Juniper JN0-335 Exam Practice Test Instant Access

Question 1

Which two statements are correct about AppTrack? (Choose two.)

AAppTrack can be configured for any defined logical system on an SRX Series device.

BAppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used.

CAppTrack collects traffic flow information including byte, packet, and duration statistics.

DAppTrack can only be configured in the main logical system on an SRX Series device.

Answer : A, C

AppTrack is a feature that allows you to monitor and analyze the application traffic on your SRX Series device. It can be configured for any defined logical system, which is a virtual router or switch within a physical device. AppTrack collects statistics such as bytes, packets, and duration for each application flow and displays them in reports or logs. AppTrack does not identify or block malicious traffic, that is the function of AppSecure or IDP/IPS.Reference:=JNCIS-SEC Certification,Open Learning - Security, Specialist (JNCIS-SEC),Application Security Theory

Question 2

Exhibit

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

AIssue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.

BExecute the Junos commit full command to override the error and apply the configuration.

CCreate a custom application named http at the [edit applications] hierarchy.

DModify the security policy to use the built-in Junos-http applications.

Answer : C, D

The error message indicates that the Junos-http application is not defined, so you need to either create a custom application or modify the security policy to use the built-in Junos-http application. Doing either of these will allow you to successfully commit the configuration.

Question 3

What are two types of system logs that Junos generates? (Choose two.)

ASQL log files

Bdata plane logs

Csystem core dump files

Dcontrol plane logs

Answer : B, D

The two types of system logs that Junos generates are control plane logs and data plane logs. Control plane logs are generated by the Junos operating system and contain system-level events such as system startup and shutdown, configuration changes, and system alarms. Data plane logs are generated by the network protocol processes and contain messages about the status of the network and its components, such as routing, firewall, NAT, and IPS. SQL log files and system core dump files are not types of system logs generated by Junos.

Question 4

Which two statements are correct about the cSRX? (Choose two.)

AThe cSRX supports firewall, NAT, IPS, and UTM services.

BThe cSRX only supports Layer 2 'bump-in-the-wire' deployments.

CThe cSRX supports BGP, OSPF. and IS-IS routing services.

DThe cSRX has three default zones: trust, untrust, and management

Answer : A, D

The two statements that are correct about the cSRX are that it supports firewall, NAT, IPS, and UTM services, and that it has three default zones: trust, untrust, and management. The cSRX is a software-defined security solution that provides comprehensive network security capabilities and is designed for virtualized environments. It supports firewall, NAT, IPS, and UTM services to protect against threats, as well as BGP, OSPF, and IS-IS routing services for routing functionality. Additionally, the cSRX has three default zones: trust, untrust, and management. The trust zone is used to define traffic that is allowed to enter the network, the untrust zone is used to define traffic that should be blocked from entering the network, and the management zone is used to manage the device itself. The cSRX does not support Layer 2 'bump-in-the-wire' deployments.

Question 5

Which two statements about SRX Series device chassis clusters are true? (Choose two.)

ARedundancy group 0 is only active on the cluster backup node.

BEach chassis cluster member requires a unique cluster ID value.

CEach chassis cluster member device can host active redundancy groups

DChassis cluster member devices must be the same model.

Answer : B, C

B) Each chassis cluster member requires a unique cluster ID value: This statement is true. Each chassis cluster member must have a unique cluster ID assigned, which is used to identify each device in the cluster.

C) Each chassis cluster member device can host active redundancy groups: This statement is true. Both devices in a chassis cluster can host active redundancy groups, allowing for load balancing and failover capabilities.

The two statements about SRX Series device chassis clusters that are true are that each chassis cluster member requires a unique cluster ID value, and that each chassis cluster member device can host active redundancy groups. A unique cluster ID value is necessary so that all members of the cluster can be identified, and each chassis cluster member device can host active redundancy groups to ensure that the cluster is able to maintain high availability and redundancy. Additionally, it is not necessary for all chassis cluster member devices to be the same model, as long as all devices are running the same version of Junos software.

Question 6

Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.

Which configuration should you use in this scenario?

AUse the CLI to create a custom profile and increase the scan limit.

BUse the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.

CUse the CLI to change the default profile to increase the scan limit for all files to 30 MB.

DUse the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.

Answer : D

In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.

Question 7

Exhibit

Which two statements are correct about the configuration shown in the exhibit? (Choose two.)

AThe session-class parameter in only used when troubleshooting.

BThe others 300 parameter means unidentified traffic flows will be dropped in 300 milliseconds.

CEvery session that enters the SRX Series device will generate an event

DReplacing the session-init parameter with session-lose will log unidentified flows.

Answer : B, C

The configuration shown in the exhibit is for a Juniper SRX Series firewall. The session-init parameter is used to control how the firewall processes unknown traffic flows. With the session-init parameter set to 300, any traffic flows that the firewall does not recognize will be dropped after 300 milliseconds. Additionally, every session that enters the device, whether it is known or unknown, will generate an event, which can be used for logging and troubleshooting purposes. The session-lose parameter is used to control how the firewall handles established sessions that are terminated.

Juniper JN0-335 Security, Specialist Exam Practice Test