Online Access Free JN0-332 Practice Test

Exam Code:	JN0-332
Exam Name:	Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)
Certification Provider:	Juniper
Free Question Number:	490
Posted:	Dec 18, 2025

Rating

100%

Page: 1 / 98
Total 490 questions

Question 1

Which two statements about the use of SCREEN options are correct? (Choose two.)

A.Although SCREEN options are very useful, their use can result in more session creation.
B.SCREEN options examine traffic prior to policy processing, thereby resulting in fewer resources used for malicious packet processing.
C.SCREEN options are deployed at the ingress and egress sides of a packet flow.
D.SCREEN options offer protection against various attacks at the ingress zone of a packet flow.

Question 2

Referring to the exhibit, which two statements are correct about IPsec configuration? (choose two)

A.Protocol AH is used
B.IKE Phase 2 establishes immediately
C.IKE Phase 2 establishes when payload traffic flows
D.Protocol ESP is used

Question 3

In JUNOS Software, which three packet elements can be inspected to determine if a session already exists? (Choose three.)

A.source and destination IP address
B.IP time-to-live
C.source and destination TCP/UDP port
D.source and destination MAC address
E.IP protocol

Question 4

Which statement is true about implementing IP spoofing protection as a Junos Screen option?

A.It ensure that a route, active or not, to the source exists with the same egress zone as the ingress zone for the packet.
B.It ensures that the active route to the source has the same egress zone as the ingress zone for the packet
C.It ensures that the active route to the source has the same egress interface as the ingress interface for the packet.
D.It ensures that a route, active or not, to the source exists with the same egress interface as the ingress interface of the packet

Question 5

-- Exhibit --
[edit security nat]
user@host# show source
pool pool-one {
address {
68.183.13.0/24;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule pool-nat {
match {
source-address 10.10.10.1/24;
}
then {
source-nat {
pool {
pool-one;
}
}
}
}
rule no-nat {
match {
destination-address 192.150.2.140/32;
}
then {
source-nat {
off;
}
}
}
}
-- Exhibit --
Click the Exhibit button.
You have implemented source NAT using a source pool for address translation. However, traffic destined for 192.150.2.140 should not have NAT applied to it. The configuration shown in the exhibit is not working correctly.
Which change is needed to correct this problem?

A.Insert no-nat before pool-nat.
B.Proxy ARP needs to be applied on the 192.150.2.140 address for the rule to function.
C.The no-nat rule should be in a separate rule-set.
D.Destination NAT should be used to exclude the traffic destined for 192.150.2.140.

Latest Upload: 107WorldatWork.C1.v2025-12-19.q29; 110PRMIA.8020.v2025-12-19.q21; 123Nutanix.NCP-US-6.10.v2025-12-19.q40; 115Peoplecert.ITIL-4-BRM.v2025-12-18.q15; 113SAP.C_BW4H_2505.v2025-12-18.q58; 125Confluent.CCDAK.v2025-12-18.q106; 129GAQM.CBCP-002.v2025-12-17.q28; 120ServiceNow.CIS-Discovery.v2025-12-17.q125; 141PECB.NIS-2-Directive-Lead-Implementer.v2025-12-16.q29; 143SAP.C_C4H32_2411.v2025-12-16.q51