PassTest JN0-232問題集でリアル試験問題でテストエンジン問題集でトレーニング
Juniper JN0-232テスト問題集とオンライン試験エンジン
質問 # 16
A new packet arrives on an interface on your SRX Series Firewall that is assigned to the trust security zone.
In this scenario, how does the SRX Series Firewall determine the egress security zone?
- A. by examining the ingress security zone properties
- B. by performing a route lookup
- C. by examining the destination port
- D. by performing a session lookup
正解:B
解説:
When a new packet arrives that does not match an existing session, the SRX performs full flow-based processing. After ingress zone determination, the firewall must know the destination zone to evaluate security policies.
* The SRX determines theegress zone by performing a route lookupon the packet's destination IP address.
* The routing decision identifies the outgoing interface, and the zone associated with that interface becomes theegress zone.
* Session lookup (Option A) happens first but is only useful for existing sessions.
* Destination port (Option B) is used for application identification, not zone determination.
* Ingress zone properties (Option D) cannot determine the egress zone.
Reference:Juniper Networks -SRX Series Flow Processing and Security Zone Determination, Junos OS Security Fundamentals.
質問 # 17
Click the Exhibit button.
Which two statements are correct about the content filter shown in the exhibit? (Choose two.)
- A. There will be an e-mail sent to the user about why the SRX is blocking the file.
- B. There will be a notice added to the SRX log file about the file being blocked.
- C. .exe files will not be allowed to be downloaded over HTTP.
- D. .exe files will not be allowed to be uploaded over HTTP.
正解:B、C
解説:
From the exhibit, the content filter configuration is as follows:
* Match Conditions:
* Application:HTTP
* Direction:download
* File-types:exe
* Action:
* block
* notification log
Analysis of Options:
* Option A: Incorrect. The configuration specifies thedownload direction, not upload. Uploads of .exe files are unaffected.
* Option B: Correct. Because the rule applies todownloads, .exe files will be blocked when users attempt to download them over HTTP.
* Option C: Correct. The notification { log; } statement ensures that an entry will be added to the SRX device's log when the action is triggered.
* Option D: Incorrect. No configuration for sending e-mail notifications is shown in the rule. Only logging is specified.
Correct Statements:B and C
Reference:Juniper Networks -UTM Content Filtering Configuration and Actions, Junos OS Security Fundamentals, Official Course Guide.
質問 # 18
Which two statements about SRX Series zones are correct? (Choose two.)
- A. A security zone processes intra-zone traffic without a security policy.
- B. The functional zone is used to define the management interface on smaller SRX Series Firewalls.
- C. The Junos-host zone allows the use of security policies to control access to the SRX Series Firewall.
- D. The null zone allows the use of security policies to log dropped control plane traffic.
正解:A、C
解説:
* Intra-zone traffic:On SRX devices, traffic between interfaces in the same security zone is allowed without requiring a security policy(Option C is correct). Policies are only evaluated for inter-zone traffic.
* Junos-host functional zone:This zone is a predefined functional zone that allows administrators to apply policies controlling access to the SRX firewall itself, such as SSH, HTTP, or SNMP traffic (Option D is correct).
* Null zone:This zone is a predefined discard zone. Interfaces placed in the null zone drop all traffic. It does not allow policy logging of dropped control plane traffic (Option A is incorrect).
* Management functional zone:This is used to define management interfaces, not the "functional zone" as stated in Option B (incorrect wording).
Correct Statements:C and D
Reference:Juniper Networks -Security Zones and Functional Zones, Junos OS Security Fundamentals.
質問 # 19
You want to confirm that your SRX Series Firewall is connected to the SBL server.
Which operational mode command would you use in this scenario?
- A. show security utm content-filtering statistics
- B. show security utm anti-virus status
- C. show security utm anti-spam status
- D. show security web filtering status
正解:D
解説:
TheSBL (SurfControl Web Filtering)server integration is part of UTM web filtering on SRX. To confirm that the firewall is properly connected and communicating with the SBL server, the command used is:
show security web filtering status
This command displays connectivity information with the SBL server, license status, and filtering operations.
Other options:
* Anti-virus (Option A) checks antivirus engine status.
* Content-filtering statistics (Option C) shows local content filtering counters.
* Anti-spam status (Option D) checks spam engine connectivity.
Correct Command:show security web filtering status
Reference:Juniper Networks -UTM Web Filtering Operational Commands, Junos OS Security Fundamentals.
質問 # 20
When a new traffic flow enters an SRX Series device, in which order are these processes performed?
- A. screens # security policies # zones # routes
- B. screens # routes # zones # security policies
- C. screens # zones # security policies # routes
- D. routes # zones # screens # security policies
正解:B
解説:
The packet flow fornew trafficon SRX is processed in a defined order:
* Screens (Option B, Step 1):Packets are first checked by screens for anomalies such as floods, malformed packets, or protocol violations.
* Route Lookup (Step 2):The destination IP is checked in the routing table to determine the egress interface.
* Zone Determination (Step 3):Once the ingress and egress interfaces are known, their associated zones are identified.
* Security Policies (Step 4):With both zones determined, the packet is evaluated against the configured security policies.
Other options list incorrect sequences, either moving routing later or placing policies before zone determination, which is not possible.
Correct Processing Order:screens # routes # zones # security policies
Reference:Juniper Networks -Packet Flow and Security Processing Order, Junos OS Security Fundamentals.
質問 # 21
You want to use Avira Antivirus.
Which two actions should you perform to satisfy this requirement? (Choose two.)
- A. Reboot the SRX Series device to load the components.
- B. Restart the management daemon (mgd) to load the components.
- C. Enable the Avira engine in configuration mode.
- D. Enable the Avira engine in operational mode.
正解:A、C
解説:
The SRX Series devices support third-party antivirus scanning engines such asAvira. To use the Avira antivirus engine, administrators must explicitly enable the engine and ensure that the required components are properly loaded.
* Enable in configuration mode:
* The Avira antivirus engine must be enabled under UTM configuration mode. This step ensures the SRX device uses the Avira scanning engine for antivirus inspection.
* Example:
* set security utm feature-profile anti-virus avira-engine enable
* Reboot the SRX device:
* A system reboot is required after enabling the Avira engine to load the Avira antivirus components into memory.
* Without a reboot, the Avira engine will not become active.
* Why not the others?
* Restarting themgdprocess (Option A) only reloads the management daemon and does not load antivirus engines.
* Enabling inoperational mode(Option B) is not supported; the configuration must be applied in configuration mode.
Therefore, the correct actions to use Avira Antivirus are:Enable the Avira engine in configuration mode (Option D) and reboot the SRX device (Option C).
Reference:Juniper Networks -Junos OS UTM and Antivirus Configuration, Junos OS Security Fundamentals, Official Course Guide.
質問 # 22
You want to use Avira Antivirus.
Which two actions should you perform to satisfy this requirement? (Choose two.)
- A. Reboot the SRX Series device to load the components.
- B. Restart the management daemon (mgd) to load the components.
- C. Enable the Avira engine in configuration mode.
- D. Enable the Avira engine in operational mode.
正解:A、C
解説:
The SRX Series devices support third-party antivirus scanning engines such asAvira. To use the Avira antivirus engine, administrators must explicitly enable the engine and ensure that the required components are properly loaded.
* Enable in configuration mode:
* The Avira antivirus engine must be enabled under UTM configuration mode. This step ensures the SRX device uses the Avira scanning engine for antivirus inspection.
* Example:
* set security utm feature-profile anti-virus avira-engine enable
* Reboot the SRX device:
* A system reboot is required after enabling the Avira engine to load the Avira antivirus components into memory.
* Without a reboot, the Avira engine will not become active.
* Why not the others?
* Restarting themgdprocess (Option A) only reloads the management daemon and does not load antivirus engines.
* Enabling inoperational mode(Option B) is not supported; the configuration must be applied in configuration mode.
Therefore, the correct actions to use Avira Antivirus are:Enable the Avira engine in configuration mode (Option D) and reboot the SRX device (Option C).
Reference:Juniper Networks -Junos OS UTM and Antivirus Configuration, Junos OS Security Fundamentals, Official Course Guide.
質問 # 23
Your manager asks you to verify when your antivirus definitions were last updated on your SRX Series Firewall.
Which operational mode command allows you to see this information?
