Exam4Training

Juniper JN0-335 Security, Specialist (JNCIS-SEC) Online Training

Question #1

A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.

Which feed will the clients IP address be automatically added to in this situation?

  • A . the command-and-control cloud feed
  • B . the allowlist and blocklist feed
  • C . the custom cloud feed
  • D . the infected host cloud feed

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers3. Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level3. Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud4. You can also configure your SRX Series device to block traffic from these IP addresses using security policies4.

Question #2

Exhibit

When trying to set up a server protection SSL proxy, you receive the error shown.

What are two reasons for this error? (Choose two.)

  • A . The SSL proxy certificate ID is part of a blocklist.
  • B . The SSL proxy certificate ID does not have the correct renegotiation option set.
  • C . The SSL proxy certificate ID is for a forwarding proxy.
  • D . The SSL proxy certificate ID does not exist.

Reveal Solution Hide Solution

Correct Answer: A D
A D

Explanation:

Two possible reasons for this error are that the SSL proxy certificate ID does not exist, or the SSL proxy certificate ID is part of a blocklist. If the SSL proxy certificate ID does not exist, you will need to generate a new certificate. If the SSL proxy certificate ID is part of a blocklist, you will need to contact the source of the blocklist to remove it. Additionally, you may need to check that the SSL proxy certificate ID has the correct renegotiation option set, as this is necessary for proper server protection. For more information, you can refer to the Juniper Security documentation at https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-ssl-pro

Question #3

You are asked to reduce the load that the JIMS server places on your

Which action should you take in this situation?

  • A . Connect JIMS to the RADIUS server
  • B . Connect JIMS to the domain Exchange server
  • C . Connect JIMS to the domain SQL server.
  • D . Connect JIMS to another SRX Series device.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

JIMS server is a Juniper Identity Management Service that collects user identity information from different authentication sources for SRX Series devices12. It can connect to SRX Series devices and CSO platform in your network1.

Question #4

Exhibit

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

  • A . Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.
  • B . Execute the Junos commit full command to override the error and apply the configuration.
  • C . Create a custom application named http at the [edit applications] hierarchy.
  • D . Modify the security policy to use the built-in Junos-http applications.

Reveal Solution Hide Solution

Correct Answer: C D
C D

Explanation:

The error message indicates that the Junos-http application is not defined, so you need to either create a custom application or modify the security policy to use the built-in Junos-http application. Doing either of these will allow you to successfully commit the configuration.

Question #5

What are two types of system logs that Junos generates? (Choose two.)

  • A . SQL log files
  • B . data plane logs
  • C . system core dump files
  • D . control plane logs

Reveal Solution Hide Solution

Correct Answer: B D
B D

Explanation:

The two types of system logs that Junos generates are control plane logs and data plane logs. Control plane logs are generated by the Junos operating system and contain system-level events such as system startup and shutdown, configuration changes, and system alarms. Data plane logs are generated by the network protocol processes and contain messages about the status of the network and its components, such as routing, firewall, NAT, and IPS. SQL log files and system core dump files are not types of system logs generated by Junos.

Question #6

You are asked to ensure that if the session table on your SRX Series device gets close to exhausting its resources, that you enforce a more aggress.ve age-out of existing flows.

In this scenario, which two statements are correct? (Choose two.)

  • A . The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the low-watermark value is met.
  • B . The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met.
  • C . The high-watermark configuration specifies the percentage of how much of the session table is left before disabling a more aggressive age- out timer.
  • D . The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer

Reveal Solution Hide Solution

Correct Answer: B D
B D

Explanation:

The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer. This ensures that the session table does not become full and cause traffic issues, and also ensures that existing flows are aged out quickly when the table begins to get close to being full.

Question #7

Exhibit

Referring to the exhibit which statement is true?

  • A . SSL proxy functions will ignore the session.
  • B . SSL proxy leverages post-match results.
  • C . SSL proxy must wait for return traffic for the final match to occur.
  • D . SSL proxy leverages pre-match result

Reveal Solution Hide Solution

Correct Answer: D
Question #8

When a security policy is deleted, which statement is correct about the default behavior of active sessions allowed by that policy?

