Summer Special Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

JN0-335 Questions and Answers

Question # 6

Which two statements about SRX Series device chassis clusters are correct? (Choose two.)

A.

The chassis cluster data plane is connected with revenue ports.

B.

The chassis cluster can contain a maximum of three devices.

C.

The chassis cluster data plane is connected with SPC ports.

D.

The chassis cluster can contain a maximum of two devices.

Full Access
Question # 7

You need to deploy an SRX Series device in your virtual environment.

In this scenario, what are two benefits of using a CSRX? (Choose two.)

A.

The cSRX supports Layer 2 and Layer 3 deployments.

B.

The cSRX default configuration contains three default zones: trust, untrust, and management.

C.

The cSRX supports firewall, NAT, IPS, and UTM services.

D.

The cSRX has low memory requirements.

Full Access
Question # 8

Which two statements are correct about the fab interface in a chassis cluster? (Choose two.)

A.

Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization.

B.

In an active/active configuration, inter-chassis transit traffic is sent over the fab interface.

C.

The fab interface enables configuration synchronization.

D.

Heartbeat signals sent on the fab interface monitor the health of the control plane link.

Full Access
Question # 9

Which two statements are correct about JSA data collection? (Choose two.)

A.

The Event Collector collects information using BGP FlowSpec.

B.

The Flow Collector can use statistical sampling

C.

The Flow Collector parses logs.

D.

The Event Collector parses logs

Full Access
Question # 10

Exhibit

Referring to the SRX Series flow module diagram shown in the exhibit, where is application security processed?

A.

Forwarding Lookup

B.

Services ALGs

C.

Security Policy

D.

Screens

Full Access
Question # 11

You want to control when cluster failovers occur.

In this scenario, which two specific parameters would you configure on an SRX Series device? (Choose two.)

A.

hearcbeac-interval

B.

heartbeac-address

C.

hearcbeat-cos

D.

hearcbeac-chreshold

Full Access
Question # 12

While working on an SRX firewall, you execute the show security policies policy-name detail command.

Which function does this command accomplish?

A.

It displays details about the default security policy.

B.

It identifies the different custom policies enabled.

C.

It shows the system log files for the local SRX Series device.

D.

It shows policy counters for a configured policy.

Full Access
Question # 13

How does the SSL proxy detect if encryption is being used?

A.

It uses application identity services.

B.

It verifies the length of the packet

C.

It queries the client device.

D.

It looks at the destination port number.

Full Access
Question # 14

Exhibit

You are asked to ensure that servers running the Ubuntu OS will not be able to update automatically by blocking their access at the SRX firewall. You have configured a unified security policy named Blockuburrtu, but it is not blocking the updates to the OS.

Referring to the exhibit which statement will block the Ubuntu OS updates?

A.

Move the Blockubuntu policy after the Allowweb policy.

B.

Configure the Blockubuntu policy with the junos-https application parameter.

C.

Change the default policy to permit-all.

D.

Configure the Allowweb policy to have a dynamic application of any.

Full Access
Question # 15

Which two statements are true about the fab interface in a chassis cluster? (Choose two.)

A.

The fab link does not support fragmentation.

B.

The physical interface for the fab link must be specified in the configuration.

C.

The fab link supports traditional interface features.

D.

The Junos OS supports only one fab link.

Full Access
Question # 16

Your manager asks you to provide firewall and NAT services in a private cloud.

Which two solutions will fulfill the minimum requirements for this deployment? (Choose two.)

A.

a single vSRX

B.

a vSRX for firewall services and a separate vSRX for NAT services

C.

a cSRX for firewall services and a separate cSRX for NAT services

D.

a single cSRX

Full Access
Question # 17

You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.

Which Juniper Networks solution will accomplish this task?

A.

JIMS

B.

Encrypted Traffic Insights

C.

UTM

D.

Adaptive Threat Profiling

Full Access
Question # 18

Which statement regarding Juniper Identity Management Service (JIMS) domain PC probes is true?

A.

JIMS domain PC probes analyze domain controller security event logs at60-mmute intervals by default.

B.

JIMS domain PC probes are triggered if no username to IP address mapping is found in the domain security event log.

C.

JIMS domain PC probes are triggered to map usernames to group membership information.

D.

JIMS domain PC probes are initiated by an SRX Series device to verify authentication table information.

Full Access
Question # 19

Exhibit

When trying to set up a server protection SSL proxy, you receive the error shown. What are two reasons for this error? (Choose two.)

A.

The SSL proxy certificate ID is part of a blocklist.

B.

The SSL proxy certificate ID does not have the correct renegotiation option set.

C.

The SSL proxy certificate ID is for a forwarding proxy.

D.

The SSL proxy certificate ID does not exist.

Full Access
Question # 20

You are preparing a proposal for a new customer who has submitted the following requirements for a vSRX deployment:

-- globally distributed,

-- rapid provisioning,

-- scale based on demand,

-- and low CapEx.

Which solution satisfies these requirements?

A.

AWS

B.

Network Director

C.

Juniper ATP Cloud

D.

VMWare ESXi

Full Access
Question # 21

Which two statements about unified security policies are correct? (Choose two.)

A.

Unified security policies require an advanced feature license.

B.

Unified security policies are evaluated after global security policies.

C.

Traffic can initially match multiple unified security policies.

D.

APPID results are used to determine the final security policy

Full Access
Question # 22

What are two benefits of using a vSRX in a software-defined network? (Choose two.)

A.

scalability

B.

no required software license

C.

granular security

D.

infinite number of interfaces

Full Access
Question # 23

Click the Exhibit button.

Which two statements describe the output shown in the exhibit? (Choose two.)

A.

Redundancy group 1 experienced an operational failure.

B.

Redundancy group 1 was administratively failed over.

C.

Node 0 is controlling traffic for redundancy group 1.

D.

Node 1 is controlling traffic for redundancy group 1.

Full Access
Question # 24

You want to use IPS signatures to monitor traffic.

Which module in the AppSecure suite will help in this task?

A.

AppTrack

B.

AppQoS

C.

AppFW

D.

APPID

Full Access
Question # 25

Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)

A.

When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained

B.

When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.

C.

When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.

D.

When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.

Full Access
Question # 26

You want to manually failover the primary Routing Engine in an SRX Series high availability cluster pair.

Which step is necessary to accomplish this task?

A.

Issue the set chassis cluster disable reboot command on the primary node.

B.

Implement the control link recover/ solution before adjusting the priorities.

C.

Manually request the failover and identify the secondary node

D.

Adjust the priority in the configuration on the secondary node.

Full Access
Question # 27

Which two statements are correct about a policy scheduler? (Choose two.)

A.

A policy scheduler can only be applied when using the policy-rematch feature.

B.

A policy scheduler can be dynamically activated based on traffic flow volumes.

C.

A policy scheduler can be defined using a daily schedule.

D.

A policy scheduler determines the time frame that a security policy is actively evaluated.

Full Access
Question # 28

You are asked to create an IPS-exempt rule base to eliminate false positives from happening.

Which two configuration parameters are available to exclude traffic from being examined? (Choose two.)

A.

source port

B.

source IP address

C.

destination IP address

D.

destination port

Full Access
Question # 29

Exhibit

Using the information from the exhibit, which statement is correct?

A.

Redundancy group 1 is in an ineligible state.

B.

Node1 is the active node for the control plane

C.

There are no issues with the cluster.

D.

Redundancy group 0 is in an ineligible state.

Full Access