ExamGecko
Search Search Login
Home Home / Juniper / JN0-335

Juniper JN0-335 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are correct about the Junos IPS feature? (Choose two.)
Which solution enables you to create security policies that include user and group information?
Which two sources are used by Juniper Identity Management Service (JIMS) for collecting username and device IP addresses? (Choose two.)
You want to manually failover the primary Routing Engine in an SRX Series high availability cluster pair. Which step is necessary to accomplish this task?
You want to show tabular data for operational mode commands. In this scenario, which logging parameter will provide this function?
Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.)
What are three capabilities of AppQoS? (Choose three.)
Exhibit You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them. Which statement is correct in this scenario?
You are asked to implement IPS on your SRX Series device. In this scenario, which two tasks must be completed before a configuration will work? (Choose two.)
Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)

Question 31

Report
Export
Collapse

Your manager asks you to provide firewall and NAT services in a private cloud.

Which two solutions will fulfill the minimum requirements for this deployment? (Choose two.)

A.
a single vSRX
A.
a single vSRX
Answers
B.
a vSRX for firewall services and a separate vSRX for NAT services
B.
a vSRX for firewall services and a separate vSRX for NAT services
Answers
C.
a cSRX for firewall services and a separate cSRX for NAT services
C.
a cSRX for firewall services and a separate cSRX for NAT services
Answers
D.
a single cSRX
D.
a single cSRX
Answers
Suggested answer: B, C

Explanation:

A single vSRX or cSRX cannot provide both firewall and NAT services simultaneously. To meet the minimum requirements for this deployment, you need to deploy a vSRX for firewall services and a separate vSRX for NAT services (option B), or a cSRX for firewall services and a separate cSRX for NAT services (option C). This is according to the Juniper Networks Certified Security Specialist (JNCIS-SEC) Study Guide.

Question 32

Report
Export
Collapse

Which two statements are true about mixing traditional and unified security policies? (Choose two.)

A.
When a packet matches a unified security policy, the evaluation process terminates
A.
When a packet matches a unified security policy, the evaluation process terminates
Answers
B.
Traditional security policies must come before unified security policies
B.
Traditional security policies must come before unified security policies
Answers
C.
Unified security policies must come before traditional security policies
C.
Unified security policies must come before traditional security policies
Answers
D.
When a packet matches a traditional security policy, the evaluation process terminates
D.
When a packet matches a traditional security policy, the evaluation process terminates
Answers
Suggested answer: A, D

Question 33

Report
Export
Collapse

Exhibit

Referring to the exhibit, what do you determine about the status of the cluster.

A.
Both nodes determine that they are in a primary state.
A.
Both nodes determine that they are in a primary state.
Answers
B.
Node 1 is down
B.
Node 1 is down
Answers
C.
Node 2 is down.
C.
Node 2 is down.
Answers
D.
There are no issues with the cluster.
D.
There are no issues with the cluster.
Answers
Suggested answer: C

Question 34

Report
Export
Collapse

Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)

A.
building blocks
A.
building blocks
Answers
B.
assets
B.
assets
Answers
C.
events
C.
events
Answers
D.
tests
D.
tests
Answers
Suggested answer: C, D

Explanation:

The two configurable features on Juniper Secure Analytics (JSA) that can be used to ensure that alerts are triggered when matching certain criteria are events and tests. Events refer to the collection of data from different sources, while tests are used to define the criteria for which an alert is triggered. For example, you can use events to collect data from a firewall and tests to define criteria such as IP address, port number, and the type of traffic. The Security, Specialist (JNCIS-SEC) Study guide provides further information on how to configure these features on JSA.

Question 35

Report
Export
Collapse

You are asked to implement IPS on your SRX Series device.

In this scenario, which two tasks must be completed before a configuration will work? (Choose two.)

A.
Download the IPS signature database.
A.
Download the IPS signature database.
Answers
B.
Enroll the SRX Series device with Juniper ATP Cloud.
B.
Enroll the SRX Series device with Juniper ATP Cloud.
Answers
C.
Install the IPS signature database.
C.
Install the IPS signature database.
Answers
D.
Reboot the SRX Series device.
D.
Reboot the SRX Series device.
Answers
Suggested answer: A, C

Explanation:

The two tasks that must be completed before a configuration for IPS on an SRX Series device will work are downloading the IPS signature database and installing the IPS signature database. The Security, Specialist (JNCIS-SEC) Study guide provides further information on how to download and install the IPS signature database. Enrolling the SRX Series device with Juniper ATP Cloud is not necessary to make a configuration work, and rebooting the SRX Series device is not required either.

Question 36

Report
Export
Collapse

Which two statements are correct about Juniper ATP Cloud? (Choose two.)

