Juniper JN0-335 Exam Practice Test Instant Access

Question 1

Which two statements are correct when considering IPS rule base evaluation? (Choose two.)

AIPS evaluates rules concurrently.

BIPS applies the most severe action to traffic matching multiple rules,

CIPS evaluates rules sequentially

DIPS applies the least severe action to traffic matching multiple rules.

Answer : A, B

The Intrusion Prevention System (IPS) is a feature that provides protection against network-based threats. The IPS uses a rule base to evaluate network traffic and apply actions based on the rules that match the traffic.

When evaluating the rule base, the IPS evaluates the rules concurrently (option A). This means that the IPS can apply multiple rules to the same traffic simultaneously.

If multiple rules match the same traffic, the IPS applies the most severe action (option B). This means that if there are conflicting actions specified in different rules, the IPS will apply the action that has the highest severity. For example, if one rule specifies a 'drop' action and another rule specifies a 'log' action for the same traffic, the IPS will drop the traffic because dropping has a higher severity than logging.

Question 2

You are asked to determine how much traffic a popular gaming application is generating on your network.

Which action will you perform to accomplish this task?

AEnable AppQoS on the proper security zones

BEnable APBR on the proper security zones

CEnable screen options on the proper security zones

DEnable AppTrack on the proper security zones.

Answer : D

AppTrack is a feature of Juniper Networks firewall solutions that allows administrators to track applications, users, and the amount of traffic generated by those applications on the network. AppTrack can be enabled on specific security zones of the network to monitor traffic on those zones. This feature can be used to determine how much traffic a popular gaming application is generating on the network. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.

AppTrack is a feature of the Junos OS that provides visibility into the applications and users on your network. It tracks the usage of applications and provides detailed reports on the amount of traffic generated by each application. By enabling AppTrack on the proper security zones, you can determine how much traffic a popular gaming application is generating on your network.

Question 3

Which two statements are correct about the cSRX? (Choose two.)

AThe cSRX supports firewall, NAT, IPS, and UTM services.

BThe cSRX only supports Layer 2 'bump-in-the-wire' deployments.

CThe cSRX supports BGP, OSPF. and IS-IS routing services.

DThe cSRX has three default zones: trust, untrust, and management

Answer : A, D

The two statements that are correct about the cSRX are that it supports firewall, NAT, IPS, and UTM services, and that it has three default zones: trust, untrust, and management. The cSRX is a software-defined security solution that provides comprehensive network security capabilities and is designed for virtualized environments. It supports firewall, NAT, IPS, and UTM services to protect against threats, as well as BGP, OSPF, and IS-IS routing services for routing functionality. Additionally, the cSRX has three default zones: trust, untrust, and management. The trust zone is used to define traffic that is allowed to enter the network, the untrust zone is used to define traffic that should be blocked from entering the network, and the management zone is used to manage the device itself. The cSRX does not support Layer 2 'bump-in-the-wire' deployments.

Question 4

Which three statements about SRX Series device chassis clusters are true? (Choose three.)

AChassis cluster control links must be configured using RFC 1918 IP addresses.

BChassis cluster member devices synchronize configuration using the control link.

CA control link failure causes the secondary cluster node to be disabled.

DRecovery from a control link failure requires that the secondary member device be rebooted.

EHeartbeat messages verify that the chassis cluster control link is working.

Answer : B, C, E

B) Chassis cluster member devices synchronize configuration using the control link: This statement iscorrectbecause the control link is used for configuration synchronization among other functions.

C) A control link failure causes the secondary cluster node to be disabled: This statement iscorrectbecause a control link failure causes the secondary node to become ineligible for primary role and remain in secondary role until the control link is restored.

E) Heartbeat messages verify that the chassis cluster control link is working: This statement iscorrectbecause heartbeat messages are sent periodically over the control link to monitor its status.

Question 5

Which two statements about SRX chassis clustering are correct? (Choose two.)

ASRX chassis clustering supports active/passive and active/active for the data plane.

BSRX chassis clustering only supports active/passive for the data plane.

CSRX chassis clustering supports active/passive for the control plane.

DSRX chassis clustering supports active/active for the control plane.

Answer : A, D

SRX chassis clustering supports active/passive and active/active for the data plane. In an active/active configuration, both cluster members process and forward traffic, which increases throughput and provides redundancy. For the control plane, SRX chassis clustering supports active/active, meaning that both cluster members can process and forward control traffic, providing redundancy and improved scalability

Question 6

Exhibit

When trying to set up a server protection SSL proxy, you receive the error shown. What are two reasons for this error? (Choose two.)

AThe SSL proxy certificate ID is part of a blocklist.

BThe SSL proxy certificate ID does not have the correct renegotiation option set.

CThe SSL proxy certificate ID is for a forwarding proxy.

DThe SSL proxy certificate ID does not exist.

Answer : A, D

Two possible reasons for this error are that the SSL proxy certificate ID does not exist, or the SSL proxy certificate ID is part of a blocklist. If the SSL proxy certificate ID does not exist, you will need to generate a new certificate. If the SSL proxy certificate ID is part of a blocklist, you will need to contact the source of the blocklist to remove it. Additionally, you may need to check that the SSL proxy certificate ID has the correct renegotiation option set, as this is necessary for proper server protection. For more information, you can refer to the Juniper Security documentation athttps://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-ssl-proxy-configuration.html.

Question 7

Your network uses a single JSA host and you want to implement a cluster.

In this scenario, which two statements are correct? (Choose two.)

AThe software versions on both primary and secondary hosts

BThe secondary host can backup multiple JSA primary hosts.

CThe primary and secondary hosts must be configured with the same storage devices.

DThe cluster virtual IP will need an unused IP address assigned.

Answer : A, D

According to the Juniper Networks JNCIP-SEC Study Guide, when setting up a cluster with a single JSA host, both the primary and secondary hosts must have the same software version installed. Additionally, an unused IP address must be assigned to the cluster virtual IP. The primary and secondary hosts do not need to be configured with the same storage devices, and the secondary host cannot be used to backup multiple JSA primary hosts.

Juniper Security, Specialist JN0-335 Exam Practice Test