Documente Academic
Documente Profesional
Documente Cultură
Question #:1
You configure and applied several global policies and some of the policies have overlapping match criteria.
Answer: A
Question #:2
Exhibit.
Which statement is correct regarding the interface configuration shown in the exhibit?
Answer: C
1 of 25
Juniper - JN0-230
Question #:3
The Sky ATP premium or basic-Threat Feed license is needed for which two features? (Choose two.)
A. Outbound protection
B. C&C feeds
C. Executable inspection
D. Custom feeds
Answer: B D
Question #:4
Answer: C
Question #:5
C. IPsec VPNs use security to secure traffic over a public network between two remote sites.
D. IPsec VPNs are dedicated physical connections between two private networks.
Answer: A C
Question #:6
Users on the network are restricted from accessing Facebook, however, a recent examination of the logs show
that users are accessing Facebook.
2 of 25
Juniper - JN0-230
Answer: D
Question #:7
You have created a zones-based security policy that permits traffic to a specific webserver for the marketing
team. Other groups in the company are not permitted to access the webserver. When marketing users attempt
to access the server they are unable to do so.
What are two reasons for this access failure? (Choose two.)
A. You failed to change the source zone to include any source zone.
B. You failed to position the policy after the policy that denies access to the webserver.
D. You failed to position the policy before the policy that denies access the webserver
Answer: C D
3 of 25
Juniper - JN0-230
Question #:8
Which two match conditions would be used in both static NAT and destination NAT rule sets? (Choose two.)
A. Destination zone
B. Destination address
C. Source interface
D. Source zone
Answer: B D
Question #:9
A. Global policies allow you to regulate traffic with addresses and applications, regardless of their security
zones.
Answer: A
Question #:10
Which action must be performed before the Web filtering UTM policy takes effect?
Answer: D
Question #:11
4 of 25
Juniper - JN0-230
BY default, revenue interface are placed into which system-defined security zone on an SRX series device?
A. Trust
B. Null
C. Junos-trust
D. untrust
Answer: D
Question #:12
A. The Shadow Policies workspace shows unused security policies due to policy overlap.
B. The Shadow Policies workspace shows unused IPS policies due to policy overlap.
C. The Shadow Policies workspace shows used security policies due to policy overlap
D. The Shadow Policies workspace shows used IPS policies due to policy overlap
Answer: A
Question #:13
5 of 25
Juniper - JN0-230
Answer: A
Question #:14
Your company uses SRX Series devices to secure the edge of the network. You are asked protect the company
from ransom ware attacks.
A. Sky ATP
B. AppSecure
6 of 25
Juniper - JN0-230
D. screens
Answer: A
Question #:15
Which type of security policy protect restricted services from running on non-standard ports?
A. Application firewall
B. IDP
C. Sky ATP
D. antivirus
Answer: B
Question #:16
Answer: C
Question #:17
A new SRX Series device has been delivered to your location. The device has the factory-default configuration
loaded. You have powered on the device and connected to the console port.
What would you use to log into the device to begin the initial configuration?
7 of 25
Juniper - JN0-230
Answer: B
Question #:18
Which two statements are true about UTM on an SRX340? (Choose two.)
Answer: B C
Question #:19
What must you do first to use the Monitor/Events workspace in the j-Web interface?
A. You must enable stream mode security logging on the SRX Series device
B. You must enable event mode security logging on the SRX Series device.
C. You must enable security logging that uses the SD-Syslog format.
D. You must enable security logging that uses the TLS transport mode.
Answer: B
Question #:20
A. When multiple NAT rules have overlapping match conditions, the rule listed first is chosen.
D. When multiple NAT rules have overlapping match conditions, the most specific rule is chosen.
Answer: A C
Question #:21
8 of 25
Juniper - JN0-230
Which two actions would be performed by the SRX Series device for e-mail that is identified as spam?
(Choose two.)
D. Quarantine e-mail
Answer: A C
Question #:22
You are concerned that unauthorized traffic is using non-standardized ports on your network.