- A. show security utm content-filtering statistics
- B. show security web filtering status
- C. show security utm anti-virus status
- D. show security utm anti-spam status
正解:C
解説:
The antivirus feature on SRX relies on signature definition files that must be regularly updated. To check the status of these updates, the correct operational command is:
* show security utm anti-virus status(Option D). This displays details such as:
* Antivirus engine status
* Last update time of virus definitions
* Version of the signature database
Other options:
* Content-filtering statistics (Option A) shows counters for file-type filtering, not antivirus updates.
* Anti-spam status (Option B) shows spam filtering engine connectivity.
* Web filtering status (Option C) shows SBL/web filter server connection details.
Correct Command:show security utm anti-virus status
Reference:Juniper Networks -UTM Antivirus Commands and Monitoring, Junos OS Security Fundamentals.
質問 # 24
What are two system-defined zones created on the SRX Series Firewalls? (Choose two.)
- A. null
- B. management
- C. junos-host
- D. DMZ
正解:A、C
解説:
On SRX Series Firewalls, Junos OS automatically createssystem-defined zonesthat have special functions:
* Null zone (Option A):A predefined discard zone. By default, all interfaces belong to the null zone until assigned to a user-defined zone. Traffic destined to the null zone is dropped.
* Junos-host zone (Option B):A predefined functional zone that allows security policies to control traffic directed to the SRX device itself (management traffic, such as SSH, HTTP, SNMP).
* Management zone (Option C):There is a predefinedmanagement functional zone, but it is not called
"management" as a system-defined security zone.
* DMZ (Option D):A DMZ zone must be explicitly created by the administrator, it is not system-defined.
Correct Zones:null, junos-host
Reference:Juniper Networks -Security Zones and Functional Zones, Junos OS Security Fundamentals.
質問 # 25
What is the purpose of assigning logical interfaces to separate security zones in Junos OS?
- A. to manage routing protocols and updates
- B. to simplify the configuration of network interfaces
- C. to enable network monitoring through SNMP
- D. to control traffic that traverses different VLANs using security policies
正解:D
解説:
In Junos OS, security zones are the foundation of SRX firewall policy enforcement. Logical interfaces must be assigned to zones. This enables:
* Separation of traffic by zone boundaries.
* Enforcement ofsecurity policiesfor traffic traversing between zones.
* Control of traffic across VLANs, subnets, or functional areas (e.g., trust, untrust, DMZ).
Other options:
* Zone assignment is not used to simplify interface configuration (A).
* Routing protocols and updates (B) are handled by routing instances, not zones.
* SNMP monitoring (D) is enabled under system or services configuration, not zones.
Reference:Juniper Networks -Security Zones and Policy Enforcement, Junos OS Security Fundamentals.
質問 # 26
Click the Exhibit button.
The exhibit shows a table representing security policies from the trust zone to the untrust zone.
In this scenario, which two statements are correct? (Choose two.)
- A. Ping command requests from the source IP address of 172.25.11.100 are denied to the destination IP address of 10.1.0.10.
- B. FTP requests from the source IP address of 10.1.0.10 are permitted to the destination IP address of
172.25.11.100. - C. FTP requests from the source IP address of 172.25.11.11 are denied to the destination IP address of
10.1.0.10. - D. SSH requests from the source IP address of 172.25.11.10 are permitted to the destination IP address of
10.1.0.10.
正解:C、D
解説:
Juniper SRX evaluatessecurity policiessequentially from top to bottom. Once a policy match is found, no further policies are evaluated. In this exhibit:
* First Policy (FTP, deny):
* Source: 172.25.11.0/24
* Destination: 10.1.0.0/16
* Application: FTP
* Action: deny#Any FTP traffic from 172.25.11.0/24 to 10.1.0.0/16 isdenied.
* Second Policy (SSH, permit):
* Same source/destination but application = SSH
* Action = permit#SSH traffic from 172.25.11.0/24 to 10.1.0.0/16 ispermitted.
* Third Policy (HTTPS, permit):#HTTPS from the same source/destination ispermitted.
* Fourth Policy (Ping, permit):
* Source: 172.25.11.0/24 to any destination
* Application: ping
* Action: permit#ICMP echo requests (ping) from 172.25.11.0/24 to any destination arepermitted.
* Fifth Policy (any # any, deny):#Serves as a defaultdeny allat the end.
Now checking each option:
* Option A:SSH from 172.25.11.10 # 10.1.0.10 matches theSSH permit rule(second policy).#Correct.
* Option B:Ping from 172.25.11.100 # 10.1.0.10 matches theping permit rule(fourth policy). This traffic is permitted, not denied.#Incorrect.
* Option C:FTP from 10.1.0.10 # 172.25.11.100 isreverse traffic (untrust to trust). The table applies onlytrust # untrust, so this policy does not apply.#Incorrect.
* Option D:FTP from 172.25.11.11 # 10.1.0.10 matches the first policy (FTP deny rule).#Correct.
Correct Statements:A, D
Reference:Juniper Networks -Security Policies Evaluation Order, Junos OS Security Fundamentals, Official Course Guide.
質問 # 27
Which two characteristics of destination NAT and static NAT are correct? (Choose two.)
- A. Destination NAT requires address range sizes that match the devices being translated.
- B. Static NAT automatically creates a matching rule for the opposite direction.
- C. Static NAT uses Port Address Translation.
- D. Destination NAT supports port forwarding.
正解:B、D
解説:
* Static NAT:Provides a one-to-one bidirectional mapping between internal and external IP addresses.
When configured, the translation automatically applies in both directions (Option A is correct). It does not use Port Address Translation (Option C is incorrect).
* Destination NAT:Allows external clients to access internal resources by translating the destination address. It supportsport forwardingso specific services (e.g., HTTP on port 80) can be forwarded to an internal host (Option D is correct). It does not require equal-sized address ranges (Option B is incorrect).
Correct Characteristics:Static NAT is bidirectional, and Destination NAT supports port forwarding.
Reference:Juniper Networks -NAT Types and Characteristics, Junos OS Security Fundamentals.
質問 # 28
In which order does Junos OS process the various forms of NAT?
- A. static NAT, destination NAT, source NAT
- B. source NAT, destination NAT, static NAT
- C. source NAT, static NAT, destination NAT
- D. destination NAT, source NAT, static NAT
正解:A
解説:
NAT processing in Junos OS follows a strict sequence to ensure correct packet handling:
* Static NAT- applied first because it provides a permanent one-to-one bidirectional mapping.
* Destination NAT- applied second to translate inbound destination addresses, often used for servers in private networks.
* Source NAT- applied last to translate outbound private source addresses to public ones.
This ensures deterministic behavior and avoids conflicts between translation types.
* Options B, C, and D list incorrect sequences.
Correct Order:static NAT # destination NAT # source NAT
Reference:Juniper Networks -NAT Processing Order, Junos OS Security Fundamentals.
質問 # 29
Which two statements are correct about security zones and functional zones? (Choose two.)
- A. Traffic entering an interface in a functional zone can exit any other transit interface.
- B. Traffic entering transit interfaces cannot exit an interface in a functional zone.
- C. Traffic entering transit interfaces can exit an interface in a functional zone.
- D. Traffic entering an interface in a functional zone cannot exit any other transit interface.
正解:B、D
解説:
* Functional zones(e.g., junos-host, management, null) are not used for forwarding transit traffic. They are used to manage traffic destined to or from the SRX device itself.
* Option A:Correct. If traffic enters through a functional zone interface, it is meant for the SRX, not for transit, so it cannot exit another interface.
* Option D:Correct. Transit interfaces handle forwarding traffic, but they cannot send that traffic out through a functional zone interface.
* Option B and C:Incorrect, because functional zones are strictly control-plane, not transit forwarding zones.
Correct Statements:A and D
Reference:Juniper Networks -Security Zones vs. Functional Zones, Junos OS Security Fundamentals.
質問 # 30
Which UI enables you to manage, monitor, and maintain multiple firewalls using a single interface?
- A. Juniper Secure Analytics
- B. Secure Connect
- C. Juniper Identity Management Service
- D. Security Director
正解:D
解説:
* Security Director (Option B):A Junos Space application that provides a centralized interface for managing, monitoring, and maintaining multiple SRX firewalls.
* Juniper Secure Analytics (Option A):Focuses on SIEM/log analysis, not centralized firewall management.
* Identity Management Service (Option C):Provides user identity integration for policy enforcement, not a management UI.
* Secure Connect (Option D):A VPN client solution, not a firewall management platform.
Correct UI:Security Director
Reference:Juniper Networks -Junos Space Security Director Overview, Junos OS Security Fundamentals.
