Juniper JNCIS-SEC JN0-334 Practice Test Questions – Security, Specialist (JNCIS-SEC)

You must be JNCIA-Junos certified and looking for a future in the Security domain. This JNCIS-SEC exam (JN0-334) will test your basic understanding of security technology and will assess your ability to secure Junos software for SRX Series devices. This is designed for beginner to intermediate level network engineers. Juniper Network will analyze your expertise in managing large networks. You have to pass the 90 minutes written exam and need to answer 65 multiple-choice questions to achieve JNCIS-SEC certification.

PassQuestion offers accurate examples of Juniper JNCIS-SEC JN0-334 Practice Test Questions so that you can successfully prepare for your JN0-334 exam. If you are looking to find away of maximising your chances of passing your JN0-334 exam.PassQuestion provides Juniper JNCIS-SEC JN0-334 Practice Test Questions for JN0-334 exam can 100% help you pass JN0-334 test.

Juniper JNCIS-SEC JN0-334 Practice Test Questions – Security, Specialist (JNCIS-SEC)

1. What are two examples of RTOs? (Choose two.)

IPsec SA entries

session table entries

fabric link probes

control link heartbeats

2. Click the Exhibit button.

Referring to the exhibit, you want to deploy Sky ATP with Policy Enforcer to block infected hosts at the access layer.

To complete this task, where should you configure the default gateway for the User-1 device?

the irb interface on QFX-2

the irb interface on QFX-1

the interface of QFX-1 that connects to User-1

the interface on SRX-1 that connects to QFX-2

3. Click the Exhibit button.

You need to have the JATP solution analyzer .jar, .xls, and .doc files.

Referring to the exhibit, which two file types must be selected to accomplish this task? (Choose two.)

Java

library

document

executable

4. Which three features are parts of Juniper Networks’ AppSecure suite? (Choose three.)

AppQoE

APBR

Secure Application Manager

AppQoS

AppFormix

5. Which two statements are correct about server-protection SSP proxy? (Choose two.)

The server-protection SSL proxy intercepts the server certificate.

The server-protection SSL proxy is also known as SSL reverse proxy.

The server-protection SSL proxy forwards the server certificate after modification.

The server-protection SSL proxy acts as the server from the client’s perspective.

6. Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

Cluster nodes require an upgrade to HA compliant Routing Engines.

Cluster nodes must be connected through a Layer 2 switch.

There can be active/passive or active/active clusters.

HA clusters must use NAT to prevent overlapping subnets between the nodes.

7. What are two types of attack objects used by IPS on SRX Series devices? (Choose two.)

protocol anomaly-based attacks

spam-based attacks

signature-based attacks

DDoS-based attacks

8. When considering managed sessions, which configuration parameter determines how full the session table must be to implement the early age-out function?

session service timeout

high waremark

low watermark

policy rematch

9. You are asked to improve resiliency for individual redundancy groups in an SRX4600 chassis cluster.

Which two features would accomplish this task? (Choose two.)

IP address monitoring

control link recovery

interface monitoring

dual fabric links

10. What are two elements of a custom IDP/IPS attack object? (Choose two.)

the attack signature

the severity of the attack

the destination zone

the exempt rulebase

11. Which statement describes the AppTrack module in AppSecure?

The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.

The AppTrack module provides control by the routing of traffic, based on the application.

The AppTrack module identifies the applications that are present in network traffic.

The AppTrack module provides visibility and volumetric reporting of application usage on the network.

12. Click the Exhibit button.

Referring to the exhibit, which two values in the JIMS SRX client configuration must match the values configured on the SRX client? (Choose two.)

IPv6 Reporting

Client ID

Client Secret

Token Lifetime

13. Click the Exhibit button.

Referring to the exhibit, which statement is true?

IDP blocks root users.

IDP closes the connection on matched sessions.

IDP ignores the connection on matched sessions.

IDP blocks all users.

14. What are two valid JIMS event log sources? (Choose two.)

Microsoft Windows Server 2012 audit logs

Microsoft Active Directory server event logs

Microsoft Exchange Server event logs

Microsoft Active Directory audit logs

15. Which three statements are true about the difference between cSRX-based virtual security deployments and vSRX-based virtual security deployments? (Choose three.)

vSRX provides Layer 2 to Layer 7 secure services and cSRX provides Layer 4 to Layer 7 secure services.

cSRX requires less storage and memory space for a given deployment than vSRX-based solutions.

cSRX-based solutions are more scalable than vSRX-based solutions.

vSRX and cSRX both provide Layer 2 to Layer 7 secure services.

vSRX provides faster deployment time and faster reboots compared to cSR

16. Click the Exhibit button.

You have implemented SSL proxy client protection. After implementing this feature, your users are complaining about the warning message shown in the exhibit.

Which action must you perform to eliminate the warning message?

Configure the SRX Series device as a trusted site in the client Web browsers.

Regenerate the SRX self-signed CA certificate and include the correct organization name.

Import the SRX self-signed CA certificate into the client Web browsers.

Import the SRX self-signed CA certificate into the SRX certificate public store.

17. Which two statements are correct about server-protection SSP proxy? (Choose two.)

The server-protection SSL proxy intercepts the server certificate.