  • A . The active sessions allowed by the policy will be dropped.
  • B . The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded.
  • C . The active sessions allowed by the policy will be reevaluated by the cached
  • D . The active sessions allowed by the policy will continue

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

When a security policy is deleted, the active sessions allowed by the policy will be dropped. The default behavior is that all active sessions allowed by the policy will be terminated and the traffic will no longer be forwarded. There is no way to mark the active sessions as a legacy flow or to reevaluate them by the cached rules.

Question #9

You want to use IPS signatures to monitor traffic.

Which module in the AppSecure suite will help in this task?

  • A . AppTrack
  • B . AppQoS
  • C . AppFW
  • D . APPID

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The AppFW module in the AppSecure suite provides IPS signatures that can be used to monitor traffic and detect malicious activities. AppFW also provides other security controls such as Web application firewall, URL filtering, and application-level visibility.

Question #10

Exhibit

Using the information from the exhibit, which statement is correct?

  • A . Redundancy group 1 is in an ineligible state.
  • B . Node1 is the active node for the control plane
  • C . There are no issues with the cluster.
  • D . Redundancy group 0 is in an ineligible state.

Reveal Solution Hide Solution

Correct Answer: A

Question #11

After JSA receives external events and flows, which two steps occur? (Choose two.)

  • A . After formatting the data, the data is stored in an asset database.
  • B . Before formatting the data, the data is analyzed for relevant information.
  • C . Before the information is filtered, the information is formatted
  • D . After the information is filtered, JSA responds with active measures

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

Before formatting the data, the data is analyzed for relevant information. This is done to filter out any irrelevant data and to extract any useful information from the data. After the information is filtered, it is then formatted so that it can be stored in an asset database. After the data has been formatted, JSA will then respond with active measures.

Question #12

Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.

Which configuration should you use in this scenario?

  • A . Use the CLI to create a custom profile and increase the scan limit.
  • B . Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
  • C . Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.
  • D . Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.

Question #13

What are two benefits of using a vSRX in a software-defined network? (Choose two.)

  • A . scalability
  • B . no required software license
  • C . granular security
  • D . infinite number of interfaces

Reveal Solution Hide Solution

Correct Answer: A C
A C

Explanation:

– Scalability: vSRX instances can be easily added or removed as the needs of the network change, making it a flexible option for scaling in a software-defined network.

– Granular Security: vSRX allows for granular security policies to be enforced at the virtual interface level, making it an effective solution for securing traffic in a software-defined network.

The two benefits of using a vSRX in a software-defined network are scalability and granular security. Scalability allows you to increase the number of resources available to meet the demands of network traffic, while granular security provides a level of control and flexibility to your network security that is not possible with a traditional firewall. With a vSRX, you can create multiple levels of security policies, rules, and access control lists to ensure that only authorized traffic can enter and exit your network. Additionally, you would not require a software license to use the vSRX, making it an economical solution for those looking for increased security and flexibility.

Question #14

You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device.

In this scenario, what is the correct order for rebooting the devices?

  • A . Reboot the secondary device, then the primary device.
  • B . Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
  • C . Reboot the primary device, then the secondary device.
  • D . Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

when enabling chassis clustering on two devices, the correct order for rebooting them is to reboot the primary device first, followed by the secondary device. It is not possible for either device to assign itself the correct cluster and node ID, so both devices must be rebooted to ensure the proper configuration is applied.

Question #15

Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

  • A . Nancy logged in to the juniper.net Active Directory domain.
  • B . The IP address of Nancy’s client PC is 172.25.11.
  • C . The IP address of the authenticating domain controller is 172.25.11.140.
  • D .   Nancy is a member of the Active Directory sales group.

Reveal Solution Hide Solution

Correct Answer: C
Question #16

Which three statements about SRX Series device chassis clusters are true? (Choose three.)

  • A . Chassis cluster control links must be configured using RFC 1918 IP addresses.
  • B . Chassis cluster member devices synchronize configuration using the control link.
  • C . A control link failure causes the secondary cluster node to be disabled.
  • D . Recovery from a control link failure requires that the secondary member device be rebooted.
  • E . Heartbeat messages verify that the chassis cluster control link is working.

