Summer Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

JN0-335 Security, Specialist (JNCIS-SEC) Questions and Answers

Questions 4

Which two statements are correct about SSL proxy server protection? (Choose two.)

Options:

A.

You do not need to configure the servers to use the SSL proxy the function on the SRX Series device.

B.

You must load the server certificates on the SRX Series device.

C.

The servers must be configured to use the SSL proxy function on the SRX Series device.

D.

You must import the root CA on the servers.

Buy Now
Questions 5

You are troubleshooting unexpected issues on your JIMS server due to out of order event log timestamps.

Which action should you take to solve this issue?

Options:

A.

Enable time synchronization on the client devices.

B.

Enable time synchronization on the JIMS server.

C.

Enable time synchronization on the domain controllers.

D.

Enable time synchronization on the SRX Series devices.

Buy Now
Questions 6

Click the Exhibit button.

JN0-335 Question 6

You have implemented SSL client protection proxy. Employees are receiving the error shown in the exhibit.

How do you solve this problem?

Options:

A.

Load a known good, but expired. CA certificate onto the SRX Series device.

B.

Install a new SRX Series device to act as the client proxy

C.

Reboot the SRX Series device.

D.

Import the existing certificate to each client device.

Buy Now
Questions 7

Options:

A.

IPS is integrated as a security service on SRX Series devices.

B.

IPS uses sandboxinQ to detect unknown attacks.

C.

IPS is a standalone platform running on dedicated hardware or as a virtual device.

D.

IPS uses protocol anomaly rules to detect unknown attacks.

Buy Now
Questions 8

Which two functions does Juniper ATP Cloud perform to reduce delays in the inspection of files? (Choose two.)

Options:

A.

Juniper ATP Cloud allows the creation of allowlists.

B.

Juniper ATP Cloud uses a single antivirus software package to analyze files.

C.

Juniper ATP Cloud allows end users to bypass the inspection of files.

D.

Juniper ATP Cloud performs a cache lookup on files.

Buy Now
Questions 9

You administer a JSA host and want to include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall.

Which JSA rule type satisfies this requirement?

Options:

A.

common

B.

offense

C.

flow

D.

event

Buy Now
Questions 10

Which method does the loT Security feature use to identify traffic sourced from IoT devices?

Options:

A.

The SRX Series device streams metadata from the loT device transit traffic to Juniper ATP Cloud

B.

The SRX Series device streams transit traffic received from the IoT device to Juniper ATP Cloud.

C.

The SRX Series device identifies loT devices using their MAC address.

D.

The SRX Series device identifies loT devices from metadata extracted from their transit traffic.

Buy Now
Questions 11

You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.

Which Juniper Networks solution will accomplish this task?

Options:

A.

JIMS

B.

Encrypted Traffic Insights

C.

UTM

D.

Adaptive Threat Profiling

Buy Now
Questions 12

Click the Exhibit button.

JN0-335 Question 12

Which two statements describe the output shown in the exhibit? (Choose two.)

Options:

A.

Redundancy group 1 experienced an operational failure.

B.

Redundancy group 1 was administratively failed over.

C.

Node 0 is controlling traffic for redundancy group 1.

D.

Node 1 is controlling traffic for redundancy group 1.

Buy Now
Questions 13

You are asked to block malicious applications regardless of the port number being used.

In this scenario, which two application security features should be used? (Choose two.)

Options:

A.

AppFW

B.

AppQoE

C.

APPID

D.

AppTrack

Buy Now
Questions 14

Which two statements are correct about the cSRX? (Choose two.)

Options:

A.

The cSRX supports firewall, NAT, IPS, and UTM services.

B.

The cSRX only supports Layer 2 "bump-in-the-wire" deployments.

C.

The cSRX supports BGP, OSPF. and IS-IS routing services.

D.

The cSRX has three default zones: trust, untrust, and management

Buy Now
Questions 15

Which two statements are correct about the fab interface in a chassis cluster? (Choose two.)

Options:

A.

Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization.

B.

In an active/active configuration, inter-chassis transit traffic is sent over the fab interface.

C.

The fab interface enables configuration synchronization.

D.

Heartbeat signals sent on the fab interface monitor the health of the control plane link.

Buy Now
Questions 16

You want to set up JSA to collect network traffic flows from network devices on your network.

Which two statements are correct when performing this task? (Choose two.)

Options:

A.

BGP FlowSpec is used to collect traffic flows from Junos OS devices.

B.

Statistical sampling increases processor utilization

C.