The server-protection SSL proxy is also known as SSL reverse proxy.

The server-protection SSL proxy forwards the server certificate after modification.

The server-protection SSL proxy acts as the server from the client’s perspective.

18. Which two statements describe application-layer gateways (ALGs)? (Choose two.)

ALGs are designed for specific protocols that require multiple sessions.

ALGs are used with protocols that use multiple ports.

ALGs can only be configured using Security Director.

ALGs are designed for specific protocols that use a single TCP session.

19. When referencing a SSL proxy profile in a security policy, which two statements are correct? (Choose two.)

A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.

If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.

A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.

If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.

20. You want to support reth LAG interfaces on a chassis cluster.

What must be enabled on the interconnecting switch to accomplish this task?

RSTP

802.3ad

LLDP

swfab

21. Click the Exhibit button.

Referring to the exhibit, which two devices are considered to be part of the secure fabric site with Policy Enforcer? (Choose two.)

Server-2

SRX-1

Server-1

QFX-1

22. What is the maximum number of supported interfaces on a vSRX hosted in a VMware environment?

23. Click the Exhibit button.

You examine the log file shown in the exhibit after running the set security idp active-policy

command.

Which two statements are true in this scenario? (Choose two.)

The IDP policy compiled successfully.

The IDP policy loaded successfully.

The IDP hit cache is set to 16384.

The entire configuration was committed.

24. What is the default timeout period for a TCP session in the session table of a Junos security device?

1 minute

60 minutes

15 minutes

30 minutes

25. Click the Exhibit button.

The output shown in the exhibit is displayed in which format?

syslog

sd-syslog

binary

WELF

26. Which two functions are performed by Juniper Identity Management Service (JIMS)? (Choose two.)

JIMS synchronizes Active Directory authentication information between a primary and secondary JIMS server.

JIMS forwards Active Directory authentication information to SRX Series client devices.

JIMS collects and maintains a database of authentication information from Active Directory domains.

JIMS replicates Active Directory authentication information to non-trusted Active Directory domain controllers.

27. You are deploying the Junos application firewall feature in your network.

In this scenario, which two elements are mapped to applications in the application system cache? (Choose two.)

destination port

source port

destination IP address

source IP address

28. You must fine tune an IPS security policy to eliminate false positives. You want to create exemptions to the normal traffic examination for specific traffic.

Which two parameters are required to accomplish this task? (Choose two.)

source IP address

destination IP address

destination port

source port

29. Click the Exhibit button.

Which two statements are true about the configuration shown in the exhibit? (Choose two.)

The session is removed from the session table after 10 seconds of inactivity.

The session is removed from the session table after 10 milliseconds of inactivity.

Aggressive aging is triggered if the session table reaches 95% capacity.

Aggressive aging is triggered if the session table reaches 80% capacity.

30. Click the Exhibit button.

You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?

A)

Option A

Option B

Option C

Option D

31. Which two statements describe SSL proxy on SRX Series devices? (Choose two.)

SSL proxy supports TLS version 1.2.

Client-protection is also known as reverse proxy.

SSL proxy is supported when enabled within logical systems.

SSL proxy relies on Active Directory to provide secure communication.

32. How many nodes are configurable in a chassis cluster using SRX Series devices?

33. Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

Cluster nodes require an upgrade to HA compliant Routing Engines.

Cluster nodes must be connected through a Layer 2 switch.

There can be active/passive or active/active clusters.

HA clusters must use NAT to prevent overlapping subnets between the nodes.

34. Which default protocol and port are used for JIMS to SRX client communication?

WMI over TCP; port 389

ADSI over TCP; port 389

HTTPS over TCP: port 443

RPC over TCP, port 135

35. You must ensure that all encrypted traffic passing through your SRX device uses strong protocols and ciphers.

Which feature should you implement to satisfy this requirement?

SSL proxy

AppSecure

JIMS

JATP

36. You are configuring a client-protection SSL proxy profile.

Which statement is correct in this scenario?

A server certificate is not used but a root certificate authority is used.

A server certificate and root certificate authority are not used.

A server certificate is used but a root certificate authority is not used.

A server certificate and a root certificate authority are both used.

37. Which two statements describe JSA? (Choose two.)

Security Director must be used to view third-party events rom JSA flow collectors.

JSA supports events and flows from Junos devices, including third-party devices.

JSA events must be manually imported into Security Directory using an SSH connection.

JSA can be used as a log node with Security Director or as a standalone solution.

38. Which statement about the control link in a chassis cluster is correct?

A cluster can have redundant control links.

Recovering from a control link failure requires a reboot.

The control link heartbeats contain the configuration file of the nodes.

The control messages sent over the link are encrypted by default.

39. Which solution should you use if you want to detect known attacks using signature-based methods?

SSL proxy

JIMS

IPS

ALGs

40. Which two solutions provide a sandboxing feature for finding zero-day malware threats? (Choose two.)

Sky ATP

UTM

JATP

IPS

Juniper JNCIS-SEC JN0-334 Practice Test Questions – Security, Specialist (JNCIS-SEC)

Juniper JNCIS-SEC JN0-334 Practice Test Questions – Security, Specialist (JNCIS-SEC)

Leave a Reply Cancel reply