Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Juniper JN0-330 Exam - Cheat-Test.com

Free JN0-330 Sample Questions:

Q: 1 Which three security concerns can be addressed by a tunnel mode IPSec VPN secured by AH? (Choose three.)
A. data integrity
B. data confidentiality
C. data authentication
D. outer IP header confidentiality
E. outer IP header authentication
Answer: A, C, E

Q: 2 Interface ge-0/0/2.0 of your router is attached to the Internet and is configured with an IP address and network mask of 71.33.252.17/24. A host with IP address 10.20.20.1 is running an HTTP service on TCP port 8080. This host is attached to the ge-0/0/0.0 interface of your router. You must use interface-based static NAT to make the HTTP service on the host reachable from
the Internet. On which IP address and TCP port can Internet hosts reach the HTTP service?
A. IP address 10.10.10.1 and TCP port 8080
B. IP address 71.33.252.17 and TCP port 80
C. IP address 71.33.251.19 and TCP port 80
D. IP address 71.33.252.19 and TCP port 8080
Answer: D

Q: 3 A traditional router is better suited than a firewall device for which function?
A. VPN establishment
B. packet-based forwarding
C. stateful packet processing
D. network address translation
Answer: B

Q: 4 You must configure a SCREEN option that would protect your router from a session table flood. Which configuration meets this requirement?
A. [edit security screen]
user@hostl# show
ids-option protectFromFlood {
icmp {
ip-sweep threshold 5000;
flood threshold 2000;
}
B. [edit security screen]
user@hostl# show
ids-option protectFromFlood {
tcp {
syn-flood {
attack-threshold 2000;
destination-threshold 2000;
}
C. [edit security screen]
user@hostl# show
ids-option protectFromFlood {
udp {
flood threshold 5000;
}
D. [edit security screen]
user@hostl# show
ids-option protectFromFlood {
limit-session {
source-ip-based 1200;
destination-ip-based 1200;
}
Answer: D

Q: 5 You are not able to telnet to the interface IP of your JUNOS software with enhanced services device from a PC on the same subnet. What is causing the problem?
A. Telnet is not being permitted by self policy.
B. Telnet is not being permitted by security policy.
C. Telnet is not allowed because it is not considered secure.
D. Telnet is not enabled as a host-inbound service on the zone.
Answer: D

Q: 6 In a JSRP cluster with two J6350 routers, the interface ge-7/0/0 belongs to which device?
A. This interface is a system-created interface.
B. This interface belongs to NODE0 of the cluster.
C. This interface belongs to NODE1 of the cluster.
D. This interface will not exist because J6350 routers have only six slots.
Answer: C

Q: 7 Users can define policy to control traffic flow between which two components? (Choose two.)
A. from a zone to the router itself
B. from a zone to the same zone
C. from a zone to a different zone
D. from one interface to another interface
Answer: B, C

Q: 8 Which parameters must you select when configuring operating system probes SCREEN options?
A. syn-fin, syn-flood, and tcp-no-frag
B. syn-fin, port-scan, and tcp-no-flag
C. syn-fin, fin-no-ack, and tcp-no-frag
D. syn-fin, syn-ack-ack-proxy, and tcp-no-frag
Answer: C

Q: 9 A route-based VPN is required for which scenario?
A. when the remote VPN peer is behind a NAT device
B. when multiple networks need to be reached across the tunnel
C. when the remote VPN peer is a dialup or remote access client
D. when a dynamic routing protocol such as OSPF is required across the VPN
Answer: D

Q: 10 On which three traffic types does firewall pass-through authentication work? (Choose three.)
A. ping
B. FTP
C. Telnet
D. HTTP
E. HTTPS
Answer: B, C, D

Q: 11 Which three parameters are configured in the IKE policy? (Choose three.)
A. mode
B. preshared key
C. external interface
D. security proposals
E. dead peer detection settings
Answer: A, B, D

Q: 12 Which two statements regarding asymmetric key encryption are true? (Choose two.)
A. The same key is used for encryption and decryption.
B. It is commonly used to create digital certificate signatures.
C. It uses two keys: one for encryption and a different key for decryption.
D. An attacker can decrypt data if the attacker captures the key used for encryption.
Answer: B, C

