Online Access Free JN0-332 Practice Test

Which two configuration elements are required for a policy-based VPN? (Choose two.)

• A.security policy referencing the IPsec VPN tunnel
• B.secure tunnel interface
• C.IKE gateway
• D.security policy to permit the IKE traffic

You have just added the policy deny-host-a to prevent traffic from Host A that was previously allowed by the policy permit-all. After committing the changes, you notice that all traffic, including traffic from Host A, is still allowed.
Which configuration statement will prevent traffic from Host A, while still allowing other hosts to send traffic?

• A.insert security policies from-zone trust to-zone untrust policy deny-host-a before policy permit-all
• B.delete security policies from-zone trust to-zone untrust policy permit-all
• C.activate security policies from-zone trust to-zone untrust policy deny-host-a
• D.deactivate security policies from-zone trust to-zone untrust policy permit-all

-- Exhibit - -- Exhibit -

Click the Exhibit button.
Server A is communicating with Server B directly over the Internet. The servers now must begin exchanging additional information through an unencrypted protocol. To protect this new data exchange, you want to establish a VPN tunnel between the two sites that will encrypt just the unencrypted data while leaving the existing communications directly over the Internet.
Which statement would achieve the desired results?

• A.Configure a policy-based VPN tunnel and use filter-based forwarding to direct the unencrypted traffic into interface st0.0.
• B.Configure a route-based VPN tunnel with traffic engineering to direct traffic into the VPN tunnel.
• C.Configure a route-based VPN and use filter-based forwarding to direct traffic into the VPN tunnel.
• D.Configure a policy-based VPN with a security policy that matches the unencrypted traffic and directs it into the VPN tunnel.

Which two firewall user authentication objects can be referenced in a security policy?
(Choose two.)

• A.access profile
• B.client
• C.default profile
• D.client group

Which three actions should be used when initially implementing Junos Screen options? (Choose three.)

• A.Deploy Junos Screen options only in vulnerable security zones.
• B.Deploy Junos Screen options only in functional zones.
• C.Use the alarm-without-drop option.
• D.Use the limit-session option.
• E.Understand the behavior of legitimate applications.