A. Application firewall
B. Sky ATP
C. Firewall filters
D. Zone-based policies
Answer: A
Question #:23
What are two characteristic of static NAT SRX Series devices? (Choose two.)
A. Source and destination NAT rules take precedence over static NAT rules.
C. Static NAT rule take precedence over source and destination NAT rules.
D. Static rules cannot coexist with destination NAT rules on the same SRX Series device configuration.
Answer: B C
Question #:24
Exhibit.
9 of 25
Juniper - JN0-230
Answer: A D
Question #:25
You have configured antispam to allow e-mail from example.com, however the logs you see that
jcart@example.com is blocked
10 of 25
Juniper - JN0-230
Answer: B C
Question #:26
11 of 25
Juniper - JN0-230
Answer: C
Question #:27
Your company has been assigned one public IP address. You want to enable internet traffic to reach multiple
servers in your DMZ that are configured with private address.
In this scenario, which type of NAT would be used to accomplish this tasks?
A. Static NAT
B. Destination NAT
C. Source NAT
Answer: B
Question #:28
Which method do VPNs use to prevent outside parties from viewing packet in clear text?
A. Integrity
B. Authentication
C. Encryption
D. NAT_T
Answer: C
Question #:29
What should you configure if you want to translate private source IP addresses to a single public IP address?
A. Source NAT
B. Destination NAT
C. Content filtering
D. Security Director
Answer: A
12 of 25
Juniper - JN0-230
Question #:30
Which security object defines a source or destination IP address that is used for an employee Workstation?
A. Zone
B. Screen
D. scheduler
Answer: C
Question #:31
What is the correct order of processing when configuring NAT rules and security policies?
A. Policy lookup > source NAT > static NAT > destination NAT
B. Source NAT > static NAT > destination NAT > policy lookup
C. Static NAT > destination NAT> policy lookup > source NAT
Answer: C
Question #:32
A. Stateful
B. Stateless
C. NGFW
D. Dynamic enforcement
Answer: B
Question #:33
13 of 25
Juniper - JN0-230
Answer: C
Question #:34
Which two statements are true regarding zone-based security policies? (Choose two.)
Answer: A C
Question #:35
****Exhibit is Missing****
Answer: D
Question #:36
What are the valid actions for a source NAT rule in J-Web? (choose three.)
A. On
14 of 25
Juniper - JN0-230
B. Off
C. Pool
D. Source
E. interface
Answer: B C E
Explanation
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/nat-security-source-and-source-pool.html
Question #:37
Which UTM feature should you use to protect users from visiting certain blacklisted websites?
A. Content filtering
B. Web filtering
C. Antivirus
D. antispam
Answer: B
Question #:38
Which security feature is applied to traffic on an SRX Series device when the device is running on packet
mode?
A. Sky ATP
B. ALGs
C. Firewall filters
D. Unified policies
Answer: C
Question #:39
Users in your network are downloading files with file extensions that you consider to be unsafe for your
network. You must prevent files with specific file extensions from entering your network.
15 of 25
Juniper - JN0-230
Which UTM feature should be enable on an SRX Series device to accomplish this task?
A. Content filtering
B. Web filtering
C. Antispam
D. URL filtering
Answer: A
Question #:40
A. Screens
B. Zones
C. ALGs
D. NAT
Answer: B
Question #:41
Which two actions are performed on an incoming packet matching an existing session? (Choose two.)
A. Zone processing
D. Screens processing
Answer: C D
Question #:42
Which two statements are correct about using global-based policies over zone-based policies? (Choose two.)
A. With global-based policies, you do not need to specify a destination zone in the match criteria.
16 of 25
Juniper - JN0-230
B. With global-based policies,you do not need to specify a source zone in the match criteria.
C. With global-based policies,you do not need to specify a destination address in the match criteria.
D. With global-based policies,you do not need to specify a source address in the match criteria.
Answer: A B
Question #:43
Which two statements are true about the null zone? (Choose two.)
Answer: A B
Question #:44
You want to automatically generate the encryption and authentication keys during IPsec VPN establishment.
A. IPsec
B. Diffie_Hellman
C. Main mode
D. Aggregate mode
Answer: B
Question #:45
Which actions would be applied for the pre-ID default policy unified policies?
