Get Real JN0-231 Quesions Pass Juniper Certification Exams Easily JN0-231 Dumps are Available for Instant Access NEW QUESTION # 43 Which IPsec protocol is used to encrypt the data payload? A. TCP B. IKE C. ESP D. AH Answer: C NEW QUESTION # 44 When configuring antispam, where do you apply any local lists that are configured? A. antispam feature-profile B. advanced security policy C. custom objects [...]

All Products Contact now

Get Real JN0-231 Quesions Pass Juniper Certification Exams Easily [Q43-Q64]

Share

Get Real JN0-231 Quesions Pass Juniper Certification Exams Easily

JN0-231 Dumps are Available for Instant Access

NEW QUESTION # 43
Which IPsec protocol is used to encrypt the data payload?

  • A. TCP
  • B. IKE
  • C. ESP
  • D. AH

Answer: C


NEW QUESTION # 44
When configuring antispam, where do you apply any local lists that are configured?

  • A. antispam feature-profile
  • B. advanced security policy
  • C. custom objects
  • D. antispam UTM policy

Answer: C

Explanation:
user@host# set security utm custom-objects url-pattern url-pattern-name https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security-local-list-antispam-filtering.html


NEW QUESTION # 45
What is the default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel?

  • A. 40 seconds
  • B. 5 seconds
  • C. 20 seconds
  • D. 10 seconds

Answer: B

Explanation:
The default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel is 5 seconds. DPD is a mechanism that enables the IPsec device to detect if the peer is still reachable or if the IPsec VPN tunnel is still active. The DPD interval determines how often the IPsec device sends DPD packets to the peer to check the status of the VPN tunnel. A value of 5 seconds is a common default, but the specific value can vary depending on the IPsec device and its configuration.
Reference:
Juniper Networks Technical Documentation: Configuring IPsec VPNs: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ipsec-vpn-overview-srx-series.html


NEW QUESTION # 46
Which two segments describes IPsec VPNs? (Choose two.)

  • A. IPsec VPN traffic is always authenticated.
  • B. IPsec VPN traffic is always encrypted.
  • C. IPsec VPNs use security to secure traffic over a public network between two remote sites.
  • D. IPsec VPNs are dedicated physical connections between two private networks.

Answer: A,C


NEW QUESTION # 47
Which two statements are true about security policy actions? (Choose two.)

  • A. The reject action drops the traffic and sends a message to the source device.
  • B. The deny action silently drop the traffic.
  • C. The deny action drops the traffic and sends a message to the source device.
  • D. The reject action silently drops the traffic.

Answer: A,B


NEW QUESTION # 48
Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.
In this scenario, which security feature would you use to satisfy this request?

  • A. antivirus
  • B. content filtering
  • C. Web filtering
  • D. antispam

Answer: B


NEW QUESTION # 49
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.
In this scenario, what must be configured to solve this problem?

  • A. A screen on the internal interface
  • B. A host-inbound-traffic setting on the incoming zone
  • C. An MTU value target than the default value
  • D. A security policy allowing SSH traffic.

Answer: B


NEW QUESTION # 50
What are two characteristic of static NAT SRX Series devices? (Choose two.)

  • A. Static rules cannot coexist with destination NAT rules on the same SRX Series device configuration.
  • B. A reverse mapping rule is automatically created for the source translation.
  • C. Source and destination NAT rules take precedence over static NAT rules.
  • D. Static NAT rule take precedence over source and destination NAT rules.

Answer: B,D


NEW QUESTION # 51
You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?

  • A. unified security policies
  • B. C&C feed
  • C. Geo IP
  • D. IDP

Answer: C


NEW QUESTION # 52
Which two UTM features should be used for tracking productivity and corporate user behavior? (Choose two.)

  • A. the Web filtering UTM feature
  • B. the antivirus UTM feature
  • C. the antispam UTM feature
  • D. the content filtering UTM feature

Answer: A,D


NEW QUESTION # 53
Which three Web filtering deployment actions are supported by Junos? (Choose three.)

