JN0-231 Free Practice Test

Which two security features inspect traffic at Layer 7? (Choose two.)

1. A. IPS/IDP
2. B. security zones
3. C. application firewall
4. D. integrated user firewall

Correct Answer: AC

Which statement is correct about static NAT?

1. A. Static NAT supports port translation.
2. B. Static NAT rules are evaluated after source NAT rules.
3. C. Static NAT implements unidirectional one-to-one mappings.
4. D. Static NAT implements unidirectional one-to-many mappings.

Correct Answer: C
Static NAT (Network Address Translation) is a type of NAT that maps a public IP address to a private IP address. With static NAT, a one-to-one mapping is created between a public IP address and a private IP address. This means that a single public IP address is mapped to a single private IP address, and all incoming traffic to the public IP address is forwarded to the private IP address.

Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?

1. A. infected host cloud feed
2. B. Geo IP feed
3. C. C&C cloud feed
4. D. blocklist feed

Correct Answer: A

Which two statements are correct about IPsec security associations? (Choose two.)

1. A. IPsec security associations are bidirectional.
2. B. IPsec security associations are unidirectional.
3. C. IPsec security associations are established during IKE Phase 1 negotiations.
4. D. IPsec security associations are established during IKE Phase 2 negotiations.

Correct Answer: AD
The two statements that are correct about IPsec security associations are that they are bidirectional and that they are established during IKE Phase 2 negotiations. IPsec security associations are bidirectional, meaning that they provide security for both incoming and outgoing traffic. IPsec security associations are established during IKE Phase 2 negotiations, which negotiates the security parameters and establishes the security association between the two peers. For more information, please refer to the Juniper Networks IPsec VPN Configuration Guide, which can be found on Juniper's website.

Which two user authentication methods are supported when using a Juniper Secure Connect VPN? (Choose two.)

1. A. certificate-based
2. B. multi-factor authentication
3. C. local authentication
4. D. active directory

Correct Answer: CD
"Local Authentication—In local authentication, the SRX Series device validates the user credentials by checking them in the local database. In this method, the administrator handles change of password or resetting of forgotten password. Here, it requires that an user must remember a new password. This option is not much preferred from a security standpoint.
• External Authentication—In external authentication, you can allow the users to use the same user credentials they use when accessing other resources on the network. In many cases, user credentials are domain logon used for Active Directory or any other LDAP authorization system. This method simplifies user experience and improves the organization’s security posture; because you can maintain the authorization system with the regular security policy used by your organization."
https://www.juniper.net/documentation/us/en/software/secure-connect/secure-connect-administrator-guide/topic