A.
Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 5 minutes.
A.
Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 5 minutes.
Answers
B.
Once the target threshold is met, Juniper ATP Cloud continues looking for threats levels range from 0 to 10 minutes.
B.
Once the target threshold is met, Juniper ATP Cloud continues looking for threats levels range from 0 to 10 minutes.
Answers
C.
The threat levels range from 0-10.
C.
The threat levels range from 0-10.
Answers
D.
The threat levels range from 0-100.
D.
The threat levels range from 0-100.
Answers
Suggested answer: A, C

Explanation:

According to the Juniper Networks JNCIS-SEC Study Guide, Juniper ATP Cloud sets target thresholds for security events and then continuously scans the environment for any activity that exceeds this threshold. Once the threshold is met, Juniper ATP Cloud continues looking for threats for a period of 0 to 5 minutes. The threat levels range from 0 to 10, with 0 being the lowest and 10 being the highest.

Question 37

Report
Export
Collapse

Exhibit

You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them.

Which statement is correct in this scenario?

A.
The security intelligence policy must be configured; on a unified security policy
A.
The security intelligence policy must be configured; on a unified security policy
Answers
B.
Use the commit full command to start the download.
B.
Use the commit full command to start the download.
Answers
C.
No action is required, the feeds take a few minutes to download.
C.
No action is required, the feeds take a few minutes to download.
Answers
D.
Set the maximum C&C entries within the Juniper ATP Cloud GUI.
D.
Set the maximum C&C entries within the Juniper ATP Cloud GUI.
Answers
Suggested answer: C

Explanation:

According to the Juniper Networks JNCIS-SEC Study Guide, when you set up your command-and-control (C&C) category with Juniper ATP Cloud, all of the feeds will initially have zero objects in them. This is normal, as it can take a few minutes for the feeds to download. No action is required in this scenario and you will notice the feeds start to populate with objects once the download is complete.

Question 38

Report
Export
Collapse

Your network uses a single JSA host and you want to implement a cluster.

In this scenario, which two statements are correct? (Choose two.)

A.
The software versions on both primary and secondary hosts
A.
The software versions on both primary and secondary hosts
Answers
B.
The secondary host can backup multiple JSA primary hosts.
B.
The secondary host can backup multiple JSA primary hosts.
Answers
C.
The primary and secondary hosts must be configured with the same storage devices.
C.
The primary and secondary hosts must be configured with the same storage devices.
Answers
D.
The cluster virtual IP will need an unused IP address assigned.
D.
The cluster virtual IP will need an unused IP address assigned.
Answers
Suggested answer: A, D

Explanation:

According to the Juniper Networks JNCIP-SEC Study Guide, when setting up a cluster with a single JSA host, both the primary and secondary hosts must have the same software version installed. Additionally, an unused IP address must be assigned to the cluster virtual IP. The primary and secondary hosts do not need to be configured with the same storage devices, and the secondary host cannot be used to backup multiple JSA primary hosts.

Question 39

Report
Export
Collapse

You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device.

In this scenario, what is the correct order for rebooting the devices?

A.
Reboot the secondary device, then the primary device.
A.
Reboot the secondary device, then the primary device.
Answers
B.
Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
B.
Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
Answers
C.
Reboot the primary device, then the secondary device.
C.
Reboot the primary device, then the secondary device.
Answers
D.
Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.
D.
Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.
Answers
Suggested answer: C

Explanation:

when enabling chassis clustering on two devices, the correct order for rebooting them is to reboot the primary device first, followed by the secondary device. It is not possible for either device to assign itself the correct cluster and node ID, so both devices must be rebooted to ensure the proper configuration is applied.

Question 40

Report
Export
Collapse

Which two statements about SRX chassis clustering are correct? (Choose two.)

A.
SRX chassis clustering supports active/passive and active/active for the data plane.
A.
SRX chassis clustering supports active/passive and active/active for the data plane.
Answers
B.
SRX chassis clustering only supports active/passive for the data plane.
B.
SRX chassis clustering only supports active/passive for the data plane.
Answers
C.
SRX chassis clustering supports active/passive for the control plane.
C.
SRX chassis clustering supports active/passive for the control plane.
Answers
D.
SRX chassis clustering supports active/active for the control plane.
D.
SRX chassis clustering supports active/active for the control plane.
Answers
Suggested answer: A, D

Explanation:

SRX chassis clustering supports active/passive and active/active for the data plane. In an active/active configuration, both cluster members process and forward traffic, which increases throughput and provides redundancy. For the control plane, SRX chassis clustering supports active/active, meaning that both cluster members can process and forward control traffic, providing redundancy and improved scalability

Total 98 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms