examination of the logs security show that users are accessing Facebook.
Referring to the exhibit,

what should you do to solve this problem?

• A. Change the source address for the Block-Facebook-Access rule to the prefix of the users
• B. Move the Block-Facebook-Access rule before the Internet-Access rule
• C. Move the Block-Facebook-Access rule from a zone policy to a global policy
• D. Change the Internet-Access rule from a zone policy to a global policy

Answer: B

NEW QUESTION 3
Which UTM feature should you use to protect users from visiting certain blacklisted websites?

• A. Content filtering
• B. Web filtering
• C. Antivirus
• D. antispam

Answer: B

NEW QUESTION 4
Which two segments describes IPsec VPNs? (Choose two.)

• A. IPsec VPN traffic is always authenticated.
• B. IPsec VPN traffic is always encrypted.
• C. IPsec VPNs use security to secure traffic over a public network between two remote sites.
• D. IPsec VPNs are dedicated physical connections between two private networks.

Answer: AC

NEW QUESTION 5
Which management software supports metadata-based security policies that are ideal for cloud deployments?

• A. Security Director
• B. J-Web
• C. Network Director
• D. Sky Enterprise

Answer: A

NEW QUESTION 6
You have configured antispam to allow e-mail from example.com, however the logs you see thatjcart@example.comis blocked
Referring to the exhibit.

What are two ways to solve this problem?

• A. Verify connectivity with the SBL server.
• B. Addjcart@exmple.comto the profile antispam address whitelist.
• C. Deletejcart@example.comfrom the profile antispam address blacklist
• D. Deletejcart@example.comfrom the profile antispam address whitelist

Answer: BC

NEW QUESTION 7
Referring to the exhibit.

Which type of NAT is being performed?

• A. Source NAT with PAT
• B. Source NAT without PAT
• C. Destination NAT without PAT
• D. Destination NAT with PAT

Answer: A

NEW QUESTION 8
Which statement about IPsec is correct?

• A. IPsec can be used to transport native Layer 2 packets.
• B. IPsec can provide encapsulation but not encryption
• C. IPsec is a standards-based protocol.
• D. IPsec is used to provide data replication

Answer: C

NEW QUESTION 9
You want to generate reports from the l-Web on an SRX Series device. Which logging mode would you use in this scenario?

• A. Syslog
• B. Stream
• C. Event
• D. local

Answer: B

NEW QUESTION 10
You are concerned that unauthorized traffic is using non-standardized ports on your network.
In this scenario, which type of security feature should you implement?

• A. Application firewall
• B. Sky ATP
• C. Firewall filters
• D. Zone-based policies

Answer: A

NEW QUESTION 11
Which statements about NAT are correct? (Choose two.)

• A. When multiple NAT rules have overlapping match conditions, the rule listed first is chosen.
• B. Source NAT translates the source port and destination IP address.
• C. Source NAT translates the source IP address of packet.
• D. When multiple NAT rules have overlapping match conditions, the most specific rule is chosen.

Answer: AC

NEW QUESTION 12
What are the valid actions for a source NAT rule in J-Web? (choose three.)

• A. On
• B. Off
• C. Pool
• D. Source
• E. interface

Answer: BCE

Explanation:
Explanation
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/nat-security-source-and-source-pool.html

NEW QUESTION 13
You are configuring an IPsec VPN tunnel between two location on your network. Each packet must be encrypted and authenticated.
Which protocol would satisfy these requirements?

• A. MD5
• B. ESP
• C. AH
• D. SHA

Answer: B

NEW QUESTION 14
You have created a zones-based security policy that permits traffic to a specific webserver for the marketing team. Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the server they are unable to do so.
What are two reasons for this access failure? (Choose two.)

• A. You failed to change the source zone to include any source zone.
• B. You failed to position the policy after the policy that denies access to the webserver.
• C. You failed to commit the policy change.
• D. You failed to position the policy before the policy that denies access the webserver

Answer: CD

NEW QUESTION 15
Which two statements are true about security policy actions? (Choose two.)

• A. The reject action drops the traffic and sends a message to the source device.
• B. The deny action silently drop the traffic.
• C. The deny action drops the traffic and sends a message to the source device.
• D. The reject action silently drops the traffic.

Answer: AB

NEW QUESTION 16
What is the purpose of the Shadow Policies workspace in J-Web?

• A. The Shadow Policies workspace shows unused security policies due to policy overlap.
• B. The Shadow Policies workspace shows unused IPS policies due to policy overlap.
• C. The Shadow Policies workspace shows used security policies due to policy overlap
• D. The Shadow Policies workspace shows used IPS policies due to policy overlap

Answer: A

NEW QUESTION 17
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.
In this scenario, what must be configured to solve this problem?

• A. A security policy allowing SSH traffic.
• B. A host-inbound-traffic setting on the incoming zone
• C. An MTU value target than the default value
• D. A screen on the internal interface

Answer: B

NEW QUESTION 18
Which statements is correct about Junos security zones?

• A. User-defined security must contain at least one interface.
• B. Security policies are referenced within a user-defined security zone.
• C. Logical interface are added to user defined security zones
• D. User-defined security must contains the key word ‘’zone’’

Answer: C

NEW QUESTION 19
Which two statements are correct about using global-based policies over zone-based policies? (Choose two.)

• A. With global-based policies, you do not need to specify a destination zone in the match criteria.
• B. With global-based policies, you do not need to specify a source zone in the match criteria.
• C. With global-based policies, you do not need to specify a destination address in the match criteria.
• D. With global-based policies, you do not need to specify a source address in the match criteria.

Answer: AB

NEW QUESTION 20
You want to automatically generate the encryption and authentication keys during IPsec VPN establishment. What would be used to accomplish this task?

• A. IPsec
• B. Diffie_Hellman
• C. Main mode
• D. Aggregate mode

Answer: B

NEW QUESTION 21
Which type of security policy protect restricted services from running on non-standard ports?

• A. Application firewall
• B. IDP
• C. Sky ATP
• D. antivirus

Answer: B

NEW QUESTION 22
You are designing a new security policy on an SRX Series device. You must block an application and log all occurrence of the application access attempts.
In this scenario, which two actions must be enabled in the security policy? (Choose two.)

• A. Log the session initiations
• B. Enable a reject action
• C. Log the session closures
• D. Enable a deny action

Answer: AD

NEW QUESTION 23
Your company uses SRX Series devices to secure the edge of the network. You are asked protect the company from ransom ware attacks.
Which solution will satisfy this requirement?

• A. Sky ATP
• B. AppSecure
• C. Unified security policies
• D. screens

Answer: A

NEW QUESTION 24
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a dynamic IP address?

• A. Configure the IPsec policy to use MDS authentication.
• B. Configure the IKE policy to use aggressive mode.
• C. Configure the IPsec policy to use aggressive mode.
• D. Configure the IKE policy to use a static IP address

Answer: B

NEW QUESTION 25
Which security feature is applied to traffic on an SRX Series device when the device is running n packet mode?

• A. Sky ATP
• B. ALGs
• C. Firewall filters
• D. Unified policies

Answer: C

NEW QUESTION 26
......