オンライン問題で最適なJN0-335試験練習問題(最新の100問題)
練習問題JN0-335素晴らしい練習用のSecurity, Specialist (JNCIS-SEC)テスト問題
JN0-335認証試験の準備をするために、候補者は、TCP/IPプロトコル、ルーティング、切り替えなどのネットワーキングの概念を強く理解することをお勧めします。また、Juniper Networks Security SolutionsとJunos OSの経験も必要です。候補者は、ジュニパーネットワークのトレーニングコースに参加し、ジュニパーネットワークのドキュメントを読み、ジュニパーネットワークの機器を練習することにより、試験の準備をすることができます。
JN0-335試験は専門家レベルの試験で、ネットワークの基礎やセキュリティの概念について確固たる理解を持つ人々を対象に設計されています。試験に合格した候補者は、ネットワークセキュリティの卓越性の象徴として世界的に認められているジュニパーネットワークス認定スペシャリストセキュリティ(JNCIS-SEC)認定を取得します。
質問 # 37
You are troubleshooting advanced policy-based routing (APBR).
Which two actions should you perform in this scenario? (Choose two.)
- A. Review the APBR statistics for matching rules and route modifications.
- B. Inspect the application system cache for the application entry.
- C. Verity inet.0 for correct route leaking.
- D. Verify that the APBR profiles are applied to the egress zone.
正解:A、B
質問 # 38
A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?
- A. the custom cloud feed
- B. the infected host cloud feed
- C. the command-and-control cloud feed
- D. the allowlist and blocklist feed
正解:B
解説:
Explanation
The infected host cloud feed is a list of IP addresses that have been identified as compromised or infected by malware. The feed is updated by Juniper ATP Cloud based on the detection of malicious activity from the hosts, such as contacting known command-and-control servers. When a host on the network reaches the configured threat level threshold, its IP address is automatically added to the infected host cloud feed and blocked from communicating with any other hosts on the Internet. The other feeds are not relevant for this situation. The command-and-control cloud feed is a list of IP addresses that are known to be used by malware for remote control and communication. The allowlist and blocklist feed is a user-defined list of IP addresses that are either allowed or denied by the SRX Series device. The custom cloud feed is a user-defined list of IP addresses that are associated with a specific category or threat level. References:
Infected Hosts: More Information
Juniper's Attacker IP feed bolsters threat protection with SecIntel
ATP Appliance and SRX Series Threat Level Comparison Chart
質問 # 39
Exhibit
Referring to the exhibit, what do you determine about the status of the cluster.
- A. Both nodes determine that they are in a primary state.
- B. Node 2 is down.
- C. Node 1 is down
- D. There are no issues with the cluster.
正解:A
解説:
Explanation
Referring to the exhibit, we can see that the output of the show chassis cluster status command on both nodes shows that they have the same cluster ID, node ID, priority, and status. The status for both nodes is primary, which means that they are both active and ready to process traffic for all redundancy groups1.
This situation can occur when the control link between the two nodes is down or not configured properly, and the heartbeat messages cannot be exchanged. Without the heartbeat messages, each node assumes that the other node is down and takes over the primary role for all redundancy groups12.
This is not a desirable state for the cluster, as it can cause traffic disruption, configuration inconsistency, and split-brain scenarios. To resolve this issue, the control link should be checked and fixed, and the cluster should be synchronized12.
References:
1: Troubleshooting an SRX Chassis Cluster with One Node in the Primary State and the Other Node in the Disabled State
2: SRX Series Chassis Cluster Configuration Overview
質問 # 40
A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?
- A. the custom cloud feed
- B. the infected host cloud feed
- C. the command-and-control cloud feed
- D. the allowlist and blocklist feed
正解:B
解説:
Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers3. Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level3. Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud4. You can also configure your SRX Series device to block traffic from these IP addresses using security policies4.
質問 # 41
Which two statements about SRX Series device chassis clusters are correct? (Choose two.)
- A. The chassis cluster can contain a maximum of two devices.
- B. The chassis cluster data plane is connected with SPC ports.
- C. The chassis cluster can contain a maximum of three devices.
- D. The chassis cluster data plane is connected with revenue ports.