Reveal Solution Hide Solution

Correct Answer: B C E
B C E

Explanation:

B. Chassis cluster member devices synchronize configuration using the control link: This statement is correct because the control link is used for configuration synchronization among other functions.

C. A control link failure causes the secondary cluster node to be disabled: This statement is correct because a control link failure causes the secondary node to become ineligible for primary role and remain in secondary role until the control link is restored.

E. Heartbeat messages verify that the chassis cluster control link is working: This statement is correct because heartbeat messages are sent periodically over the control link to monitor its status.

Question #17

Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.)

  • A . vQFX
  • B . MX
  • C . vMX
  • D . QFX

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

The MX and vMX devices can be used for DDoS protection with Policy Enforcer. Policy Enforcer is a Juniper Networks solution that provides real-time protection from DDoS attacks. It can be used to detect and block malicious traffic, and also provides granular control over user access and policy enforcement. The MX and vMX devices are well-suited for use with Policy Enforcer due to their high-performance hardware and advanced security features.

Question #18

You have implemented a vSRX in your VMware environment. You want to implement a second vSRX Series device and enable chassis clustering.

Which two statements are correct in this scenario about the control-link settings? (Choose two.)

  • A . In the vSwitch security settings, accept promiscuous mode.
  • B . In the vSwitch properties settings, set the VLAN ID to None.
  • C . In the vSwitch security settings, reject forged transmits.
  • D . In the vSwitch security settings, reject MAC address changes.

Reveal Solution Hide Solution

Correct Answer: C D
Question #19

Which two statements are true about the fab interface in a chassis cluster? (Choose two.)

  • A . The fab link does not support fragmentation.
  • B . The physical interface for the fab link must be specified in the configuration.
  • C . The fab link supports traditional interface features.
  • D . The Junos OS supports only one fab link.

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

The physical interface for the fab link must be specified in the configuration. Additionally, the fab link supports traditional interface features such as MAC learning, security policy enforcement, and dynamic routing protocols. The fab link does not support fragmentation and the Junos OS supports up to two fab links.

Question #20

You want to manually failover the primary Routing Engine in an SRX Series high availability cluster pair.

Which step is necessary to accomplish this task?

  • A . Issue the set chassis cluster disable reboot command on the primary node.
  • B . Implement the control link recover/ solution before adjusting the priorities.
  • C . Manually request the failover and identify the secondary node
  • D . Adjust the priority in the configuration on the secondary node.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

In order to manually failover the primary Routing Engine in an SRX Series high availability cluster pair, you must issue the command "set chassis cluster disable reboot" on the primary node. This command will disable the cluster and then reboot the primary node, causing the secondary node to take over as the primary node. This is discussed in greater detail in the Juniper Security, Specialist (JNCIS-SEC) Study Guide (page 68).

Question #21

How does the SSL proxy detect if encryption is being used?

  • A . It uses application identity services.
  • B . It verifies the length of the packet
  • C . It queries the client device.
  • D . It looks at the destination port number.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The SSL proxy can detect if encryption is being used by looking at the destination port number of the packet. If the port number is 443, then the proxy can assume that the packet is being sent over an encrypted connection. If the port number is different, then the proxy can assume that the packet is not encrypted. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.

Question #22

Which two types of SSL proxy are available on SRX Series devices? (Choose two.)

  • A . Web proxy
  • B . client-protection
  • C . server-protection
  • D . DNS proxy

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

Based on SSL proxy is a feature that allows SRX Series devices to decrypt and inspect SSL/TLS traffic for security purposes.

According to SRX Series devices support two types of SSL proxy:

Client-protection SSL proxy also known as forward proxy ― The SRX Series device resides between the internal client and outside server. It decrypts and inspects traffic from internal users to the web.

Server-protection SSL proxy also known as reverse proxy ― The SRX Series device resides between outside clients and internal servers. It decrypts and inspects traffic from web users to internal servers.

