ExamGecko
Search Search Login
Home Home / Juniper / JN0-335

Juniper JN0-335 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are correct about the Junos IPS feature? (Choose two.)
You want to show tabular data for operational mode commands. In this scenario, which logging parameter will provide this function?
Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.)
Which solution enables you to create security policies that include user and group information?
Which two sources are used by Juniper Identity Management Service (JIMS) for collecting username and device IP addresses? (Choose two.)
You want to manually failover the primary Routing Engine in an SRX Series high availability cluster pair. Which step is necessary to accomplish this task?
What are three capabilities of AppQoS? (Choose three.)
Exhibit You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them. Which statement is correct in this scenario?
You are asked to implement IPS on your SRX Series device. In this scenario, which two tasks must be completed before a configuration will work? (Choose two.)
Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)

Question 21

Report
Export
Collapse

Which two statements about unified security policies are correct? (Choose two.)

A.
Unified security policies require an advanced feature license.
A.
Unified security policies require an advanced feature license.
Answers
B.
Unified security policies are evaluated after global security policies.
B.
Unified security policies are evaluated after global security policies.
Answers
C.
Traffic can initially match multiple unified security policies.
C.
Traffic can initially match multiple unified security policies.
Answers
D.
APPID results are used to determine the final security policy
D.
APPID results are used to determine the final security policy
Answers
Suggested answer: C, D

Explanation:

unified security policies are security policies that enable you to use dynamic applications as match conditions along with existing 5-tuple or 6-tuple matching conditions12.They simplify application-based security policy management at Layer 7 and provide greater control and extensibility to manage dynamic applications traffic3

Question 22

Report
Export
Collapse

Exhibit

Referring to the exhibit, which two statements describe the type of proxy used? (Choose two.)

A.
forward proxy
A.
forward proxy
Answers
B.
client protection proxy
B.
client protection proxy
Answers
C.
server protection proxy
C.
server protection proxy
Answers
D.
reverse proxy
D.
reverse proxy
Answers
Suggested answer: B, C

Explanation:

B)Client protection proxy: This statement iscorrectbecause a forward proxy can also be called a client protection proxy since it protects the user's identity and computer information from the web server4.

C)Server protection proxy: This statement iscorrectbecause a reverse proxy can also be called a server protection proxy since it protects the web server's identity and location from the user4.

Question 23

Report
Export
Collapse

You have deployed an SRX300 Series device and determined that files have stopped being scanned.

In this scenario, what is a reason for this problem?

A.
The software license is a free model and only scans executable type files.
A.
The software license is a free model and only scans executable type files.
Answers
B.
The infected host communicated with a command-and-control server, but it did not download malware.
B.
The infected host communicated with a command-and-control server, but it did not download malware.
Answers
C.
The file is too small to have a virus.
C.
The file is too small to have a virus.
Answers
D.
You have exceeded the maximum files submission for your SRX platform size.
D.
You have exceeded the maximum files submission for your SRX platform size.
Answers
Suggested answer: D

Explanation:

You have exceeded the maximum files submission for your SRX platform size: This statement iscorrectbecause file scanning on SRX300 Series device has a limit on the number of files that can be submitted per minute based on the platform size3.For example, SRX320 has a limit of 10 files per minute3.

Question 24

Report
Export
Collapse

Which three statements about SRX Series device chassis clusters are true? (Choose three.)

A.
Chassis cluster control links must be configured using RFC 1918 IP addresses.
A.
Chassis cluster control links must be configured using RFC 1918 IP addresses.
Answers
B.
Chassis cluster member devices synchronize configuration using the control link.
B.
Chassis cluster member devices synchronize configuration using the control link.
Answers
C.
A control link failure causes the secondary cluster node to be disabled.
C.
A control link failure causes the secondary cluster node to be disabled.
Answers
D.
Recovery from a control link failure requires that the secondary member device be rebooted.
D.
Recovery from a control link failure requires that the secondary member device be rebooted.
Answers
E.
Heartbeat messages verify that the chassis cluster control link is working.
E.
Heartbeat messages verify that the chassis cluster control link is working.
Answers
Suggested answer: B, C, E

Explanation:

B) Chassis cluster member devices synchronize configuration using the control link: This statement iscorrectbecause the control link is used for configuration synchronization among other functions.

C) A control link failure causes the secondary cluster node to be disabled: This statement iscorrectbecause a control link failure causes the secondary node to become ineligible for primary role and remain in secondary role until the control link is restored.

E) Heartbeat messages verify that the chassis cluster control link is working: This statement iscorrectbecause heartbeat messages are sent periodically over the control link to monitor its status.

Question 25

Report
Export
Collapse

Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)

A.
When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained
A.
When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained
Answers
B.
When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.
B.
When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.
Answers
C.
When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.
C.
When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.
Answers
D.
When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.
D.
When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.
Answers
Suggested answer: C, D

Explanation:

policy rematch is a feature that enables the device to reevaluate an active session when its associated security policy is modified. The session remains open if it still matches the policy that allowed the session initially.The session is closed if its associated policy is renamed, deactivated, or deleted1.