正解:A、D
解説:
Two statements that are correct about SRX Series device chassis clusters are:
The chassis cluster data plane is connected with revenue ports: A chassis cluster is a high-availability feature that groups two identical SRX Series devices into a cluster that acts as a single device. The cluster has two types of links: control links and fabric links. The control links are used for exchanging heartbeat messages and configuration synchronization between the nodes. The fabric links are used for forwarding data traffic between the nodes. The fabric links are connected with revenue ports, which are regular Ethernet interfaces that can also be used for normal traffic when not in cluster mode.
The chassis cluster can contain a maximum of two devices: A chassis cluster can only consist of two nodes: node 0 and node 1. The nodes must be the same model, have the same hardware configuration, run the same software version, and have the same license keys. The nodes share a common configuration and act as backup for each other in case of failure.
質問 # 42
You want to be alerted if the wrong password is used more than three times on a single device within five minutes.
Which Juniper Networks solution will accomplish this task?
- A. Juniper Identity Management Service
- B. Intrusion Prevention System
- C. Adaptive Threat Profiling
- D. Juniper Secure Analytics
正解:D
解説:
The Juniper Networks solution that will accomplish the task of alerting if the wrong password is used more than three times on a single device within five minutes is Juniper Secure Analytics (JSA). JSA is a security intelligence platform that collects, analyzes, and correlates network data from various sources, such as firewalls, routers, switches, servers, and applications. JSA can detect and respond to threats, anomalies, and vulnerabilities in real time using rules, offenses, reports, and dashboards. JSA can also integrate with JIMS (Juniper Identity Management Service) to obtain user identity information from Active Directory domains or syslog sources. JSA can use this information to create custom rules that trigger offenses or alerts based on user behavior or activity, such as failed login attempts or password changes.
質問 # 43
You are asked to implement IPS on your SRX Series device. In this scenario, which two tasks must be completed before a configuration will work? (Choose two.)
- A. Download the IPS signature database.
- B. Enroll the SRX Series device with Juniper ATP Cloud.
- C. Install the IPS signature database.
- D. Reboot the SRX Series device.
正解:A、C
解説:
The two tasks that must be completed before a configuration for IPS on an SRX Series device will work are downloading the IPS signature database and installing the IPS signature database. The Security, Specialist (JNCIS-SEC) Study guide provides further information on how to download and install the IPS signature database. Enrolling the SRX Series device with Juniper ATP Cloud is not necessary to make a configuration work, and rebooting the SRX Series device is not required either.
質問 # 44
You want to control when cluster failovers occur.
In this scenario, which two specific parameters would you configure on an SRX Series device? (Choose two.)
- A. hearcbeac-interval
- B. hearcbeac-chreshold
- C. hearcbeat-cos
- D. heartbeac-address
正解:A、B
解説:
Explanation
Cluster failovers occur when one node in a chassis cluster becomes inactive or unreachable, and the other node takes over the processing of traffic and services. To control when cluster failovers occur, you can configure two specific parameters on an SRX Series device: heartbeat-interval and heartbeat-threshold12.
Heartbeat-interval is the time interval, in milliseconds, between heartbeat messages sent by each node to the other node. The default value is 1000 ms. You can configure the heartbeat-interval value from 100 through 3000 ms1.
Heartbeat-threshold is the number of consecutive heartbeat messages that can be missed before a node is considered to be down. The default value is 3. You can configure the heartbeat-threshold value from 2 through 2551.
The combination of heartbeat-interval and heartbeat-threshold determines the failover time, which is the maximum time it takes for a node to detect the failure of the other node and initiate a failover. The failover time is calculated as follows: failover time = heartbeat-interval x heartbeat-threshold1.
For example, if the heartbeat-interval is 1000 ms and the heartbeat-threshold is 3, the failover time is
3000 ms. This means that if a node does not receive three consecutive heartbeat messages from the other node within 3000 ms, it will assume that the other node is down and initiate a failover1.
You can configure the heartbeat-interval and heartbeat-threshold parameters using the set chassis cluster redundancy-group group-id node node-id priority priority heartbeat-interval interval heartbeat-threshold threshold command1.
