Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Juniper Exam JN0-335 Topic 9 Question 34 Discussion

Actual exam question for Juniper's JN0-335 exam
Question #: 34
Topic #: 9
[All JN0-335 Questions]

Click the Exhibit button.

You are validating the configuration template for device access. The commands in the exhibit have been entered to secure IP access to an SRX Series device.

Referring to the exhibit, which two statements are true? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

The commands in the exhibit show how to configure a firewall filter on the loopback interface (lo0) of an SRX Series device. The loopback interface is a gateway for all the control traffic that enters the Routing Engine of the device. The firewall filter can be used to monitor and protect this control traffic from various attacks. Two statements that are true based on the exhibit are:

The loopback interface blocks invalid traffic on its entry into the device: The firewall filter applied on lo0 has a term that matches any packet with an invalid source address (such as 0.0.0.0/8 or 127.0.0.0/8) and discards it. This prevents spoofing or DoS attacks using invalid source addresses.

The device manager can access the device from 10.253.1.2: The firewall filter applied on lo0 has a term that matches any packet with a source address of 10.253.1.2 and accepts it. This allows the device manager to access the device from this IP address using protocols such as SSH, Telnet, HTTP, or HTTPS.


Contribute your Thoughts:

Mitzie
2 months ago
I believe option D is also true because the device manager can access the device from 10.253.1.2. It's important to secure IP access.
upvoted 0 times
...
Vallie
3 months ago
I'm not sure about option B and C. Can someone explain why the loopback interface would block traffic on entry or exit?
upvoted 0 times
...
Elli
3 months ago
Haha, I bet the person who wrote this question was feeling pretty clever. Loopback interfaces are like the bouncers of the network world.
upvoted 0 times
Berry
2 months ago
D) The device manager can access the device from 10.253.1.2.
upvoted 0 times
...
Annelle
2 months ago
Yeah, loopback interfaces are definitely the bouncers of the network!
upvoted 0 times
...
Ronald
2 months ago
B) The loopback interface blocks invalid traffic on its entry into the device.
upvoted 0 times
...
Ira
2 months ago
A) The device manager can access the device from 192.168.11.248.
upvoted 0 times
...
...
Thaddeus
3 months ago
I agree with Jamal. Option A seems correct based on the configuration in the exhibit.
upvoted 0 times
...
Verona
3 months ago
Option D is definitely wrong. The device manager can't access the device from 10.253.1.2 based on the configuration.
upvoted 0 times
...
Jamal
3 months ago
I think option A is true because the device manager can access the device from 192.168.11.248.
upvoted 0 times
...
Chan
3 months ago
I'm not sure about option C. Doesn't the loopback interface only block traffic entering the device, not exiting?
upvoted 0 times
Ranee
1 months ago
That's correct. The device manager can access the device from 192.168.11.248 and 10.253.1.2.
upvoted 0 times
...
Eliz
1 months ago
So, the correct options are A and D, right?
upvoted 0 times
...
Lura
1 months ago
Yeah, I agree. Option C must be incorrect then.
upvoted 0 times
...
Latricia
2 months ago
I think you're right, the loopback interface only blocks traffic entering the device.
upvoted 0 times
...
...
Melita
3 months ago
Option B seems correct. The loopback interface is used to secure the device by blocking invalid traffic entering the device.
upvoted 0 times
Sean
2 months ago
Yes, that's right. It helps in securing the device from potential threats.
upvoted 0 times
...
Justine
3 months ago
I agree, option B is correct. The loopback interface does block invalid traffic entering the device.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77