Question #23

What are three capabilities of AppQoS? (Choose three.)

  • A . re-write DSCP values
  • B . assign a forwarding class
  • C . re-write the TTL
  • D . rate-limit traffic
  • E . reserve bandwidth

Reveal Solution Hide Solution

Correct Answer: A B E
A B E

Explanation:

AppQoS (Application Quality of Service) is a Junos OS feature that provides advanced control and prioritization of application traffic. With AppQoS, you can classify application traffic, assign a forwarding class to the traffic, and apply quality of service (QoS) policies to the traffic. You can also re-write DSCP values and reserve bandwidthfor important applications. However, AppQoS does not re-write the TTL or rate-limit traffic.

Source: Juniper Networks, Security, Specialist (JNCIS-SEC) Study Guide. Chapter 3: AppSecure. Page 66-67.

Question #24

You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.

Which Juniper Networks solution will accomplish this task?

  • A . JIMS
  • B . Encrypted Traffic Insights
  • C . UTM
  • D . Adaptive Threat Profiling

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper’s advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time. ATP is integrated with Juniper’s Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.

Question #25

Which statement about security policy schedulers is correct?

  • A . Multiple policies can use the same scheduler.
  • B . A policy can have multiple schedulers.
  • C . When the scheduler is disabled, the policy will still be available.
  • D . A policy without a defined scheduler will not become active

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Schedulers can be defined and reused by multiple policies, allowing for more efficient management of policy activation and deactivation. This can be particularly useful for policies that need to be activated during specific time periods, such as business hours or maintenance windows.

Question #26

Exhibit

Referring to the SRX Series flow module diagram shown in the exhibit, where is application security processed?

  • A . Forwarding Lookup
  • B . Services ALGs
  • C . Security Policy
  • D . Screens

Reveal Solution Hide Solution

Correct Answer: B
Question #27

What information does encrypted traffic insights (ETI) use to notify SRX Series devices about known malware sites?

  • A . certificates
  • B . dynamic address groups
  • C . MAC addresses
  • D . domain names

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Encrypted traffic insights (ETI) uses domain names to notify SRX Series devices about known malware sites. ETI is a feature of the SRX Series firewall that can detect and block malware that is hidden in encrypted traffic. It works by analyzing the domain names of the websites that the encrypted traffic is attempting to access. If the domain name matches a known malware site, ETIwill send an alert to the SRX Series device, which can then take appropriate action to block the traffic. ETI is a useful tool for protecting against threats that attempt to evade detection by hiding in encrypted traffic.

Question #28

Your manager asks you to provide firewall and NAT services in a private cloud.

Which two solutions will fulfill the minimum requirements for this deployment? (Choose two.)

  • A . a single vSRX
  • B . a vSRX for firewall services and a separate vSRX for NAT services
  • C . a cSRX for firewall services and a separate cSRX for NAT services
  • D . a single cSRX

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

A single vSRX or cSRX cannot provide both firewall and NAT services simultaneously. To meet the minimum requirements for this deployment, you need to deploy a vSRX for firewall services and a separate vSRX for NAT services (option B), or a cSRX for firewall services and a separate cSRX for NAT services (option C). This is according to the Juniper Networks Certified Security Specialist (JNCIS-SEC) Study Guide.

Question #29

You want to deploy a virtualized SRX in your environment.

In this scenario, why would you use a vSRX instead of a cSRX? (Choose two.)

  • A . The vSRX supports Layer 2 and Layer 3 configurations.
  • B . Only the vSRX provides clustering.
  • C . The vSRX has faster boot times.
  • D . Only the vSRX provides NAT, IPS, and UTM services

Reveal Solution Hide Solution

Correct Answer: A C
A C

Explanation:

The vSRX supports both Layer 2 and Layer 3 configurations, while the cSRX is limited to Layer 3 configurations. Additionally, the vSRX has faster boot times, which is advantageous in certain scenarios. The vSRX and cSRX both provide NAT, IPS, and UTM services.

Question #30

Regarding static attack object groups, which two statements are true? (Choose two.)