References:
1: Configuring Chassis Cluster Redundancy Group Properties | Junos OS | Juniper Networks
2: Example: Configuring an Active/Passive Cluster Deployment | Junos OS | Juniper Networks
質問 # 45
In an Active/Active chassis cluster deployment, which chassis cluster component is responsible for RG0 traffic?
- A. the master routing engine of the secondary node
- B. the backup routing engine of the primary node
- C. the primary node
- D. the secondary node
正解:C
質問 # 46
You have deployed an SRX300 Series device and determined that files have stopped being scanned.
In this scenario, what is a reason for this problem?
- A. The software license is a free model and only scans executable type files.
- B. The infected host communicated with a command-and-control server, but it did not download malware.
- C. The file is too small to have a virus.
- D. You have exceeded the maximum files submission for your SRX platform size.
正解:D
解説:
You have exceeded the maximum files submission for your SRX platform size: This statement is correct because file scanning on SRX300 Series device has a limit on the number of files that can be submitted per minute based on the platform size. For example, SRX320 has a limit of 10 files per minute.
質問 # 47
Your network uses a single JSA host and you want to implement a cluster. In this scenario, which two statements are correct? (Choose two.)
- A. The cluster virtual IP will need an unused IP address assigned.
- B. The secondary host can backup multiple JSA primary hosts.
- C. The software versions on both primary and secondary hosts
- D. The primary and secondary hosts must be configured with the same storage devices.
正解:A、C
解説:
According to the Juniper Networks JNCIP-SEC Study Guide, when setting up a cluster with a single JSA host, both the primary and secondary hosts must have the same software version installed. Additionally, an unused IP address must be assigned to the cluster virtual IP. The primary and secondary hosts do not need to be configured with the same storage devices, and the secondary host cannot be used to backup multiple JSA primary hosts.
質問 # 48
Referring to the exhibit, what do you determine about the status of the cluster?
- A. Node 2 is down.
- B. Both nodes determine that they are in a primary state.
- C. Node 1 is down
- D. There are no issues with the cluster.
正解:A
質問 # 49
You want to support reth LAG interfaces on a chassis cluster. What must be enabled on the interconnecting switch to accomplish this task?
- A. swfab
- B. 802.3ad
- C. LLDP
- D. RSTP
正解:B
解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-chassis-cluster- redundant-ethernet-lag-interfaces.html
質問 # 50
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)
- A. APBR
- B. AppQoE
- C. AppFormix
- D. Secure Application Manager
- E. AppQoS
正解:A、B、E
質問 # 51
Which default protocol and port are used for JIMS to SRX client communication?
- A. HTTPS over TCP: port 443
- B. ADSI over TCP; port 389
- C. WMI over TCP; port 389
- D. RPC over TCP, port 135
正解:A
質問 # 52
You are preparing a proposal for a new customer who has submitted the following requirements for a vSRX deployment:
-- globally distributed,
-- rapid provisioning,
-- scale based on demand,
-- and low CapEx.
Which solution satisfies these requirements?
- A. AWS
- B. Network Director
- C. VMWare ESXi
- D. Juniper ATP Cloud
正解:A
解説:
The solution that satisfies the requirements for a vSRX deployment is AWS. AWS (Amazon Web Services) is a cloud computing platform that provides on-demand services such as infrastructure, platform, software, and database as a service. AWS is globally distributed, meaning that it has data centers in multiple regions around the world. AWS also allows rapid provisioning, meaning that you can launch vSRX instances in minutes using preconfigured Amazon Machine Images (AMIs) or custom templates. AWS also enables scaling based on demand, meaning that you can adjust the number and size of vSRX instances according to your network traffic and performance needs. AWS also has low CapEx (capital expenditure), meaning that you only pay for what you use and do not need to invest in hardware or maintenance costs.
質問 # 53
You have deployed JSA and you need to view events and network activity that match rule criteria. You must view this data using a single interface.
Which JSA feature should you use in this scenario?
- A. Offense Manager
- B. Network Activity
- C. Assets
- D. Log Collector
正解:B
質問 # 54
Which statement describes the AppTrack module in AppSecure?
- A. The AppTrack module provides control by the routing of traffic, based on the application.
