Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Security-Associate (JNCIA-SEC) Question and Answers

Security-Associate (JNCIA-SEC)

Last Update Jan 25, 2025
Total Questions : 105

We are offering FREE JN0-231 Juniper exam questions. All you do is to just go and sign up. Give your details, prepare JN0-231 free exam questions and then go for complete pool of Security-Associate (JNCIA-SEC) test questions that will help you more.

JN0-231 pdf

JN0-231 PDF

$36.75  $104.99
JN0-231 Engine

JN0-231 Testing Engine

$43.75  $124.99
JN0-231 PDF + Engine

JN0-231 PDF + Testing Engine

$57.75  $164.99
Questions 1

You are monitoring an SRX Series device that has the factory-default configuration applied.

In this scenario, where are log messages sent by default?

Options:

A.  

Junos Space Log Director

B.  

Junos Space Security Director

C.  

to a local syslog server on the management network

D.  

to a local log file named messages

Discussion 0
Questions 2

You want to provide remote access to an internal development environment for 10 remote developers.

Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

Options:

A.  

an additional license for an SRX Series device

B.  

Juniper Secure Connect client software

C.  

an SRX Series device with an SPC3 services card

D.  

Marvis virtual network assistant

Discussion 0
Questions 3

Which statement about service objects is correct?

Options:

A.  

All applications are predefined by Junos.

B.  

All applications are custom defined by the administrator.

C.  

All applications are either custom or Junos defined.

D.  

All applications in service objects are not available on the vSRX Series device.

Discussion 0
Questions 4

When configuring antispam, where do you apply any local lists that are configured?

Options:

A.  

custom objects

B.  

advanced security policy

C.  

antispam feature-profile

D.  

antispam UTM policy

Discussion 0
Questions 5

Which two features are included with UTM on an SRX Series device? (Choose two.)

Options:

A.  

antivirus

B.  

NAT

C.  

IDP

D.  

content filtering

Discussion 0
Questions 6

Click the Exhibit button.

You are asked to allow only ping and SSH access to the security policies shown in the exhibit.

Which statement will accomplish this task?

Options:

A.  

Rename policy Rule-2 to policy Rule-0.

B.  

Insert policy Rule-2 before policy Rule-1.

C.  

Replace application any with application [junos-ping junos-ssh] in policy Rule-1.

D.  

Rename policy Rule-1 to policy Rule-3.

Discussion 0
Questions 7

What does the number ‘’2’’ indicate in interface ge—0/1/2?

Options:

A.  

The interface logical number

B.  

The physical interface card (PIC)

C.  

The port number

D.  

The flexible PIC concentrator (FPC)

Discussion 0
Questions 8

Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

Options:

A.  

UDP traffic matched by the deny-all policy will be silently dropped.

B.  

TCP traffic matched by the reject-all policy will have a TCP RST sent.

C.  

TCP traffic matched from the zone trust is allowed by the permit-all policy.

D.  

UDP traffic matched by the reject-all policy will be silently dropped.

Discussion 0
Questions 9

Which two traffic types are considered exception traffic and require some form of special handling by the PFE? (Choose two.)

Options:

A.  

SSH sessions

B.  

ICMP reply messages

C.  

HTTP sessions

D.  

traceroute packets

Discussion 0
Questions 10

The UTM features are performed during which process of the SRX Series device's packet flow?

Options:

A.  

services

B.  

security policies

C.  

zones

D.  

screens

Discussion 0
Questions 11

Which two components are configured for host inbound traffic? (Choose two.)

Options:

A.  

zone

B.  

logical interface

C.  

physical interface

D.  

routing instance

Discussion 0
Questions 12

Which statement is correct about Junos security policies?

Options:

A.  

Security policies enforce rules that should be applied to traffic transiting an SRX Series device.

B.  

Security policies determine which users are allowed to access an SRX Series device.

C.  

Security policies control the flow of internal traffic within an SRX Series device.

D.  

Security policies identity groups of users that have access to different features on an SRX Series device.

Discussion 0
Questions 13

You want to block executable files ("exe) from being downloaded onto your network.

Which UTM feature would you use in this scenario?

Options:

A.  

IPS

B.  

Web filtering

C.  

content filtering

D.  

antivirus

Discussion 0
Questions 14

You are deploying an SRX Series firewall with multiple NAT scenarios.

In this situation, which NAT scenario takes priority?

