JNCIA-SEC Exam

JN0-231 Questions V9.02

JNCIA-SEC
Topics - Security - Associate
(JNCIA-SEC)
1.You are asked to configure your SRX Series device to block all traffic from certain
countries. The solution must be automatically updated as IP prefixes become
allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?
A. Geo IP
B. unified security policies
C. IDP
D. C&C feed
Answer: A

2.What is the order of the first path packet processing when a packet enters a device?
A. security policies C> screens C> zones

m
B. screens C> security policies C> zones

xa
E
C. screens C> zones C> security policies

31
D. security policies C> zones C> screens

2
0-
JN
Answer: C

s
as
P
o
T
3.You are asked to verify that a license for AppSecure is installed on an SRX Series
y
as

device.
E
te

In this scenario, which command will provide you with the required information?
ui
-Q

A. user@srx> show system license

m

B. user@srx> show services accounting

xa

C. user@srx> show configuration system

E
e
ic

D. user@srx> show chassis firmware

ct

Answer: A
ra
P
1
23
0-
JN

4.What are two features of the Juniper ATP Cloud service? (Choose two.)
ew

A. sandbox
N

B. malware detection
22
20

C. EX Series device integration

D. honeypot
Answer: A,B

5.Which statement is correct about packet mode processing?

A. Packet mode enables session-based processing of incoming packets.
B. Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security
services.
C. Packet mode bypasses the flow module.
D. Packet mode is the basis for stateful processing.
Answer: C

6.Which IPsec protocol is used to encrypt the data payload?

A. ESP
B. IKE
C. AH
D. TCP
Answer: A

7.Which two IKE Phase 1 configuration options must match on both peers to
successfully establish a tunnel? (Choose two.)

m
A. VPN name

xa
E
B. gateway interfaces

31
C. IKE mode

2
0-
JN
D. Diffie-Hellman group

s
Answer: C,D

as
P
o
T
y
as

8.Click the Exhibit button.

E
te
ui
-Q
m
xa
E
e
ic
ct
ra
P
1
23
0-
JN
ew
N
22
20
 m
xa
E
31
2
0-
JN
s
as
P
o
T
y
as
E
te
ui
-Q
m
xa
E
e
ic
ct
ra
P
1
23
0-

You are asked to allow only ping and SSH access to the security policies shown in
JN

the exhibit.
ew

Which statement will accomplish this task?

N
22

A. Rename policy Rule-2 to policy Rule-0.

20

B. Insert policy Rule-2 before policy Rule-1.

C. Replace application any with application [junos-ping junos-ssh] in policy Rule-1.
D. Rename policy Rule-1 to policy Rule-3.
Answer: B

9.Which two UTM features should be used for tracking productivity and corporate
user behavior? (Choose two.)
A. the content filtering UTM feature
B. the antivirus UTM feature
C. the Web filtering UTM feature
D. the antispam UTM feature
Answer: A,C

10.Which two IPsec hashing algorithms are supported on an SRX Series device?
(Choose two.)
A. SHA-1
B. SHAKE128
C. MD5
D. RIPEMD-256
Answer: A,C

m
xa
E
11.Which statement about NAT is correct?

31
A. Destination NAT takes precedence over static NAT.

2
0-
JN
B. Source NAT is processed before security policy lookup.

s
C. Static NAT is processed after forwarding lookup.

as
P
D. Static NAT takes precedence over destination NAT.
o
T
Answer: D
y
as
E
te
ui
-Q

12.You want to provide remote access to an internal development environment for 10

m

remote developers.
xa

Which two components are required to implement Juniper Secure Connect to satisfy
E
e
ic

this requirement? (Choose two.)

ct

A. an additional license for an SRX Series device

ra
P

B. Juniper Secure Connect client software

1
23

C. an SRX Series device with an SPC3 services card

0-
JN

D. Marvis virtual network assistant

ew

Answer: A,B
N
22
20

13.What is the correct order in which interface names should be identified?

A. system slot number C> interface media type C> port number C> line card slot
number
B. system slot number C> port number C> interface media type C> line card slot
number
C. interface media type C> system slot number C> line card slot number C> port
number
D. interface media type C> port number C> system slot number C> line card slot
number
Answer: C
14.You want to enable the minimum Juniper ATP services on a branch SRX Series
device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)
A. Install a basic Juniper ATP license on the branch device.
B. Configure the juniper-atp user account on the branch device.
C. Register for a Juniper ATP account on https://sky.junipersecurity.net.
D. Execute the Juniper ATP script on the branch device.
Answer: A,C

15.What must be enabled on an SRX Series device for the reporting engine to create

m
reports?

xa
E
A. packet capture

31
B. security logging

2
0-
JN
C. system logging

s
D. SNMP

as
P
Answer: B
o
T
y
as
E
te

16.Which two statements are correct about functional zones? (Choose two.)
ui
-Q

A. Functional zones must have a user-defined name.

m

B. Functional zone cannot be referenced in security policies or pass transit traffic.

xa

C. Multiple types of functional zones can be defined by the user.

E
e
ic

D. Functional zones are used for out-of-band device management.

ct

Answer: B,D
ra
P
1
23
0-
JN

17.What information does the show chassis routing-engine command provide?

ew

A. chassis serial number

N

B. resource utilization
22
20

C. system version
D. routing tables
Answer: B

18.Which three Web filtering deployment actions are supported by Junos? (Choose
three.)
A. Use IPS.
B. Use local lists.
C. Use remote lists.
D. Use Websense Redirect.
E. Use Juniper Enhanced Web Filtering.
Answer: B,D,E

19.Which two statements are correct about screens? (Choose two.)

A. Screens process inbound packets.
B. Screens are processed on the routing engine.
C. Screens process outbound packets.
D. Screens are processed on the flow module.
Answer: A,D

20.What are three Junos UTM features? (Choose three.)

m
A. screens

xa
E
B. antivirus

31
C. Web filtering

2
0-
JN
D. IDP/IPS

s
E. content filtering

as
P
Answer: B,C,E
o
T
y
as
E
te
ui
-Q
m
xa
E
e
ic
ct
ra
P
1
23
0-
JN
ew
N
22
20
Get full version of
JN0-231 Q&As