Complete JN0-231 Juniper Materials

Security-Associate (JNCIA-SEC) Questions and Answers

Question 17

Exhibit.

Which two statements are correct referring to the output shown in the exhibit? (Choose two.)

Options:

FTP and ping access for the Trust-DMZ-Access policy is permitted.

FTP and ping access for the Trust-DMZ-Access policy is denied.

The SSH access for the Trust-DMZ-Block policy is permitted.

The SSH access for the Trust-DMZ-Block policy is denied.

Answer:

A, D

Explanation:

Understanding the Policies in the Exhibit:The exhibit displays two policies configured on the Juniper SRX device for traffic between the trust zone and the dmz zone.

Policy 1:

Name: Trust-DMZ-Access

State: Enabled

Source Address: Trust-Net

Destination Address: DMZ-Net

Applications: junos-ftp, junos-ping

Action: permit

Log: Enabled

Policy 2:

Name: Trust-DMZ-Block

State: Enabled

Source Address: Trust-Net

Destination Address: DMZ-Net

Applications: junos-ssh

Action: deny, log

Analysis of Each Option:

Option A:

The Trust-DMZ-Access policy explicitly permits traffic for the junos-ftp and junos-ping applications.

This is validated by the action permit in the policy configuration.

Correct.

Option B:

This is incorrect because the Trust-DMZ-Access policy permits FTP and ping traffic rather than denying it.

Incorrect.

Option C:

The Trust-DMZ-Block policy explicitly denies traffic for the junos-ssh application.

Therefore, SSH access is not permitted.

Incorrect.

Option D:

The Trust-DMZ-Block policy denies SSH traffic from the Trust-Net to the DMZ-Net.

This is validated by the action deny.

Correct.

Juniper Security References:

Security Policy Overview:Security policies in Junos OS are used to control and filter traffic between security zones. Each policy defines:

Source and destination zones

Source and destination addresses

Applications or services

Action: permit, deny

Logging options

Policy Action Details:

permit: Allows the specified traffic.

deny: Blocks the specified traffic.

Application Identification:

Juniper SRX uses predefined application identifiers (junos-ftp, junos-ping, junos-ssh) for traffic matching.

Policy Evaluation Order:Policies are evaluated in sequence by their index number or sequence number. In this exhibit:

Trust-DMZ-Access is evaluated first (Sequence number: 1).

Trust-DMZ-Block is evaluated next (Sequence number: 2).

Conclusion:Based on the exhibit, FTP and ping traffic is permitted under Trust-DMZ-Access, and SSH traffic is denied under Trust-DMZ-Block. The answers to the question are therefore:

A. Correct

D. Correct

Refer to the Juniper Security Policy Documentation for more details on configuring and managing policies.

Question 18

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the

Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.

Which two NAT types must be used to complete this project? (Choose two.)

Options:

static NAT

hairpin NAT

destination NAT

source NAT

Question 19

Which two security features inspect traffic at Layer 7? (Choose two.)

Options:

IPS/IDP

security zones

application firewall

integrated user firewall

Question 20

In J-Web. the management and loopback address configuration option allows you to configure which area?

Options:

the IP address of the primary Gigabit Ethernet port

the IP address of the Network Time Protocol server

the CIDR address

the IP address of the device management port

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Security-Associate (JNCIA-SEC) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce