JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.

com/exams/juniper/jn0-231/custom-view/

- Expert Veri+ed, Online, Free.

 Custom View Settings

Topic 1 - Exam A

Question #1 Topic 1

Which two criteria should a zone-based security policy include? (Choose two.)

A. a source port

B. a destination port

C. zone context

D. an action

Correct Answer: BD

Community vote distribution

Question #2 Topic 1

You are assigned a project to con+gure SRX Series devices to allow connections to your webservers. The webservers have a private IP address,
and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update
servers on the Internet using the same IP address as customers use to access them.
Which two NAT types must be used to complete this project? (Choose two.)

A. static NAT

B. hairpin NAT

C. destination NAT

D. source NAT

Correct Answer: CD

1 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #3 Topic 1

You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?

A. user@srx> show system license

B. user@srx> show services accounting

C. user@srx> show con+guration system

D. user@srx> show chassis +rmware

Correct Answer: A

Question #4 Topic 1

Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

A. [edit security policies from-zone trust to-zone dmz]

B. [edit]
user@vSRX-1#

C. [edit security policies]

D. user@vSRX-1>

Correct Answer: B

Question #5 Topic 1

You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)

A. Install a basic Juniper ATP license on the branch device.

B. Con+gure the juniper-atp user account on the branch device.

C. Register for a Juniper ATP account on https://sky.junipersecurity.net.

D. Execute the Juniper ATP script on the branch device.

Correct Answer: AC

2 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #6 Topic 1

SRX Series devices have a maximum of how many rollback con+gurations?

A. 40

B. 60

C. 50

D. 10

Correct Answer: C

Question #7 Topic 1

Uni+ed threat management (UTM) inspects tragc from which three protocols? (Choose three.)

A. FTP

B. SMTP

C. SNMP

D. HTTP

E. SSH

Correct Answer: ACD

Question #8 Topic 1

When are Uni+ed Threat Management services performed in a packet kow?

A. before security policies are evaluated

B. as the packet enters an SRX Series device

C. only during the +rst path process

D. after network address translation

Correct Answer: D

Question #9 Topic 1

When con+guring antispam, where do you apply any local lists that are con+gured?

A. custom objects

B. advanced security policy

C. antispam feature-pro+le

D. antispam UTM policy

Correct Answer: B

3 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #10 Topic 1

Screens on an SRX Series device protect against which two types of threats? (Choose two.)

A. IP spoo+ng

B. ICMP kooding

C. zero-day outbreaks

D. malicious e-mail attachments

Correct Answer: AB

Question #11 Topic 1

Which statement about global NAT address persistence is correct?

A. The same IP address from a source NAT pool will be assigned for all sessions from a given host.

B. The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.

C. The same IP address from a destination NAT pool will be assigned for all sessions for a given host.

D. The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.

Correct Answer: A

Question #12 Topic 1

You are asked to con+gure your SRX Series device to block all tragc from certain countries. The solution must be automatically updated as IP
pre+xes become allocated to those certain countries.
Which Juniper ATP solution will accomplish this task?

A. Geo IP

B. uni+ed security policies

C. IDP

D. C&C feed

Correct Answer: A

Question #13 Topic 1

Which two statements are correct about IKE security associations? (Choose two.)

A. IKE security associations are established during IKE Phase 1 negotiations.

B. IKE security associations are unidirectional.

C. IKE security associations are established during IKE Phase 2 negotiations.

D. IKE security associations are bidirectional.

Correct Answer: AD

4 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #14 Topic 1

You want to deploy a NAT solution.

A. interface-based source NAT

B. pool-based NAT with address shifting

C. pool-based NAT with PAT

D. pool-based NAT without PAT

Correct Answer: D

Question #15 Topic 1

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

A. +rewall +lters

B. UTM

C. Juniper ATP Cloud

D. IPS

Correct Answer: C

Question #16 Topic 1

You are con+guring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP
addresses.
Which NAT con+guration is appropriate in this scenario?

A. source NAT with PAT

B. destination NAT

C. NAT-T

D. static NAT

Correct Answer: D

5 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #17 Topic 1

You want to provide remote access to an internal development environment for 10 remote developers.
Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

A. an additional license for an SRX Series device

B. Juniper Secure Connect client software

C. an SRX Series device with an SPC3 services card

D. Marvis virtual network assistant

Correct Answer: AB

Question #18 Topic 1

You are deploying an SRX Series +rewall with multiple NAT scenarios.
In this situation, which NAT scenario takes priority?

