Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-231

Juniper JN0-231 Exam Questions
Security, Associate (JNCIA-SEC) (Page 9 )

Updated On: 17-Feb-2026
Page 4 of 22
PDF with 109 Questions

Which statement about global NAT address persistence is correct?

  1. The same IP address from a source NAT pool will be assigned for all sessions from a given host.
  2. The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
  3. The same IP address from a destination NAT pool will be assigned for all sessions for a given host.
  4. The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.

Answer(s): A

Explanation:

Use the persistent-nat feature to ensure that all requests from the same internal transport address are mapped to the same reflexive transport address (the public IP address and port created by the NAT device closest to the STUN server). The source NAT rule action can use a source NAT pool (with or without port translation) or an egress interface.



You are asked to configure your SRX Series device to block all traffic from certain countries. The solution must be automatically updated as IP prefixes become allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?

  1. Geo IP
  2. unified security policies
  3. IDP
  4. C&C feed

Answer(s): A

Explanation:

Juniper ATP Geo IP can help to accomplish this task by using geolocation services to determine the geographical location of IP addresses. As IP prefixes get allocated to the countries that you have specified, the Geo IP solution will automatically update the configured firewall policies to block any traffic that is coming from those specific countries.
This is a great solution for blocking specific countries - as it will allow for a more personalized and targeted approach to firewall policies - and thus, to increase the effectiveness of the solution at blocking potential malicious traffic.



Which two statements are correct about IKE security associations? (Choose two.)

  1. IKE security associations are established during IKE Phase 1 negotiations.
  2. IKE security associations are unidirectional.
  3. IKE security associations are established during IKE Phase 2 negotiations.
  4. IKE security associations are bidirectional.

Answer(s): A,D



You want to deploy a NAT solution.
In this scenario, which solution would provide a static translation without PAT?

  1. interface-based source NAT
  2. pool-based NAT with address shifting
  3. pool-based NAT with PAT
  4. pool-based NAT without PAT

Answer(s): B

Explanation:

Translation of the original source IP address to an IP address from a user-defined address pool by shifting the IP addresses. This type of translation is one-to-one, static, and without port address translation. If the original source IP address range is larger than the IP address range in the user- defined pool, untranslated packets are dropped.
https://www.juniper.net/documentation/us/en/software/junos/nat/topics/topic-map/nat-security- source-and-source-pool.html



Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

  1. firewall filters
  2. UTM
  3. Juniper ATP Cloud
  4. IPS

Answer(s): C

Explanation:

Malware Sandboxing
Detect and stop zero-day and commodity malware within web, email, data center, and application traffic targeted for Windows, Mac, and IoT devices.
https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html






Post your Comments and Discuss Juniper JN0-231 exam dumps with other Community members:

Join the JN0-231 Discussion