CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-231

Free JN0-231 Exam Braindumps (page: 4)

Page 3 of 26
PDF with 105 Questions

When configuring antispam, where do you apply any local lists that are configured?

  1. custom objects
  2. advanced security policy
  3. antispam feature-profile
  4. antispam UTM policy

Answer(s): A

Explanation:

user@host# set security utm custom-objects url-pattern url-pattern-name https://www.juniper.net/documentation/us/en/software/junos/utm/topics/topic-map/security- local-list-antispam-filtering.html



Screens on an SRX Series device protect against which two types of threats? (Choose two.)

  1. IP spoofing
  2. ICMP flooding
  3. zero-day outbreaks
  4. malicious e-mail attachments

Answer(s): A,B

Explanation:

ICMP flood

Use the ICMP flood IDS option to protect against ICMP flood attacks. An ICMP flood attack typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.

The threshold value defines the number of ICMP packets per second (pps) allowed to be send to the same destination address before the device rejects further ICMP packets.

IP spoofing

Use the IP address spoofing IDS option to prevent spoofing attacks. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.

https://www.juniper.net/documentation/us/en/software/junos/denial-of-service/topics/topic- map/security-introduction-to-adp.html



Which statement about global NAT address persistence is correct?

  1. The same IP address from a source NAT pool will be assigned for all sessions from a given host.
  2. The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
  3. The same IP address from a destination NAT pool will be assigned for all sessions for a given host.
  4. The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.

Answer(s): A

Explanation:

Use the persistent-nat feature to ensure that all requests from the same internal transport address are mapped to the same reflexive transport address (the public IP address and port created by the NAT device closest to the STUN server). The source NAT rule action can use a source NAT pool (with or without port translation) or an egress interface.



You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?

  1. Geo IP
  2. unified security policies
  3. IDP
  4. C&C feed

Answer(s): A

Explanation:

Juniper ATP Geo IP can help to accomplish this task by using geolocation services to determine the geographical location of IP addresses. As IP prefixes get allocated to the countries that you have specified, the Geo IP solution will automatically update the configured firewall policies to block any traffic that is coming from those specific countries.
This is a great solution for blocking specific countries - as it will allow for a more personalized and targeted approach to firewall policies - and thus, to increase the effectiveness of the solution at blocking potential malicious traffic.






Post your Comments and Discuss Juniper JN0-231 exam with other Community members:

JN0-231 Discussions & Posts