A. interface NAT

B. source NAT

C. static NAT

D. destination NAT

Correct Answer: C

Question #19 Topic 1

Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You con+gure destination NAT to
your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server.
In this scenario, which two con+guration features need to be added? (Choose two.)

A. +rewall +lter

B. security policy

C. proxy-ARP

D. UTM policy

Correct Answer: BC

6 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #20 Topic 1

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)

A. The DMZ routing-instance is the source.

B. The 10.10.102.10 IP address is the source.

C. The 10.10.102.10 IP address is the destination.

D. The DMZ routing-instance is the destination.

Correct Answer: AC

Question #21 Topic 1

Which IPsec protocol is used to encrypt the data payload?

A. ESP

B. IKE

C. AH

D. TCP

Correct Answer: A

Question #22 Topic 1

What are three primary match criteria used in a Junos security policy? (Choose three.)

A. application

B. source address

C. source port

D. class

E. destination address

Correct Answer: ABE

7 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #23 Topic 1

You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are
allocated a single public IP address.
In this scenario, which two NAT elements should you con+gure? (Choose two.)

A. destination NAT

B. NAT pool

C. source NAT

D. static NAT

Correct Answer: AD

Question #24 Topic 1

Which three Web +ltering deployment actions are supported by Junos? (Choose three.)

A. Use IPS.

B. Use local lists.

C. Use remote lists.

D. Use Websense Redirect.

E. Use Juniper Enhanced Web Filtering.

Correct Answer: BDE

Question #25 Topic 1

Which two IPsec hashing algorithms are supported on an SRX Series device? (Choose two.)

A. SHA-1

B. SHAKE128

C. MD5

D. RIPEMD-256

Correct Answer: AC

8 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #26 Topic 1

Click the Exhibit button.

What is the purpose of the host-inbound-tragc con+guration shown in the exhibit?

A. to permit host inbound HTTP tragc and deny all other tragc on the internal security zone

B. to deny and log all host inbound tragc on the internal security zone, except for HTTP tragc

C. to permit all host inbound tragc on the internal security zone, but deny HTTP tragc

D. to permit host inbound HTTP tragc on the internal security zone

Correct Answer: C

Question #27 Topic 1

When operating in packet mode, which two services are available on the SRX Series device? (Choose two.)

A. MPLS

B. UTM

C. CoS

D. IDP

Correct Answer: AC

Question #28 Topic 1

Which two statements are correct about the default behavior on SRX Series devices? (Choose two.)

A. The SRX Series device is in kow mode.

B. The SRX Series device supports stateless +rewalls +lters.

C. The SRX Series device is in packet mode.

D. The SRX Series device does not support stateless +rewall +lters.

Correct Answer: AB

9 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #29 Topic 1

Which two statements are correct about functional zones? (Choose two.)

A. Functional zones must have a user-de+ned name.

B. Functional zone cannot be referenced in security policies or pass transit tragc.

C. Multiple types of functional zones can be de+ned by the user.

D. Functional zones are used for out-of-band device management.

Correct Answer: BD

Question #30 Topic 1

What must be enabled on an SRX Series device for the reporting engine to create reports?

A. packet capture

B. security logging

C. system logging

D. SNMP

Correct Answer: B

Question #31 Topic 1

You are assigned a project to con+gure SRX Series devices to allow connections to your webservers. The webservers have a private IP address,
and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the
Internet and communication with update servers.
Which NAT type must be used to complete this project?

A. source NAT

B. destination NAT

C. static NAT

D. hairpin NAT

Correct Answer: B

Question #32 Topic 1

Which two user authentication methods are supported when using a Juniper Secure Connect VPN? (Choose two.)

A. certi+cate-based

B. multi-factor authentication

C. local authentication

D. active directory

Correct Answer: AC

10 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #33 Topic 1

Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

A. UDP tragc matched by the deny-all policy will be silently dropped.

B. TCP tragc matched by the reject-all policy will have a TCP RST sent.

C. TCP tragc matched from the zone trust is allowed by the permit-all policy.

D. UDP tragc matched by the reject-all policy will be silently dropped.

Correct Answer: AB

Question #34 Topic 1

You are monitoring an SRX Series device that has the factory-default con+guration applied.
In this scenario, where are log messages sent by default?