Options:

A.  

interface NAT

B.  

source NAT

C.  

static NAT

D.  

destination NAT

Discussion 0
Questions 15

You must monitor security policies on SRX Series devices dispersed throughout locations in your organization using a 'single pane of glass' cloud-based solution.

Which solution satisfies the requirement?

Options:

A.  

Juniper Sky Enterprise

B.  

J-Web

C.  

Junos Secure Connect

D.  

Junos Space

Discussion 0
Questions 16

You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are allocated a single public IP address.

In this scenario, which two NAT elements should you configure? (Choose two.)

Options:

A.  

destination NAT

B.  

NAT pool

C.  

source NAT

D.  

static NAT

Discussion 0
Questions 17

Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)

Options:

A.  

Windows 7

B.  

Android

C.  

Windows 10

D.  

Linux

E.  

macOS

Discussion 0
Questions 18

You want to verify the peer before IPsec tunnel establishment.

What would be used as a final check in this scenario?

Options:

A.  

traffic selector

B.  

perfect forward secrecy

C.  

st0 interfaces

D.  

proxy ID

Discussion 0
Questions 19

Which two statements are correct about the null zone on an SRX Series device? (Choose two.)

Options:

A.  

The null zone is created by default.

B.  

The null zone is a functional security zone.

C.  

Traffic sent or received by an interface in the null zone is discarded.

D.  

You must enable the null zone before you can place interfaces into it.

Discussion 0
Questions 20

Which two statements are correct about IPsec security associations? (Choose two.)

Options:

A.  

IPsec security associations are bidirectional.

B.  

IPsec security associations are unidirectional.

C.  

IPsec security associations are established during IKE Phase 1 negotiations.

D.  

IPsec security associations are established during IKE Phase 2 negotiations.

Discussion 0
Questions 21

What are two Juniper ATP Cloud feed analysis components? (Choose two.)

Options:

A.  

IDP signature feed

B.  

C&C cloud feed

C.  

infected host cloud feed

D.  

US CERT threat feed

Discussion 0
Questions 22

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the

Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.

Which two NAT types must be used to complete this project? (Choose two.)

Options:

A.  

static NAT

B.  

hairpin NAT

C.  

destination NAT

D.  

source NAT

Discussion 0
Questions 23

You want to deploy a NAT solution.

In this scenario, which solution would provide a static translation without PAT?

Options:

A.  

interface-based source NAT

B.  

pool-based NAT with address shifting

C.  

pool-based NAT with PAT

D.  

pool-based NAT without PAT

Discussion 0
Questions 24

Which statement is correct about unified security policies on an SRX Series device?

Options:

A.  

A zone-based policy is always evaluated first.

B.  

The most restrictive policy is applied regardless of the policy level.

C.  

A global policy is always evaluated first.

D.  

The first policy rule is applied regardless of the policy level.

Discussion 0
Questions 25

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)

Options:

A.  

The DMZ routing-instance is the source.

B.  

The 10.10.102.10 IP address is the source.

C.  

The 10.10.102.10 IP address is the destination.

D.  

The DMZ routing-instance is the destination.

Discussion 0
Questions 26

What is the number of concurrent Secure Connect user licenses that an SRX Series device has by default?

Options:

A.  

3

B.  

4

C.  

2

D.  

5

Discussion 0
Questions 27

A security zone is configured with the source IP address 192.168.0.12/255.255.0.255 wildcard match.

In this scenario, which two IP packets will match the criteria? (Choose two.)

Options:

A.  

192.168.1.21

B.  

192.168.0.1

C.  

192.168.1.12

D.  

192.168.22.12

Discussion 0
Questions 28

When operating in packet mode, which two services are available on the SRX Series device? (Choose two.)

Options:

A.  

MPLS

B.  

UTM

C.  

CoS

D.  

IDP

Discussion 0
Questions 29

What is the default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel?

Options:

A.  

20 seconds

B.  

5 seconds

C.  

10 seconds

D.  

40 seconds

Discussion 0
Questions 30

Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.

In this scenario, which security feature would you use to satisfy this request?

Options:

A.  

antivirus

B.  

Web filtering

C.  

content filtering

D.  

antispam

Discussion 0
Questions 31

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

Options:

A.  

firewall filters

B.  

UTM

C.  

Juniper ATP Cloud

D.  

IPS

Discussion 0