Q: 13 Which command allows you to view the router's current priority for VRRP group 100 on interface ge-0/0/1.0?
A. show vrrp
B. show vrrp group 100
C. show interfaces ge-0/0/1.0 vrrp group 100
D. show interfaces vrrp ge-0/0/1.0 group 100
Answer: A

Q: 14 Which statement is true about interface-based static NAT?
A. It also supports PAT.
B. It requires you to configure address entries in the junos-nat zone.
C. It requires you to configure address entries in the junos-global zone.
D. The IP addresses being translated must be in the same subnet as the incoming interface.
Answer: D

Q: 15 Which two are components of the enhanced services software architecture? (Choose two.)
A. Linux kernel
B. routing protocol daemon
C. session-based forwarding module
D. separate routing and security planes
Answer: B, C

Q: 16 Which two are characteristics of link-state routing protocols? (Choose two.)
A. Routers choose a best path for a destination based on the SPF algorithm.
B. All routers in a given area or level build a consistent database describing the network's topology.
C. Routers choose the best path for a destination based on the interface on which they received the link state advertisement with the lowest cost.
D. All routers in a given area or level forward link state advertisements between interfaces in the same area or level, adding their metric to the link state advertisement's cost information when they forward it.
Answer: A, B

Q: 17 Which two are components of the JUNOS software's routing policy? (Choose two.)
A. route-map
B. prefix-list
C. distribute-list
D. policy-statement
Answer: B, D

Q: 18 You want to enable SSH and Telnet access to the router's CLI. Under which configuration hierarchy would you enable these protocols?
A. [edit system cli]
B. [edit security cli]
C. [edit system services]
D. [edit security services]
Answer: C

Q: 19 You want to create a policy allowing traffic from any host in the Trust zone to
hostb.example.com (172.19.1.1) in the Untrust zone. How do you do create this policy?
A. Specify the IP address (172.19.1.1/32) as the destination address in the policy.
B. Specify the DNS entry (hostb.example.com.) as the destination address in the policy.
C. Create an address book entry in the Trust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
D. Create an address book entry in the Untrust zone for the 172.19.1.1/32 prefix and reference this entry in the policy.
Answer: D

Q: 20 In JUNOS software with enhanced services, which three packet elements are inspected to determine if a session already exists? (Choose three.)
A. IP protocol
B. IP time-to-live
C. source and destination IP address
D. source and destination MAC address
E. source and destination TCP/UDP port
Answer: A, C, E

Q: 21 Using a policy with the policy-rematch flag enabled, what happens to the existing and new sessions when you change the policy action from permit to deny?
A. The new sessions matching the policy are denied. The existing sessions are dropped.
B. The new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.
C. The new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.
D. The new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
Answer: A

Q: 22 Host A opens a Telnet connection to Host B. Host A then opens another Telnet
connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections. How many flows exist between Host A and Host B?
A. 1
B. 2
C. 3
D. 4
Answer: D

Q: 23 Which two configurations are valid? (Choose two.)
A. [edit security zones]
user@host# show
security-zone foo {
interfaces {
ge-0/0/1.0;
ge-0/0/3.0;
}
security-zone bar {
interfaces {
ge-0/0/2.0;
ge-0/0/3.102;
}
B. [edit security zones]
user@host# show
security-zone foo {
interfaces {
ge-0/0/1.0;
ge-0/0/2.0;
}
security-zone bar {
interfaces {
ge-0/0/1.0;
ge-0/0/3.0;
}
C. [edit routing-instances]
user@host# show
foo {
interface ge-0/0/3.0;
interface ge-0/0/2.102;
}
bar {
interface ge-0/0/0.0;
interface ge-0/0/3.0;
}
D. [edit routing-instances]
user@host# show
foo {
interface ge-0/0/3.0;
interface ge-0/0/3.102;
}
bar {
interface ge-0/0/0.0;
interface ge-0/0/2.0;
}
Answer: A, D


© 2014 Cheat-Test.com, All Rights Reserved