1. Home
  2. Juniper
  3. JN0-230

Security, Associate (JNCIA-SEC)

Exam Details

  • Exam Code
    :JN0-230
  • Exam Name
    :Security, Associate (JNCIA-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :82 Q&As
  • Last Updated
    :Mar 27, 2025

Juniper Juniper Certifications JN0-230 Questions & Answers

  • Question 61:

    Which two private cloud solution support vSRX devices? (Choose two.)

    A. Microsoft Azure

    B. Amazon Web Services (AWS)

    C. VMware Web Services (AWS)

    D. VMware NSX

    E. Contrail Cloud

  • Question 62:

    You want to integrate an SRX Series device with SKY ATP. What is the first action to accomplish task?

    A. Issue the commit script to register the SRX Series device.

    B. Copy the operational script from the Sky ATP Web UI.

    C. Create an account with the Sky ATP Web UI.

    D. Create the SSL VPN tunnel between the SRX Series device and Sky ATP.

  • Question 63:

    Which statement is correct about IKE?

    A. IKE phase 1 is used to establish the data path

    B. IKE phase 1 only support aggressive mode.

    C. IKE phase 1 negotiates a secure channel between gateways.

    D. IKE phase 1 establishes the tunnel between devices

  • Question 64:

    Which two statements are correct about using global-based policies over zone-based policies? (Choose two.)

    A. With global-based policies, you do not need to specify a destination zone in the match criteria.

    B. With global-based policies, you do not need to specify a source zone in the match criteria.

    C. With global-based policies, you do not need to specify a destination address in the match criteria.

    D. With global-based policies, you do not need to specify a source address in the match criteria.

  • Question 65:

    Users should not have access to Facebook, however, a recent examination of the logs security show that

    users are accessing Facebook.

    Referring to the exhibit,

    What should you do to solve this problem?

    A. Change the source address for the Block-Facebook-Access rule to the prefix of the users

    B. Move the Block-Facebook-Access rule before the Internet-Access rule

    C. Move the Block-Facebook-Access rule from a zone policy to a global policy

    D. Change the Internet-Access rule from a zone policy to a global policy

  • Question 66:

    Which type of security policy protect restricted services from running on non-standard ports?

    A. Application firewall

    B. IDP

    C. Sky ATP

    D. antivirus

  • Question 67:

    Which statements is correct about SKY ATP?

    A. Sky ATP is an open-source security solution.

    B. Sky ATP is used to automatically push out changes to the AppSecure suite.

    C. Sky ATP only support sending threat feeds to vSRX Series devices

    D. Sky ATP is a cloud-based security threat analyzer that performs multiple tasks

  • Question 68:

    On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a dynamic IP address?

    A. Configure the IPsec policy to use MDS authentication.

    B. Configure the IKE policy to use aggressive mode.

    C. Configure the IPsec policy to use aggressive mode.

    D. Configure the IKE policy to use a static IP address

  • Question 69:

    Users on the network are restricted from accessing Facebook, however, a recent examination of the logs

    show that users are accessing Facebook.

    Referring to the exhibit,

    Why is this problem happening?

    A. Global rules are honored before zone-based rules.

    B. The internet-Access rule has a higher precedence value

    C. The internet-Access rule is listed first

    D. Zone-based rules are honored before global rules

  • Question 70:

    You have created a zones-based security policy that permits traffic to a specific webserver for the marketing team. Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the server they are unable to do so. What are two reasons for this access failure? (Choose two.)

    A. You failed to change the source zone to include any source zone.

    B. You failed to position the policy after the policy that denies access to the webserver.

    C. You failed to commit the policy change.

    D. You failed to position the policy before the policy that denies access the webserver

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-230 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.