  • A. Use IPS.
  • B. Use remote lists.
  • C. Use Websense Redirect.
  • D. Use local lists.
  • E. Use Juniper Enhanced Web Filtering.

Answer: C,D,E


NEW QUESTION # 54
What is the default timeout value for TCP sessions on an SRX Series device?

  • A. 60 seconds
  • B. 30 seconds
  • C. 30 minutes
  • D. 60 minutes

Answer: C

Explanation:
By default, TCP has a 30-minute idle timeout, and UDP has a 60-second idle timeout. Additionally, known IP protocols have a 30-minute timeout, whereas unknown ones have a 60-second timeout. Setting the inactivity timeout is very useful, particularly if you are concerned about applications either timing out or remaining idle for too long and filling up the session table. According to the Juniper SRX Series Services Guide, this can be configured using the 'timeout inactive' statement for the security policy.


NEW QUESTION # 55
Click the Exhibit button.

Which two user roles shown in the exhibit are available be defaults? (choose two)

  • A. Super-user
  • B. Operator
  • C. Jtac
  • D. Admin

Answer: A,B


NEW QUESTION # 56
Which two notifications are available when the antivirus engine detects and infected file? (Choose two.)

  • A. Protocol-only notification
  • B. e-mail notifications
  • C. SMS notifications
  • D. SNMP notifications

Answer: A,B


NEW QUESTION # 57
Which two statements about security policy processing on SRX series devices are true? (choose two)

  • A. Traffic matching a global policy cannot be processed against a firewall filter
  • B. Traffic matching a zone-based policy is not processed against global polices.
  • C. Zone-Based security policies are processed before global policies.
  • D. Zone-Based security policies are processed after global policies

Answer: C,D


NEW QUESTION # 58
You are concerned that unauthorized traffic is using non-standardized ports on your network.
In this scenario, which type of security feature should you implement?

  • A. Application firewall
  • B. Sky ATP
  • C. Zone-based policies
  • D. Firewall filters

Answer: A


NEW QUESTION # 59
Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

  • A. UTM
  • B. firewall filters
  • C. IPS
  • D. Juniper ATP Cloud

Answer: D

Explanation:
Malware Sandboxing
Detect and stop zero-day and commodity malware within web, email, data center, and application traffic targeted for Windows, Mac, and IoT devices. https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html


NEW QUESTION # 60
What must you do first to use the Monitor/Events workspace in the j-Web interface?

  • A. You must enable security logging that uses the SD-Syslog format.
  • B. You must enable stream mode security logging on the SRX Series device
  • C. You must enable event mode security logging on the SRX Series device.
  • D. You must enable security logging that uses the TLS transport mode.

Answer: C


NEW QUESTION # 61
When creating a site-to-site VPN using the J-Web shown in the exhibit, which statement is correct?

  • A. Privately routable IP addresses are required.
  • B. RIP, OSPF, and BGP are supported under Routing mode.
  • C. The remote gateway is configured automatically based on the local gateway settings.
  • D. The authentication method is pre-shared key or certificate based.

Answer: A


NEW QUESTION # 62
Your company has been assigned one public IP address. You want to enable internet traffic to reach multiple servers in your DMZ that are configured with private address.
In this scenario, which type of NAT would be used to accomplish this tasks?

  • A. NAT without PAT
  • B. Source NAT
  • C. Destination NAT
  • D. Static NAT

Answer: C


NEW QUESTION # 63
Which two elements are needed on an SRX Series device to set up a remote syslog server? (Choose two.)

  • A. Data type
  • B. IP address
  • C. Data throughput
  • D. Data size

Answer: A,B


NEW QUESTION # 64
......

Get Instant Access REAL JN0-231 DUMP Pass Your Exam Easily: https://www.guidetorrent.com/JN0-231-pdf-free-download.html

Practice with these JN0-231 dumps Certification Sample Questions: https://drive.google.com/open?id=1Ai4VrlK_sVpRgFp9wwQaKd_Kq-0q_OPx

Related Articles

more
Juniper JN0-231 Certification Practice Exam