Juniper JN0-231 Exam Practice Questions (P. 1)
- Full Access (109 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Which two criteria should a zone-based security policy include? (Choose two.)
- Aa source port
- Ba destination port
- Czone contextMost Voted
- Dan actionMost Voted
Correct Answer:
BD
BD

In zone-based security policies for Junos OS, it's crucial to specify the defined action (permit, deny, reject, etc.) on the matched traffic as well as clearly identifying the destination port which informs what service or application the policy applies to. The action dictates what happens when the criteria are met, providing essential control in traffic management across zones, while the destination port refines the scope of the policy to specific kinds of traffic, enhancing security granularity. Both elements are vital for precise and effective policy enforcement.
send
light_mode
delete
Question #2
You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)
Which two NAT types must be used to complete this project? (Choose two.)
- Astatic NAT
- Bhairpin NAT
- Cdestination NAT
- Dsource NAT
Correct Answer:
CD
CD

In the configuration of SRX Series devices for webserver connectivity, using Destination NAT is essential as it translates the public IP used by inbound traffic into the private IP of the webserver, enabling external access. Source NAT is equally important as it modifies the private IP of outgoing server traffic to a different public IP, ensuring it varies from the one used for inbound connections. This approach enhances security by segregating the paths of incoming and outgoing traffic, maintaining distinct IP addresses for each direction. This setup fulfills the requirement of preventing webservers from using the same IP for external communications as used by customers accessing the services.
send
light_mode
delete
Question #3
You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?
In this scenario, which command will provide you with the required information?
- Auser@srx> show system license
- Buser@srx> show services accounting
- Cuser@srx> show configuration system
- Duser@srx> show chassis firmware
Correct Answer:
A
A

The command "show system license" is spot on for checking whether a license, including AppSecure, is installed on an SRX device. This command outputs all licenses installed, thus confirming if the AppSecure module is active. Remember, details about specific feature licenses like AppSecure won’t pop up in system configuration or firmware details; licenses are checked directly through the licensing system.
send
light_mode
delete
Question #4
Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?
- A[edit security policies from-zone trust to-zone dmz]
user@vSRX-1# - B[edit]
user@vSRX-1# - C[edit security policies]
user@vSRX-1#Most Voted - Duser@vSRX-1>
Correct Answer:
B
B
send
light_mode
delete
Question #5
You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)
In this scenario, what are two requirements to accomplish this task? (Choose two.)
- AInstall a basic Juniper ATP license on the branch device.
- BConfigure the juniper-atp user account on the branch device.
- CRegister for a Juniper ATP account on https://sky.junipersecurity.net.Most Voted
- DExecute the Juniper ATP script on the branch device.Most Voted
Correct Answer:
AC
AC

To enable the minimum Juniper ATP services on a branch SRX device, the core steps include registering for a Juniper ATP account on their official site and installing a basic license on the device itself. These steps are crucial as they allow the device to communicate with the Juniper ATP cloud, enabling it to receive threat management services and updates. Notably, setting up a specific user account or executing scripts is not required for this initial setup. Instead, focus on securing the necessary license and ensuring the device is properly registered in the ATP system for effective threat management capabilities.
send
light_mode
delete
All Pages