A. Junos Space Log Director

B. Junos Space Security Director

C. to a local syslog server on the management network

D. to a local log +le named messages

Correct Answer: C

11 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #35 Topic 1

When transit tragc matches a security policy, which three actions are available? (Choose three.)

A. Allow

B. Discard

C. Deny

D. Reject

E. Permit

Correct Answer: CDE

Question #36 Topic 1

Which two services does Juniper Connected Security provide? (Choose two.)

A. protection against zero-day threats

B. IPsec VPNs

C. Layer 2 VPN tunnels

D. inline malware blocking

Correct Answer: AD

Question #37 Topic 1

You are creating Ipsec connections.

A. Proxy IDs are used to con+gure tragc selectors.

B. Proxy IDs are optional for Phase 2 session establishment.

C. Proxy IDs must match for Phase 2 session establishment.

D. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs.

Correct Answer: AB

Question #38 Topic 1

Which two components are con+gured for host inbound tragc? (Choose two.)

A. zone

B. logical interface

C. physical interface

D. routing instance

Correct Answer: AB

12 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #39 Topic 1

Which two security features inspect tragc at Layer 7? (Choose two.)

A. IPS/IDP

B. security zones

C. application +rewall

D. integrated user +rewall

Correct Answer: AC

Question #40 Topic 1

Which two UTM features should be used for tracking productivity and corporate user behavior? (Choose two.)

A. the content +ltering UTM feature

B. the antivirus UTM feature

C. the Web +ltering UTM feature

D. the antispam UTM feature

Correct Answer: AC

Question #41 Topic 1

What is the order in which malware is detected and analyzed?

A. antivirus scanning –> cache lookup –> dynamic analysis –> static analysis

B. cache lookup –> antivirus scanning –> static analysis –> dynamic analysis

C. antivirus scanning –> cache lookup –> static analysis –> dynamic analysis

D. cache lookup –> static analysis –> dynamic analysis –> antivirus scanning

Correct Answer: B

Question #42 Topic 1

What are two valid address books? (Choose two.)

A. 66.129.239.128/25

B. 66.129.239.154/24

C. 66.129.239.0/24

D. 66.129.239.50/25

Correct Answer: BD

13 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #43 Topic 1

What is the order of the +rst path packet processing when a packet enters a device?

A. security policies –> screens –> zones

B. screens –> security policies –> zones

C. screens –> zones –> security policies

D. security policies –> zones –> screens

Correct Answer: C

Question #44 Topic 1

Which two components are part of a security zone? (Choose two.)

A. inet.0

B. fxp0

C. address book

D. ge-0/0/0.0

Correct Answer: BD

Question #45 Topic 1

Which statement is correct about packet mode processing?

A. Packet mode enables session-based processing of incoming packets.

B. Packet mode works with NAT, VPNs, UTM, IDP, and other advanced security services.

C. Packet mode bypasses the kow module.

D. Packet mode is the basis for stateful processing.

Correct Answer: C

Question #46 Topic 1

Which two tragc types are considered exception tragc and require some form of special handling by the PFE? (Choose two.)

A. SSH sessions

B. ICMP reply messages

C. HTTP sessions

D. traceroute packets

Correct Answer: BD

14 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #47 Topic 1

What is the correct order in which interface names should be identi+ed?

A. system slot number –> interface media type –> port number –> line card slot number

B. system slot number –> port number –> interface media type –> line card slot number

C. interface media type –> system slot number –> line card slot number –> port number

D. interface media type –> port number –> system slot number –> line card slot number

Correct Answer: C

Question #48 Topic 1

What are two characteristics of a null zone? (Choose two.)

A. The null zone is con+gured by the super user.

B. By default, all unassigned interfaces are placed in the null zone.

C. All ingress and egress tragc on an interface in a null zone is permitted.

D. When an interface is deleted from a zone, it is assigned back to the null zone.

Correct Answer: BD

Question #49 Topic 1

Which two statements are correct about screens? (Choose two.)

A. Screens process inbound packets.

B. Screens are processed on the routing engine.

C. Screens process outbound packets.

D. Screens are processed on the kow module.

Correct Answer: AD

Question #50 Topic 1

Which statement about NAT is correct?