  • A . Matching attack objects are automatically added to a custom group.
  • B . Group membership automatically changes when Juniper updates the IPS signature database.
  • C . Group membership does not automatically change when Juniper updates the IPS signature database.
  • D . You must manually add matching attack objects to a custom group.

Reveal Solution Hide Solution

Correct Answer: B D

Question #31

Which statement regarding Juniper Identity Management Service (JIMS) domain PC probes is true?

  • A . JIMS domain PC probes analyze domain controller security event logs at60-mmute intervals by default.
  • B . JIMS domain PC probes are triggered if no username to IP address mapping is found in the domain security event log.
  • C . JIMS domain PC probes are triggered to map usernames to group membership information.
  • D . JIMS domain PC probes are initiated by an SRX Series device to verify authentication table information.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Juniper Identity Management Service (JIMS) domain PC probes are used to map usernames to IP addresses in the domain security event log. This allows for the SRX Series device to verify authentication table information, such as group membership. The probes are triggered whenever a username to IP address mapping is not found in the domain security event log. By default, the probes are executed at 60-minute intervals.

Question #32

Exhibit

Which two statements are correct about the configuration shown in the exhibit? (Choose two.)

  • A . The session-class parameter in only used when troubleshooting.
  • B . The others 300 parameter means unidentified traffic flows will be dropped in 300 milliseconds.
  • C . Every session that enters the SRX Series device will generate an event
  • D . Replacing the session-init parameter with session-lose will log unidentified flows.

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

The configuration shown in the exhibit is for a Juniper SRX Series firewall. The session-init parameter is used to control how the firewall processes unknown traffic flows. With the session-init parameter set to 300, any traffic flows that the firewall does not recognize will be dropped after 300 milliseconds. Additionally, every session that enters the device, whether it is known or unknown, will generate an event, which can be used for logging and troubleshooting purposes. The session-lose parameter is used to control how the firewall handles established sessions that are terminated.

Question #33

Which two statements are true about the vSRX? (Choose two.)

  • A . It does not have VMXNET3 vNIC support.
  • B . It has VMXNET3 vNIC support.
  • C . UNIX is the base OS.
  • D . Linux is the base OS.

Reveal Solution Hide Solution

Correct Answer: B D
Question #34

Which two statements about SRX Series device chassis clusters are true? (Choose two.)

  • A . Redundancy group 0 is only active on the cluster backup node.
  • B . Each chassis cluster member requires a unique cluster ID value.
  • C . Each chassis cluster member device can host active redundancy groups
  • D . Chassis cluster member devices must be the same model.

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

B. Each chassis cluster member requires a unique cluster ID value: This statement is true. Each chassis cluster member must have a unique cluster ID assigned, which is used to identify each device in the cluster.

C. Each chassis cluster member device can host active redundancy groups: This statement is true. Both devices in a chassis cluster can host active redundancy groups, allowing for load balancing and failover capabilities.

The two statements about SRX Series device chassis clusters that are true are that each chassis cluster member requires a unique cluster ID value, and that each chassis cluster member device can host active redundancy groups. A unique cluster ID value is necessary so that all members of the cluster can be identified, and each chassis cluster member device can host active redundancy groups to ensure that the cluster is able to maintain high availability and redundancy. Additionally, it is not necessary for all chassis cluster member devices to be the same model, as long as all devices are running the same version of Junos software.

Question #35

Which two statements are correct about SSL proxy server protection? (Choose two.)

  • A . You do not need to configure the servers to use the SSL proxy the function on the SRX Series device.
  • B . You must load the server certificates on the SRX Series device.
  • C . The servers must be configured to use the SSL proxy function on the SRX Series device.
  • D . You must import the root CA on the servers.

Reveal Solution Hide Solution

Correct Answer: B C
B C

Explanation:

You must load the server certificates on the SRX Series device and configure the servers to use the SSL proxy function on the SRX Series device. This is done to ensure that the SSL proxy is able to decrypt the traffic between the client and server. Additionally, you must import the root CA on the servers in order for the SSL proxy to properly validate the server certificate.

Exit mobile version