Statistical sampling decreases event correlation accuracy.

D.

Superflows reduce traffic licensing requirements.

Buy Now
Questions 17

Exhibit

JN0-335 Question 17

You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them.

Which statement is correct in this scenario?

Options:

A.

The security intelligence policy must be configured; on a unified security policy

B.

Use the commit full command to start the download.

C.

No action is required, the feeds take a few minutes to download.

D.

Set the maximum C&C entries within the Juniper ATP Cloud GUI.

Buy Now
Questions 18

Your network uses a single JSA host and you want to implement a cluster.

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

The software versions on both primary and secondary hosts

B.

The secondary host can backup multiple JSA primary hosts.

C.

The primary and secondary hosts must be configured with the same storage devices.

D.

The cluster virtual IP will need an unused IP address assigned.

Buy Now
Questions 19

Which two statements about unified security policies are correct? (Choose two.)

Options:

A.

Unified security policies require an advanced feature license.

B.

Unified security policies are evaluated after global security policies.

C.

Traffic can initially match multiple unified security policies.

D.

APPID results are used to determine the final security policy

Buy Now
Questions 20

Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)

Options:

A.

building blocks

B.

assets

C.

events

D.

tests

Buy Now
Questions 21

You want to control when cluster failovers occur.

In this scenario, which two specific parameters would you configure on an SRX Series device? (Choose two.)

Options:

A.

hearcbeac-interval

B.

heartbeac-address

C.

hearcbeat-cos

D.

hearcbeac-chreshold

Buy Now
Questions 22

Which two sources are used by Juniper Identity Management Service (JIMS) for collecting username and device IP addresses? (Choose two.)

Options:

A.

Microsoft Exchange Server event logs

B.

DNS

C.

Active Directory domain controller event logs

D.

OpenLDAP service ports

Buy Now
Questions 23

Exhibit

JN0-335 Question 23

Referring to the exhibit, what do you determine about the status of the cluster.

Options:

A.

Both nodes determine that they are in a primary state.

B.

Node 1 is down

C.

Node 2 is down.

D.

There are no issues with the cluster.

Buy Now
Questions 24

Which three statements about SRX Series device chassis clusters are true? (Choose three.)

Options:

A.

Chassis cluster control links must be configured using RFC 1918 IP addresses.

B.

Chassis cluster member devices synchronize configuration using the control link.

C.

A control link failure causes the secondary cluster node to be disabled.

D.

Recovery from a control link failure requires that the secondary member device be rebooted.

E.

Heartbeat messages verify that the chassis cluster control link is working.

Buy Now
Questions 25

What are two benefits of using a vSRX in a software-defined network? (Choose two.)

Options:

A.

scalability

B.

no required software license

C.

granular security

D.

infinite number of interfaces

Buy Now
Questions 26

You are implementing an SRX Series device at a branch office that has low bandwidth and also uses a cloud-based VoIP solution with an outbound policy that permits all traffic.

Which service would you implement at your edge device to prioritize VoIP traffic in this scenario?

Options:

A.

AppFW

B.

SIP ALG

C.

AppQoE

D.

AppQoS

Buy Now
Questions 27

You are asked to create an IPS-exempt rule base to eliminate false positives from happening.

Which two configuration parameters are available to exclude traffic from being examined? (Choose two.)

Options:

A.

source port

B.

source IP address

C.

destination IP address

D.

destination port

Buy Now
Questions 28

Your JIMS server is unable to view event logs.

Which two actions would you take to solve this issue? (Choose two.)

Options:

A.

Enable the correct host-inbound-traffic rules on the SRX Series devices.

B.

Enable remote event log management within Windows Firewall on the necessary Exchange servers.

C.

Enable remote event log management within Windows Firewall on the necessary domain controllers.

D.

Enable remote event log management within Windows Firewall on the JIMS server.

Buy Now
Questions 29

You are experiencing excessive packet loss on one of your two WAN links route traffic from the degraded link to the working link

Which AppSecure component would you use to accomplish this task?

Options:

A.

AppFW

B.

AppQoE

C.

AppQoS

D.

APBR

Buy Now
Exam Code: JN0-335
Exam Name: Security, Specialist (JNCIS-SEC)
Last Update: May 21, 2024
Questions: 98

PDF + Testing Engine

$66.4  $165.99

Testing Engine

$46  $114.99
buy now JN0-335 testing engine

PDF (Q&A)

$42  $104.99
buy now JN0-335 pdf