A. Destination NAT takes precedence over static NAT.

B. Source NAT is processed before security policy lookup.

C. Static NAT is processed after forwarding lookup.

D. Static NAT takes precedence over destination NAT.

Correct Answer: D

15 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #51 Topic 1

Which statement is correct about global security policies on SRX Series devices?

A. The to-zone any command con+gures a global policy.

B. The from-zone any command con+gures a global policy.

C. Global policies are always evaluated +rst.

D. Global policies can include zone context.

Correct Answer: D

Question #52 Topic 1

What information does the show chassis routing-engine command provide?

A. chassis serial number

B. resource utilization

C. system version

D. routing tables

Correct Answer: B

Question #53 Topic 1

Corporate security requests that you implement a policy to block all POP3 tragc from traversing the Internet +rewall.
In this scenario, which security feature would you use to satisfy this request?

A. antivirus

B. Web +ltering

C. content +ltering

D. antispam

Correct Answer: C

Question #54 Topic 1

Which statement is correct about uni+ed security policies on an SRX Series device?

A. A zone-based policy is always evaluated +rst.

B. The most restrictive policy is applied regardless of the policy level.

C. A global policy is always evaluated +rst.

D. The +rst policy rule is applied regardless of the policy level.

Correct Answer: A

16 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #55 Topic 1

Click the Exhibit button.

You are asked to allow only ping and SSH access to the security policies shown in the exhibit.
Which statement will accomplish this task?

A. Rename policy Rule-2 to policy Rule-0.

B. Insert policy Rule-2 before policy Rule-1.

C. Replace application any with application [junos-ping junos-ssh] in policy Rule-1.

D. Rename policy Rule-1 to policy Rule-3.

Correct Answer: B

Question #56 Topic 1

What are two features of the Juniper ATP Cloud service? (Choose two.)

A. sandbox

B. malware detection

C. EX Series device integration

D. honeypot

Correct Answer: AB

17 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #57 Topic 1

You want to prevent other users from modifying or discarding your changes while you are also editing the con+guration +le.
In this scenario, which command would accomplish this task?

A. con+gure master

B. cli privileged

C. con+gure exclusive

D. con+gure

Correct Answer: C

Question #58 Topic 1

Which order is correct for Junos security devices that examine policies for transit tragc?

A. 1. zone policies
2. global policies
3. default policies

B. 1. default policies
2. zone policies
3. global policies

C. 1. default policies
2. global policies
3. zone policies

D. 1. global policies
2. zone policies
3. default policies

Correct Answer: A

Question #59 Topic 1

What is an IP addressing requirement for an IPsec VPN using main mode?

A. One peer must have dynamic IP addressing.

B. One peer must have static IP addressing.

C. Both peers must have dynamic IP addresses.

D. Both peers must have static IP addressing.

Correct Answer: D

18 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #60 Topic 1

What does the number “2” indicate in interface ge-0/1/2?

A. the physical interface card (PIC)

B. the kexible PIC concentrator (FPC)

C. the interface logical number

D. the port number

Correct Answer: D

Question #61 Topic 1

Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?

A. infected host cloud feed

B. Geo IP feed

C. C&C cloud feed

D. blocklist feed

Correct Answer: A

Question #62 Topic 1

Which two IKE Phase 1 con+guration options must match on both peers to successfully establish a tunnel? (Choose two.)

A. VPN name

B. gateway interfaces

C. IKE mode

D. Dige-Hellman group

Correct Answer: CD

Question #63 Topic 1

What are three Junos UTM features? (Choose three.)

A. screens

B. antivirus

C. Web +ltering

D. IDP/IPS

E. content +ltering

Correct Answer: BCE

19 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #64 Topic 1

You are investigating a communication problem between two hosts and have opened a session on the SRX Series device closest to one of the
hosts and entered the show security kow session command.
What information will this command provide? (Choose two.)

A. The total active time of the session.

B. The end-to-end data path that the packets are taking.

C. The IP address of the host that initiates the session.

D. The security policy name that is controlling the session.

Correct Answer: CD

Question #65 Topic 1

A security zone is con+gured with the source IP address 192.168.0.12/255.255.0.255 wildcard match.
In this scenario, which two IP packets will match the criteria? (Choose two.)

A. 192.168.1.21

B. 192.168.0.1

C. 192.168.1.12

D. 192.168.22.12

Correct Answer: CD -

Question #66 Topic 1

Which statement about service objects is correct?

