Free JN0-231 Exam Braindumps

Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

1. A. [edit security policies from-zone trust to-zone dmz] user@vSRX-1#
2. B. [edit] user@vSRX-1#
3. C. [edit security policies] user@vSRX-1#
4. D. user@vSRX-1>

Correct Answer: A

Which two statements are correct about global policies? (Choose two.)

1. A. Global policies are evaluated after default policies.
2. B. Global policies do not have to reference zone context.
3. C. Global policies are evaluated before default policies.
4. D. Global policies must reference zone contexts.

Correct Answer: BC
Global policies are used to define rules for traffic that is not associated with any particular zone. This type of policy is evaluated first, before any rules related to specific zones are evaluated.
For more detailed information about global policies, refer to the Juniper Networks Security Policy Overview guide, which can be found at
https://www.juniper.net/documentation/en_US/junos/topics/reference/security-policy-overview.html. The guide provides an overview of the Juniper Networks security policy architecture, as well as detailed descriptions of the different types of policies and how they are evaluated.

What are two features of the Juniper ATP Cloud service? (Choose two.)

1. A. sandbox
2. B. malware detection
3. C. EX Series device integration
4. D. honeypot

Correct Answer: AB

Screens on an SRX Series device protect against which two types of threats? (Choose two.)

1. A. IP spoofing
2. B. ICMP flooding
3. C. zero-day outbreaks
4. D. malicious e-mail attachments

Correct Answer: AB
ICMP flood
Use the ICMP flood IDS option to protect against ICMP flood attacks. An ICMP flood attack typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.
The threshold value defines the number of ICMP packets per second (pps) allowed to be send to the same destination address before the device rejects further ICMP packets.
IP spoofing
Use the IP address spoofing IDS option to prevent spoofing attacks. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.
https://www.juniper.net/documentation/us/en/software/junos/denial-of-service/topics/topic-map/security-introdu

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the
Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)

1. A. static NAT
2. B. hairpin NAT
3. C. destination NAT
4. D. source NAT

Correct Answer: CD