質問 # 31
Which two statements describe what Port Address Translation (PAT) does? (Choose two.)
- A. It enables multiple external clients to initiate a connection with multiple internal devices.
- B. It enables multiple internal devices to share a single external IP address.
- C. It maps an external IP address to an internal IP address.
- D. It maps an internal IP address to an external IP address and port number.
正解:B、D
解説:
PAT (Port Address Translation), also called NAT overload, allows many devices to share a single public IP:
* Option C:Correct. Multiple internal hosts share a single external IP.
* Option D:Correct. Each internal host is mapped to the same public IP but differentiated by unique port numbers.
* Option A:This describes basic static NAT (1-to-1 mapping).
* Option B:Incorrect, this describes general NAT behavior but not specific to PAT.
Correct Statements:PAT enables multiple internal devices to share one external IP, and it maps internal IPs to external IP + port.
Reference:Juniper Networks -Source NAT and PAT Operations, Junos OS Security Fundamentals.
質問 # 32
Which security policy action will cause traffic to drop and a message to be sent to the source?
- A. next-policy
- B. permit
- C. deny
- D. reject
正解:D
解説:
Security policies on SRX support several actions:
* Permit:Allows traffic to pass according to the rule.
* Deny:Silently drops the traffic without notifying the source.
* Reject:Drops the trafficand sends a TCP RST (for TCP) or ICMP unreachable (for UDP/other protocols)back to the source. This provides feedback to the sending host.
* Next-policy:Allows policy chaining to evaluate the next policy set.
Therefore, the action that causes traffic to drop and a message to be sent to the source isreject.
Reference:Juniper Networks -Security Policy Actions, Junos OS Security Fundamentals.
質問 # 33
You are asked to create a security policy that controls traffic allowed to pass between the Internet and private security zones. You must ensure that this policy is evaluated before all other policy types on your SRX Series device.
In this scenario, which type of security policy should you create?
- A. routing policy
- B. global policy
- C. zone policy
- D. default policy
正解:B
解説:
* Global policies (Option D):Evaluated before zone-based policies. They allow centralized control and can apply across all zones. Perfect for Internet-to-private traffic that must be enforced before other rules.
* Routing policy (Option A):Controls routing decisions, not traffic forwarding/security.
* Default policy (Option B):Denies all traffic by default, but cannot be customized for early evaluation.
* Zone policy (Option C):Zone-based policies apply after global policies and are limited to specific zone pairs.
Correct Policy Type:Global policy
Reference:Juniper Networks -Global Security Policies vs Zone-Based Policies, Junos OS Security Fundamentals.
質問 # 34
Which two statements about global security policies are correct? (Choose two.)
- A. Global security policies require specific zone contexts.
- B. You can use both zone-based security policies and global security policies at the same time.
- C. Global policies are processed before zone-based security policies.
- D. The from-zone and to-zone contexts are not required for a global security policy.
正解:B、D
解説:
Global security policies extend the flexibility of policy enforcement across the SRX. They are not tied to specific source and destination zones:
* From-zone and to-zone contexts are not required(Option A). Global policies apply across all zones unless restricted by match conditions.
* Global security policies do not require specific zone contexts(Option B is incorrect).
* Global policies areprocessed after zone-based policies, not before. This means that zone-based security policies take precedence (Option C is incorrect).
* Administrators can configure bothzone-based security policies and global security policies at the same timeon the same device (Option D is correct).
This allows flexible designs where specific policies can be enforced by zone, while general policies can be applied globally without duplicating rules across multiple zones.
Reference:Juniper Networks -Junos OS Security Fundamentals, Global Security Policies.
質問 # 35
What is the purpose of rate-limiting exception traffic in the Junos OS?
- A. to manage routing protocols and updates
- B. to simplify the configuration of network interfaces
- C. to prevent denial-of-service attacks on the Routing Engine
- D. to enhance the performance of the forwarding plane
正解:C
解説:
Exception traffic is traffic that must be sent from the Packet Forwarding Engine (PFE) to the Routing Engine (RE) for processing, such as routing protocol updates, management traffic, or other control-plane packets.
Because the RE is a limited and critical resource, Junos OS implementsrate limiting on exception traffic.
* The purpose is toprevent denial-of-service (DoS) attacks on the Routing Engineby controlling the amount of traffic directed to it.
