Question 1
What information does the show chassis routing-engine command provide?
- A. chassis serial number
- B. resource utilization
- C. system version
- D. routing tables
Show Answer
Correct Answer:
B. resource utilization
Free JN0-231 Sample Questions — Security, Associate (JNCIA-SEC)
Free JN0-231 sample questions for the Security, Associate (JNCIA-SEC) exam. No account required: study at your own pace.
Want an interactive quiz? Take the full JN0-231 practice testLooking for more? Click here to get the full PDF with 66+ practice questions for $10 for offline study and deeper preparation.
Question 2
Which statement is correct about static NAT?
- A. Static NAT supports port translation
- B. Static NAT rules are evaluated after source NAT rules
- C. Static NAT implements unidirectional one-to-one mappings
- D. Static NAT implements unidirectional one-to-many mappings
Show Answer
Correct Answer:
A. Static NAT supports port translation
Question 3
Which two statements are correct about global policies? (Choose two.)
- A. Global policies are evaluated after default policies
- B. Global policies do not have to reference zone context
- C. Global policies are evaluated before default policies
- D. Global policies must reference zone contexts
Show Answer
Correct Answer:
- B. Global policies do not have to reference zone context
- C. Global policies are evaluated before default policies
Question 4
Which two components are part of a security zone? (Choose two.)
- A. inet.0
- B. fxp0
- C. address book
- D. ge-0/0/0.0
Show Answer
Correct Answer:
- C. address book
- D. ge-0/0/0.0
Question 5
Which order is correct for Junos security devices that examine policies for transit traffic?
- A. 1. zone policies 2. global policies 3. default policies
- B. 1. default policies 2. zone policies 3. global policies
- C. 1. default policies 2. global policies 3. zone policies
- D. 1. global policies 2. zone policies 3. default policies
Show Answer
Correct Answer:
A. 1. zone policies 2. global policies 3. default policies
Question 6
You are creating Ipsec connections. In this scenario, which two statements are correct about proxy IDs? (Choose two.)
- A. Proxy IDs are used to configure traffic selectors
- B. Proxy IDs are optional for Phase 2 session establishment
- C. Proxy IDs must match for Phase 2 session establishment
- D. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs
Show Answer
Correct Answer:
- C. Proxy IDs must match for Phase 2 session establishment
- D. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs
Question 7
You want to deploy a NAT solution. In this scenario, which solution would provide a static translation without PAT?
- A. interface-based source NAT
- B. pool-based NAT with address shifting
- C. pool-based NAT with PAT
- D. pool-based NAT without PAT
Show Answer
Correct Answer:
B. pool-based NAT with address shifting
Question 8
You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. You do not want the webservers to initiate connections with external update servers on the Internet using the same IP address as customers use to access them. Which two NAT types must be used to complete this project? (Choose two.)
- A. static NAT
- B. hairpin NAT
- C. destination NAT
- D. source NAT
Show Answer
Correct Answer:
- C. destination NAT
- D. source NAT
Question 9
What is the default timeout value for TCP sessions on an SRX Series device?
- A. 30 seconds
- B. 60 minutes
- C. 60 seconds
- D. 30 minutes
Show Answer
Correct Answer:
D. 30 minutes
Question 10
Which two statements are correct about IPsec security associations? (Choose two.)
- A. IPsec security associations are bidirectional
- B. IPsec security associations are unidirectional
- C. IPsec security associations are established during IKE Phase 1 negotiations
- D. IPsec security associations are established during IKE Phase 2 negotiations
Show Answer
Correct Answer:
- B. IPsec security associations are unidirectional
- D. IPsec security associations are established during IKE Phase 2 negotiations
Question 11
Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You configure destination NAT to your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server. In this scenario, which two configuration features need to be added? (Choose two.)
- A. firewall filter
- B. security policy
- C. proxy-ARP
- D. UTM policy
Show Answer
Correct Answer:
- B. security policy
- C. proxy-ARP
Question 12
Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)
- A. Junos-host
- B. functional
- C. null
- D. management
Show Answer
Correct Answer:
- A. Junos-host
- C. null
Question 13
Which two addresses are valid address book entries? (Choose two.)
- A. 173.145.5.21/255.255.255.0
- B. 153.146.0.145/255.255.0.255
- C. 203.150.108.10/24
- D. 191.168.203.0/24
Show Answer
Correct Answer:
- B. 153.146.0.145/255.255.0.255
- D. 191.168.203.0/24
Question 14
You want to enable the minimum Juniper ATP services on a branch SRX Series device. In this scenario, what are two requirements to accomplish this task? (Choose two.)
- A. Install a basic Juniper ATP license on the branch device
- B. Configure the juniper-atp user account on the branch device
- C. Register for a Juniper ATP account on https://sky.junipersecurity.net.
- D. Execute the Juniper ATP script on the branch device
Show Answer
Correct Answer:
- C. Register for a Juniper ATP account on https://sky.junipersecurity.net.
- D. Execute the Juniper ATP script on the branch device
Question 15
You want to block executable files (*.exe) from being downloaded onto your network. Which UTM feature would you use in this scenario?
- A. IPS
- B. Web filtering
- C. content filtering
- D. antivirus
Show Answer
Correct Answer:
C. content filtering
Aced these? Get the Full Exam
Download the complete JN0-231 study bundle with 66+ questions in a single printable PDF.