Juniper JN0-335 Exam Practice Test Instant Access

Question 1

Which two statements are correct about AppTrack? (Choose two.)

AAppTrack can be configured for any defined logical system on an SRX Series device.

BAppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used.

CAppTrack collects traffic flow information including byte, packet, and duration statistics.

DAppTrack can only be configured in the main logical system on an SRX Series device.

Answer : A, C

AppTrack is a feature that allows you to monitor and analyze the application traffic on your SRX Series device. It can be configured for any defined logical system, which is a virtual router or switch within a physical device. AppTrack collects statistics such as bytes, packets, and duration for each application flow and displays them in reports or logs. AppTrack does not identify or block malicious traffic, that is the function of AppSecure or IDP/IPS.Reference:=JNCIS-SEC Certification,Open Learning - Security, Specialist (JNCIS-SEC),Application Security Theory

Question 2

Exhibit

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

AIssue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.

BExecute the Junos commit full command to override the error and apply the configuration.

CCreate a custom application named http at the [edit applications] hierarchy.

DModify the security policy to use the built-in Junos-http applications.

Answer : C, D

The error message indicates that the Junos-http application is not defined, so you need to either create a custom application or modify the security policy to use the built-in Junos-http application. Doing either of these will allow you to successfully commit the configuration.

Question 3

What are two types of system logs that Junos generates? (Choose two.)

ASQL log files

Bdata plane logs

Csystem core dump files

Dcontrol plane logs

Answer : B, D

The two types of system logs that Junos generates are control plane logs and data plane logs. Control plane logs are generated by the Junos operating system and contain system-level events such as system startup and shutdown, configuration changes, and system alarms. Data plane logs are generated by the network protocol processes and contain messages about the status of the network and its components, such as routing, firewall, NAT, and IPS. SQL log files and system core dump files are not types of system logs generated by Junos.

Question 4

Which two statements are correct about the cSRX? (Choose two.)

AThe cSRX supports firewall, NAT, IPS, and UTM services.

BThe cSRX only supports Layer 2 'bump-in-the-wire' deployments.

CThe cSRX supports BGP, OSPF. and IS-IS routing services.

DThe cSRX has three default zones: trust, untrust, and management

Answer : A, D

The two statements that are correct about the cSRX are that it supports firewall, NAT, IPS, and UTM services, and that it has three default zones: trust, untrust, and management. The cSRX is a software-defined security solution that provides comprehensive network security capabilities and is designed for virtualized environments. It supports firewall, NAT, IPS, and UTM services to protect against threats, as well as BGP, OSPF, and IS-IS routing services for routing functionality. Additionally, the cSRX has three default zones: trust, untrust, and management. The trust zone is used to define traffic that is allowed to enter the network, the untrust zone is used to define traffic that should be blocked from entering the network, and the management zone is used to manage the device itself. The cSRX does not support Layer 2 'bump-in-the-wire' deployments.

Question 5

Which two statements about SRX Series device chassis clusters are true? (Choose two.)

ARedundancy group 0 is only active on the cluster backup node.

BEach chassis cluster member requires a unique cluster ID value.

CEach chassis cluster member device can host active redundancy groups

DChassis cluster member devices must be the same model.

Answer : B, C

B) Each chassis cluster member requires a unique cluster ID value: This statement is true. Each chassis cluster member must have a unique cluster ID assigned, which is used to identify each device in the cluster.

C) Each chassis cluster member device can host active redundancy groups: This statement is true. Both devices in a chassis cluster can host active redundancy groups, allowing for load balancing and failover capabilities.

The two statements about SRX Series device chassis clusters that are true are that each chassis cluster member requires a unique cluster ID value, and that each chassis cluster member device can host active redundancy groups. A unique cluster ID value is necessary so that all members of the cluster can be identified, and each chassis cluster member device can host active redundancy groups to ensure that the cluster is able to maintain high availability and redundancy. Additionally, it is not necessary for all chassis cluster member devices to be the same model, as long as all devices are running the same version of Junos software.

Question 6

Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.)

AvQFX

BMX

CvMX

DQFX

Answer : B, C

The MX and vMX devices can be used for DDoS protection with Policy Enforcer. Policy Enforcer is a Juniper Networks solution that provides real-time protection from DDoS attacks. It can be used to detect and block malicious traffic, and also provides granular control over user access and policy enforcement. The MX and vMX devices are well-suited for use with Policy Enforcer due to their high-performance hardware and advanced security features.

Question 7

You are asked to create an IPS-exempt rule base to eliminate false positives from happening.

Which two configuration parameters are available to exclude traffic from being examined? (Choose two.)

Asource port

Bsource IP address

Cdestination IP address

Ddestination port

Answer : B

To exclude traffic from being examined by IPS, you can use the source IP address and/or destination port as criteria for the exemption. This is achieved by configuring an IPS-exempt rule base that includes specific exemption rules based on these criteria.

Juniper JN0-335 Security, Specialist Exam Practice Test