A. All applications are prede+ned by Junos.

B. All applications are custom de+ned by the administrator.

C. All applications are either custom or Junos de+ned.

D. All applications in service objects are not available on the vSRX Series device.

Correct Answer: C

20 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #67 Topic 1

You want to block executable +les (*.exe) from being downloaded onto your network.

Which UTM feature would you use in this scenario?

A. IPS

B. Web +ltering

C. content +ltering

D. antivirus

Correct Answer: B

Question #68 Topic 1

What are two Juniper ATP Cloud feed analysis components? (Choose two.)

A. IDP signature feed

B. C&C cloud feed

C. infected host cloud feed

D. US CERT threat feed

Correct Answer: B

Question #69 Topic 1

Which two statements are correct about global policies? (Choose two.)

A. Global policies are evaluated after default policies.

B. Global policies do not have to reference zone context.

C. Global policies are evaluated before default policies.

D. Global policies must reference zone contexts.

Correct Answer: BC

Question #70 Topic 1

Which statement is correct about Web +ltering?

A. The Juniper Enhanced Web Filtering solution requires a locally managed server.

B. The decision to permit or deny is based on the body content of an HTTP packet.

C. The decision to permit or deny is based on the category to which a URL belongs.

D. The client can receive an e-mail noti+cation when tragc is blocked.

Correct Answer: C

21 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #71 Topic 1

You have con+gured a UTM feature pro+le.

Which two additional con+guration steps are required for your UTM feature pro+le to take effect? (Choose two.)

A. Associate the UTM policy with an address book.

B. Associate the UTM policy with a +rewall +lter.

C. Associate the UTM policy with a security policy.

D. Associate the UTM feature pro+le with a UTM policy.

Correct Answer: CD

Question #72 Topic 1

You want to verify the peer before IPsec tunnel establishment.

What would be used as a +nal check in this scenario?

A. tragc selector

B. perfect forward secrecy

C. st0 interfaces

D. proxy ID

Correct Answer: D

Question #73 Topic 1

Which feature would you use to protect clients connected to an SRX Series device from a SYN kood attack?

A. security policy

B. host inbound tragc

C. application layer gateway

D. screen option

Correct Answer: D

22 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #74 Topic 1

What is the default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel?

A. 20 seconds

B. 5 seconds

C. 10 seconds

D. 40 seconds

Correct Answer: C

Question #75 Topic 1

What is the main purpose of using screens on an SRX Series device?

A. to provide multiple ports for accessing security zones

B. to provide an alternative interface into the CLI

C. to provide protection against common DoS attacks

D. to provide information about tragc patterns traversing the network

Correct Answer: C

Question #76 Topic 1

What are two functions of Juniper ATP Cloud? (Choose two.)

A. malware inspection

B. Web content +ltering

C. DDoS protection

D. Geo IP feeds

Correct Answer: AD

Question #77 Topic 1

Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)

A. Windows 7

B. Android

C. Windows 10

D. Linux

E. macOS

Correct Answer: BCE

23 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #78 Topic 1

You want to implement user-based enforcement of security policies without the requirement of certi+cates and supplicant software.

Which security feature should you implement in this scenario?

A. integrated user +rewall

B. screens

C. 802.1X

D. Juniper ATP

Correct Answer: B

Question #79 Topic 1

Which statement is correct about static NAT?

A. Static NAT supports port translation.

B. Static NAT rules are evaluated after source NAT rules.

C. Static NAT implements unidirectional one-to-one mappings.

D. Static NAT implements unidirectional one-to-many mappings.

Correct Answer: C

Question #80 Topic 1

In J-Web, the management and loopback address con+guration option allows you to con+gure which area?

A. the IP address of the primary Gigabit Ethernet port

B. the IP address of the Network Time Protocol server

C. the CIDR address

D. the IP address of the device management port

Correct Answer: C

24 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #81 Topic 1

You are installing a new SRX Series device and you are only provided one IP address from your ISP.

In this scenario, which NAT solution would you implement?

A. pool-based NAT with PAT

B. pool-based NAT with address shifting

C. interface-based source NAT

D. pool-based NAT without PAT

Correct Answer: C

Question #82 Topic 1

Which two statements are correct about IPsec security associations? (Choose two.)