Question 26

Report
Export
Collapse

You are asked to block malicious applications regardless of the port number being used.

In this scenario, which two application security features should be used? (Choose two.)

A.
AppFW
A.
AppFW
Answers
B.
AppQoE
B.
AppQoE
Answers
C.
APPID
C.
APPID
Answers
D.
AppTrack
D.
AppTrack
Answers
Suggested answer: A, C

Explanation:

you can block applications and users based on network access policies, users and their job roles, time, and application signatures2.You can also use Juniper Advanced Threat Prevention (ATP) to find and block commodity and zero-day cyberthreats within files, IP traffic, and DNS requests1

Question 27

Report
Export
Collapse

A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.

Which feed will the clients IP address be automatically added to in this situation?

A.
the command-and-control cloud feed
A.
the command-and-control cloud feed
Answers
B.
the allowlist and blocklist feed
B.
the allowlist and blocklist feed
Answers
C.
the custom cloud feed
C.
the custom cloud feed
Answers
D.
the infected host cloud feed
D.
the infected host cloud feed
Answers
Suggested answer: D

Explanation:

Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers3.Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level3.Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud4.You can also configure your SRX Series device to block traffic from these IP addresses using security policies4.

Question 28

Report
Export
Collapse

When a security policy is deleted, which statement is correct about the default behavior of active sessions allowed by that policy?

A.
The active sessions allowed by the policy will be dropped.
A.
The active sessions allowed by the policy will be dropped.
Answers
B.
The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded.
B.
The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded.
Answers
C.
The active sessions allowed by the policy will be reevaluated by the cached
C.
The active sessions allowed by the policy will be reevaluated by the cached
Answers
D.
The active sessions allowed by the policy will continue
D.
The active sessions allowed by the policy will continue
Answers
Suggested answer: A

Explanation:

When a security policy is deleted, the active sessions allowed by the policy will be dropped. The default behavior is that all active sessions allowed by the policy will be terminated and the traffic will no longer be forwarded. There is no way to mark the active sessions as a legacy flow or to reevaluate them by the cached rules.

According to Juniper Networks Security, Specialist (JNCIS-SEC) Study Guide, when a security policy is deleted, the active sessions allowed by that policy will be dropped. This behavior is the default behavior of the device. There is no way to mark the active sessions as a legacy flow or to re-evaluate them against cached rules. The device will terminate the active sessions and will no longer forward traffic for those sessions.

Question 29

Report
Export
Collapse

You are asked to determine how much traffic a popular gaming application is generating on your network.

Which action will you perform to accomplish this task?

A.
Enable AppQoS on the proper security zones
A.
Enable AppQoS on the proper security zones
Answers
B.
Enable APBR on the proper security zones
B.
Enable APBR on the proper security zones
Answers
C.
Enable screen options on the proper security zones
C.
Enable screen options on the proper security zones
Answers
D.
Enable AppTrack on the proper security zones.
D.
Enable AppTrack on the proper security zones.
Answers
Suggested answer: D

Explanation:

AppTrack is a feature of Juniper Networks firewall solutions that allows administrators to track applications, users, and the amount of traffic generated by those applications on the network. AppTrack can be enabled on specific security zones of the network to monitor traffic on those zones. This feature can be used to determine how much traffic a popular gaming application is generating on the network. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.

AppTrack is a feature of the Junos OS that provides visibility into the applications and users on your network. It tracks the usage of applications and provides detailed reports on the amount of traffic generated by each application. By enabling AppTrack on the proper security zones, you can determine how much traffic a popular gaming application is generating on your network.

Question 30

Report
Export
Collapse

Which statement regarding Juniper Identity Management Service (JIMS) domain PC probes is true?

A.
JIMS domain PC probes analyze domain controller security event logs at60-mmute intervals by default.
A.
JIMS domain PC probes analyze domain controller security event logs at60-mmute intervals by default.
Answers
B.
JIMS domain PC probes are triggered if no username to IP address mapping is found in the domain security event log.
B.
JIMS domain PC probes are triggered if no username to IP address mapping is found in the domain security event log.
Answers
C.
JIMS domain PC probes are triggered to map usernames to group membership information.
C.
JIMS domain PC probes are triggered to map usernames to group membership information.
Answers
D.
JIMS domain PC probes are initiated by an SRX Series device to verify authentication table information.
D.
JIMS domain PC probes are initiated by an SRX Series device to verify authentication table information.
Answers
Suggested answer: B

Explanation:

Juniper Identity Management Service (JIMS) domain PC probes are used to map usernames to IP addresses in the domain security event log. This allows for the SRX Series device to verify authentication table information, such as group membership. The probes are triggered whenever a username to IP address mapping is not found in the domain security event log. By default, the probes are executed at 60-minute intervals.

Total 98 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms