Juniper JN0-335 Exam Practice Test Instant Access

Question 1

Which two functions does Juniper ATP Cloud perform to reduce delays in the inspection of files? (Choose two.)

AJuniper ATP Cloud allows the creation of allowlists.

BJuniper ATP Cloud uses a single antivirus software package to analyze files.

CJuniper ATP Cloud allows end users to bypass the inspection of files.

DJuniper ATP Cloud performs a cache lookup on files.

Answer : A, D

Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Two functions that Juniper ATP Cloud performs to reduce delays in the inspection of files are:

Juniper ATP Cloud allows the creation of allowlists: Allowlists are lists of trusted files or file hashes that are excluded from scanning by Juniper ATP Cloud. You can create allowlists based on file name, file type, file size, file hash, or sender domain. By using allowlists, you can reduce the number of files that need to be uploaded to Juniper ATP Cloud for analysis and improve the performance and efficiency of your network.

Juniper ATP Cloud performs a cache lookup on files: Cache lookup is a process that checks if a file has been previously scanned by Juniper ATP Cloud and if there is a cached verdict for it. If there is a cached verdict, Juniper ATP Cloud returns it immediately without scanning the file again. If there is no cached verdict, Juniper ATP Cloud uploads the file for analysis. By using cache lookup, you can reduce the time and bandwidth required for scanning files by Juniper ATP Cloud.

Question 2

Click the Exhibit button.

Which two statements describe the output shown in the exhibit? (Choose two.)

ARedundancy group 1 experienced an operational failure.

BRedundancy group 1 was administratively failed over.

CNode 0 is controlling traffic for redundancy group 1.

DNode 1 is controlling traffic for redundancy group 1.

Answer : B, D

The output shown in the exhibit displays the status of a chassis cluster redundancy group (RG) on an SRX Series device. A chassis cluster RG is a collection of objects, such as interfaces or services, that fail over together from one node to another in case of a failure or manual intervention. A chassis cluster RG can be primary on one node and backup on another node at any given time. Two statements that describe the output shown in the exhibit are:

Redundancy group 1 was administratively failed over: The output shows that redundancy group 1 has ''Manual failover'' set to ''Yes''. This indicates that redundancy group 1 was manually switched from one node to another using the request chassis cluster failover redundancy-group command.

Node 1 is controlling traffic for redundancy group 1: The output shows that node 1 has ''Status'' set to ''Primary'' for redundancy group 1. This means that node 1 is active and controlling traffic for redundancy group 1.

Question 3

Click the Exhibit button.

You are validating the configuration template for device access. The commands in the exhibit have been entered to secure IP access to an SRX Series device.

Referring to the exhibit, which two statements are true? (Choose two.)

AThe device manager can access the device from 192.168.11.248.

BThe loopback interface blocks invalid traffic on its entry into the device.

CThe loopback interface blocks invalid traffic on its exit from the device.

DThe device manager can access the device from 10.253.1.2.

Answer : B, D

The commands in the exhibit show how to configure a firewall filter on the loopback interface (lo0) of an SRX Series device. The loopback interface is a gateway for all the control traffic that enters the Routing Engine of the device. The firewall filter can be used to monitor and protect this control traffic from various attacks. Two statements that are true based on the exhibit are:

The loopback interface blocks invalid traffic on its entry into the device: The firewall filter applied on lo0 has a term that matches any packet with an invalid source address (such as 0.0.0.0/8 or 127.0.0.0/8) and discards it. This prevents spoofing or DoS attacks using invalid source addresses.

The device manager can access the device from 10.253.1.2: The firewall filter applied on lo0 has a term that matches any packet with a source address of 10.253.1.2 and accepts it. This allows the device manager to access the device from this IP address using protocols such as SSH, Telnet, HTTP, or HTTPS.

Question 4

On an SRX Series firewall, what are two ways that Encrypted Traffic Insights assess the threat of the traffic? (Choose two.)

AIt decrypts the file in a sandbox.

BIt validates the certificates used.

CIt decrypts the data to validate the hash.

DIt reviews the timing and frequency of the connections.

Answer : B, D

Encrypted Traffic Insights is a feature that enables the SRX Series firewall and the ATP Cloud to detect malicious threats that are hidden in encrypted traffic without decrypting the traffic. It does so by analyzing the metadata and connection patterns of the encrypted sessions. Two ways that Encrypted Traffic Insights assess the threat of the traffic are:

It validates the certificates used: The SRX Series firewall extracts the server certificate from the encrypted session and compares its signature with a blocklist of known malicious certificates provided by ATP Cloud. If there is a match, the session is blocked and reported as a threat.

It reviews the timing and frequency of the connections: The SRX Series firewall sends the connection details, such as source and destination IP addresses, ports, protocols, and timestamps, to ATP Cloud. ATP Cloud applies behavior analysis and machine learning algorithms to detect anomalous or suspicious patterns of connections, such as high frequency, low duration, or unusual timing.

Question 5

When a security policy is modified, which statement is correct about the default behavior for active sessions allowed by that policy?

AThe active sessions allowed by the policy will be dropped.

BOnly policy changes that involve modification of the action field will cause the active sessions affected by the change to be dropped.

COnly policy changes that involve modification of the application will cause the active sessions affected by the change to be dropped.

DThe active sessions allowed by the policy will continue unchanged.

Answer : D

When you modify a security policy on the SRX Series device, the default behavior is that the existing sessions that match the policy will continue unchanged. This means that the policy modification will only affect new sessions that are initiated after the change. However, you can change this behavior by using the clear-policy-session command, which will clear all the sessions that match the modified policy and force them to re-evaluate the new policy.Reference:=JNCIS-SEC Certification,Open Learning - Security, Specialist (JNCIS-SEC),Security Policies (Advanced)

Question 6

Click the Exhibit button.

You have implemented SSL client protection proxy. Employees are receiving the error shown in the exhibit.

How do you solve this problem?

ALoad a known good, but expired. CA certificate onto the SRX Series device.

BInstall a new SRX Series device to act as the client proxy

CReboot the SRX Series device.

DImport the existing certificate to each client device.

Answer : D

SSL client protection proxy is a feature that allows you to decrypt and inspect the SSL traffic from clients to servers. To do this, you need to install a certificate authority (CA) certificate on the SRX Series device and import the same certificate to each client device. This way, the SRX Series device can act as a proxy between the client and the server and perform security checks on the decrypted traffic. If the client device does not have the certificate installed, it will receive an error message like the one shown in the exhibit.Reference:=JNCIS-SEC Certification,Open Learning - Security, Specialist (JNCIS-SEC),SSL Proxy Configuration

Question 7

Which two statements are correct about AppTrack? (Choose two.)

AAppTrack can be configured for any defined logical system on an SRX Series device.

BAppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used.

CAppTrack collects traffic flow information including byte, packet, and duration statistics.

DAppTrack can only be configured in the main logical system on an SRX Series device.

Answer : A, C

AppTrack is a feature that allows you to monitor and analyze the application traffic on your SRX Series device. It can be configured for any defined logical system, which is a virtual router or switch within a physical device. AppTrack collects statistics such as bytes, packets, and duration for each application flow and displays them in reports or logs. AppTrack does not identify or block malicious traffic, that is the function of AppSecure or IDP/IPS.Reference:=JNCIS-SEC Certification,Open Learning - Security, Specialist (JNCIS-SEC),Application Security Theory

Juniper JN0-335 Security, Specialist Exam Practice Test