A. IPsec security associations are bidirectional.

B. IPsec security associations are unidirectional.

C. IPsec security associations are established during IKE Phase 1 negotiations.

D. IPsec security associations are established during IKE Phase 2 negotiations.

Correct Answer: AC

Question #83 Topic 1

You must monitor security policies on SRX Series devices dispersed throughout locations in your organization using a “single pane of glass”
cloud-based solution.

Which solution satis+es the requirement?

A. Juniper Sky Enterprise

B. J-Web

C. Junos Secure Connect

D. Junos Space

Correct Answer: D

25 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #84 Topic 1

What is the number of concurrent Secure Connect user licenses that an SRX Series device has by default?

A. 3

B. 4

C. 2

D. 5

Correct Answer: C

Question #85 Topic 1

You need to collect the serial number of an SRX Series device to replace it.

Which command will accomplish this task?

A. show chassis hardware

B. show system information

C. show chassis +rmware

D. show chassis environment

Correct Answer: B

Question #86 Topic 1

Which statement is correct about Junos security policies?

A. Security policies enforce rules that should be applied to tragc transiting an SRX Series device.

B. Security policies determine which users are allowed to access an SRX Series device.

C. Security policies control the kow of internal tragc within an SRX Series device.

D. Security policies identify groups of users that have access to different features on an SRX Series device.

Correct Answer: A

Question #87 Topic 1

Which two statements about the Junos OS CLI are correct? (Choose two.)

A. The default con+guration requires you to log in as the admin user.

B. A factory-default login assigns the hostname Amnesiac to the device.

C. Most Juniper devices identify the root login prompt using the % character.

D. Most Juniper devices identify the root login prompt using the > character.

Correct Answer: BC

26 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #88 Topic 1

Which two statements about user-de+ned security zones are correct? (Choose two.)

A. Users cannot share security zones between routing instances.

B. Users can con+gure multiple security zones.

C. Users can share security zones between routing instances.

D. User-de+ned security zones do not apply to transit tragc.

Correct Answer: AB

Question #89 Topic 1

Which Web +ltering solution uses a direct Internet-based service for URL categorization?

A. Juniper ATP Cloud

B. Websense Redirect

C. Juniper Enhanced Web Filtering

D. local blocklist

Correct Answer: C

Question #90 Topic 1

Which two non-con+gurable zones exist by default on an SRX Series device? (Choose two.)

A. Junos-host

B. functional

C. null

D. management

Correct Answer: AC

Question #91 Topic 1

Which two statements are true about Juniper ATP Cloud? (Choose two.)

A. Juniper ATP Cloud is an on-premises ATP appliance.

B. Juniper ATP Cloud can be used to block and allow IPs.

C. Juniper ATP Cloud is a cloud-based ATP subscription.

D. Juniper ATP Cloud delivers intrusion protection services.

Correct Answer: BC

27 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #92 Topic 1

Which two addresses are valid address book entries? (Choose two.)

A. 173.145.5.21/255.255.255.0

B. 153.146.0.145/255.255.0.255

C. 203.150.108.10/24

D. 191.168.203.0/24

Correct Answer: BD

Question #93 Topic 1

An application +rewall processes the +rst packet in a session for which the application has not yet been identi+ed.

In this scenario, which action does the application +rewall take on the packet?

A. It allows the +rst packet.

B. It denies the +rst packet and sends an error message to the user.

C. It denies the +rst packet.

D. It holds the +rst packet until the application is identi+ed.

Correct Answer: D

Question #94 Topic 1

Your company is adding IP cameras to your facility to increase physical security. You are asked to help protect these IoT devices from becoming
zombies in a DDoS attack.

Which Juniper ATP feature should you con+gure to accomplish this task?

A. IPsec

B. static NAT

C. allowlists

D. C&C feeds

Correct Answer: D

28 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

Question #95 Topic 1

What are two logical properties of an interface? (Choose two.)

A. link mode

B. IP address

C. VLAN ID

D. link speed

Correct Answer: BC

Question #96 Topic 1

What is the default timeout value for TCP sessions on an SRX Series device?

A. 30 seconds

B. 60 minutes

C. 60 seconds

D. 30 minutes

Correct Answer: D

Question #97 Topic 1

29 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

30 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

31 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

32 of 33 07/10/2023, 07:24
JN0-231 Exam – Free Actual Q&As, Page 1 | ExamTopics https://www.examtopics.com/exams/juniper/jn0-231/custom-view/

33 of 33 07/10/2023, 07:24