17 of 25
Juniper - JN0-230
Answer: C
Question #:46
Which two statements are true about security policy actions? (Choose two.)
A. The reject action drops the traffic and sends a message to the source device.
C. The deny action drops the traffic and sends a message to the source device.
Answer: A B
Question #:47
Which management software supports metadata-based security policies that are ideal for cloud deployments?
A. Security Director
B. J-Web
C. Network Director
D. Sky Enterprise
Answer: A
Question #:48
Which three actions would be performed on traffic traversing an IPsec VPN? (Choose three.)
A. Port forwarding
B. Authentication
C. Encryption
D. Deep inspection
E. Payload verification
Answer: B C E
18 of 25
Juniper - JN0-230
Question #:49
You want to generate reports from the J-Web on an SRX Series device.
A. Syslog
B. Stream
C. Event
D. local
Answer: B
Question #:50
Which two notifications are available when the antivirus engine detects and infected file? (Choose two.)
A. e-mail notifications
B. SNMP notifications
C. SMS notifications
D. Protocol-only notification
Answer: A D
Question #:51
You are designing a new security policy on an SRX Series device. You must block an application and log all
concurrence of the application access attempts.
In this scenario, which two actions must be enabled in the security policy? (Choose two.)
Answer: A D
19 of 25
Juniper - JN0-230
Question #:52
Host-inbound-traffic is configured on the DMZ zone and the ge-0/0/9.0 interface attached to that zone.
which two types of management traffic would be performed on the SRX Series device? (Choose two.)
A. HTTPS
B. SSH
C. Finger
D. HTTP
Answer: B D
Question #:53
Which two statements are correct about functional zones? (Choose two.)
A. A functional zone uses security policies to enforce rules for transit traffic.
B. Traffic received on the management interface in the functional zone cannot transit out other interface.
20 of 25
Juniper - JN0-230
Answer: B D
Question #:54
A. Policy
B. Zones
C. Services
D. Screen options
Answer: C
Question #:55
Users should not have access to Facebook, however, a recent examination of the logs security show that users
are accessing Facebook.
21 of 25
Juniper - JN0-230
A. Change the source address for the Block-Facebook-Access rule to the prefix of the users
Answer: B
Question #:56
Which two elements are needed on an SRX Series device to set up a remote syslog server? (Choose two.)
A. Data type
B. Data throughput
C. IP address
D. Data size
Answer: A C
Question #:57
Which two feature on the SRX Series device are common across all Junos devices? (Choose two.)
B. UTM services
D. screens
Answer: A C
Question #:58
B. Copy the operational script from the Sky ATP Web UI.
22 of 25
Juniper - JN0-230
D. Create the SSL VPN tunnel between the SRX Series device and Sky ATP.
Answer: C
Question #:59
What must you do first to use the Monitor/Alarms/Policy Log workspace in J-Web?
B. You must enable security logging that uses the TLS transport mode.
C. You must enable stream mode security logging on the SRX Series device.
D. You must enable event mode security logging on the SRX Series device.
Answer: D
Question #:60
You are configuring an IPsec VPN tunnel between two locations on your network. Each packet must be
encrypted and authenticated.
A. MD5
B. ESP
C. AH
D. SHA
Answer: B
Question #:61
Which two private cloud solution support vSRX devices? (Choose two.)
A. Microsoft Azure
D. VMware NSX
23 of 25
Juniper - JN0-230
E. Contrail Cloud
Answer: A B
Question #:62
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators
attempting to connect through a revenue port are not able to connect.
Answer: B
Question #:63
The free licensing model for Sky ATP includes which features? (Choose two.)
A. C&C feeds
Answer: B C
Question #:64
B. Sky ATP is used to automatically push out changes to the AppSecure suite.
C. Sky ATP only support sending threat feeds to vSRX Series devices
D. Sky ATP is a cloud-based security threat analyzer that performs multiple tasks
24 of 25
Juniper - JN0-230
Answer: D
Question #:65
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch
office-using a dynamic IP address?
Answer: B
25 of 25