* This ensures the RE continues to process control-plane operations reliably, even under potential attack or heavy traffic conditions.
* Rate limiting does not enhance forwarding plane performance (Option A), simplify interface configuration (Option B), or manage routing protocols directly (Option D).
Reference:Juniper Networks -Junos OS Security Fundamentals, Exception Traffic Handling.
質問 # 36
Which two statements are correct about NAT and security policy processing? (Choose two.)
- A. The security policy is evaluated before source NAT.
- B. The security policy is evaluated after destination NAT.
- C. The security policy is evaluated after source NAT.
- D. The security policy is evaluated before destination NAT.
正解:B、C
解説:
The packet processing order in SRX with NAT and policies is:
* Destination NAT(applies first, for inbound traffic).
* Security Policy Evaluation(after destination NAT, before source NAT).
* Source NAT(applies last, for outbound traffic).
* Option A:Incorrect. Policies are not evaluated before destination NAT.
* Option B:Correct. Security policies are evaluatedbefore source NATbut after destination NAT. So in terms of order, policies are processed prior to source NAT.
* Option C:Incorrect. Policies are not evaluated before source NAT - they are evaluatedbefore source NAT is applied.
* Option D:Correct. Policies are evaluatedafter destination NAT.
Correct Statements:B and D
Reference:Juniper Networks -Packet Flow Processing Order (NAT and Policies), Junos OS Security Fundamentals.
質問 # 37
Click the Exhibit button.
Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)
- A. The original source IP address was translated to a new source IP address.
- B. There is no change to the original destination IP address.
- C. The original destination IP address was translated to a new destination IP address.
- D. There is no change to the original source IP address.
正解:A、C
解説:
* Inbound Flow (before NAT):Source =10.20.30.40(internal private IP)Destination =203.0.113.1(public DNS server)
* Outbound Flow (after NAT):Source =192.0.2.1(translated IP)Destination =203.0.113.1(unchanged) Analysis:
* Thesource IP (10.20.30.40)was translated to192.0.2.1. This indicatesSource NATwas applied #Option B is correct.
* Thedestination IP changedbetween the inbound and outbound view. Inbound it was203.0.113.1, and outbound it is still203.0.113.1in appearance, but notice the reversal: the session entry shows it as the outbound "source" side. This confirmsDestination NAT translation has occurredfor return flow consistency #Option D is correct.
* Option A:Incorrect. The original source IP was indeed translated.
* Option C:Incorrect. The destination IP did change in the flow processing.
Correct Statements:
* The original source IP address was translated to a new source IP address.
* The original destination IP address was translated to a new destination IP address.
Reference:Juniper Networks -Security Flow Session Output and NAT Translations, Junos OS Security Fundamentals.
質問 # 38
What are two ways that an SRX Series device identifies content? (Choose two.)
- A. It identifies file types in HTTP, FTP, and e-mail protocols.
- B. It uses AppID.
- C. It identifies and inspects the file extension of each file.
- D. It uses ALGs.
正解:A、B
解説:
SRX Series devices providecontent securityfeatures that rely on advanced identification mechanisms. File identification is not based merely on file extensions (which can be easily spoofed), but instead ondeep inspection techniques:
* AppID (Application Identification):AppID is part of the AppSecure suite, allowing the device to classify applications and content regardless of port or protocol. This enables the SRX to detect applications and their related content for enforcement.
* Protocol-based file type identification:The SRX can recognize and identify file types embedded withinHTTP, FTP, and e-mail (SMTP, IMAP, POP3) protocols. This providesaccurate content inspection and filtering, independent of file naming conventions.
* Why not the others?
* File extensions (Option A) are not reliable for content security, so SRX does not use them.
* ALGs (Option D) are used for protocol handling, such as SIP or FTP control channels, not for content identification.
Reference:Juniper Networks -Content Security and AppSecure Overview, Junos OS Security Fundamentals, Official Course Guide.
質問 # 39
......
Juniper JN0-232問題を提供していますAssociate JNCIA-SEC問題集と完璧な解答付き:https://www.passtest.jp/Juniper/JN0-232-shiken.html
信頼され続けるJN0-232試験のコツとPDF試験材料:https://drive.google.com/open?id=16IwtUhVosH9Q0cGn_aPD1SIHXWnPt3aS