- B. The AppTrack module provides visibility and volumetric reporting of application usage on the network.
- C. The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
- D. The AppTrack module identifies the applications that are present in network traffic.
正解:B
質問 # 55
Which two statements are correct about chassis clustering? (Choose two.)
- A. The node ID value ranges from 1 to 255.
- B. The cluster ID is used to identify each device in the chassis cluster.
- C. The node ID is used to identify each device in the chassis cluster.
- D. A system reboot is required to activate changes to the cluster.
正解:B、C
解説:
Explanation
Chassis clustering is a high availability feature that allows two SRX Series devices to operate as a single logical device. The two devices are connected by a control link and a fabric link, which are used to synchronize the configuration, state, and traffic between the nodes. The cluster nodes are identified in the following ways:
A cluster is identified by a cluster ID (cluster-id) specified as a number 1 through 151.
A cluster node is identified by a node ID (node) specified as a number from 0 to 11.
Therefore, the node ID is used to identify each device in the chassis cluster (option B), and the cluster ID is used to identify each device in the chassis cluster (option D). The node ID value does not range from 1 to 255 (option A), and a system reboot is notrequired to activate changes to the cluster (option C)2. References: Chassis Cluster Overview, Configuring Chassis Clustering on SRX Series Devices
質問 # 56
You are asked to implement IPS on your SRX Series device.
In this scenario, which two tasks must be completed before a configuration will work? (Choose two.)
- A. Download the IPS signature database.
- B. Enroll the SRX Series device with Juniper ATP Cloud.
- C. Install the IPS signature database.
- D. Reboot the SRX Series device.
正解:A、C
解説:
Explanation
To implement IPS on your SRX Series device, you need to download and install the IPS signature database.
The IPS signature database contains the attack signatures and predefined attack groups that are used to detect and prevent intrusions. You can download the IPS signature database from the Juniper Networks website or from a local server. You can install the IPS signature database manually or automatically. You do not need to enroll the SRX Series device with Juniper ATP Cloud or reboot the SRX Series device to implement IPS34 References:
Configuring the IPS Policy on SRX Series Devices Using NSM
Installing SRX 1400 with IPS activation ??? | SRX - Juniper Networks
Download an IPS Signature | J-Web for SRX Series 21.2 - Juniper Networks IPS Configuration (CLI) | Junos OS | Juniper Networks
質問 # 57
Which two types of SSL proxy are available on SRX Series devices? (Choose two.)
- A. server-protection
- B. DNS proxy
- C. Web proxy
- D. client-protection
正解:A、D
解説:
Based on SSL proxy is a feature that allows SRX Series devices to decrypt and inspect SSL/TLS traffic for security purposes. According to SRX Series devices support two types of SSL proxy:
Client-protection SSL proxy also known as forward proxy - The SRX Series device resides between the internal client and outside server. It decrypts and inspects traffic from internal users to the web.
Server-protection SSL proxy also known as reverse proxy - The SRX Series device resides between outside clients and internal servers. It decrypts and inspects traffic from web users to internal servers.
質問 # 58
On an SRX Series firewall, what are two ways that Encrypted Traffic Insights assess the threat of the traffic? (Choose two.)
- A. It decrypts the file in a sandbox.
- B. It reviews the timing and frequency of the connections.
- C. It decrypts the data to validate the hash.
- D. It validates the certificates used.
正解:B、D
解説:
Encrypted Traffic Insights is a feature that enables the SRX Series firewall and the ATP Cloud to detect malicious threats that are hidden in encrypted traffic without decrypting the traffic. It does so by analyzing the metadata and connection patterns of the encrypted sessions. Two ways that Encrypted Traffic Insights assess the threat of the traffic are:
It validates the certificates used: The SRX Series firewall extracts the server certificate from the encrypted session and compares its signature with a blocklist of known malicious certificates provided by ATP Cloud. If there is a match, the session is blocked and reported as a threat.
It reviews the timing and frequency of the connections: The SRX Series firewall sends the connection details, such as source and destination IP addresses, ports, protocols, and timestamps, to ATP Cloud. ATP Cloud applies behavior analysis and machine learning algorithms to detect anomalous or suspicious patterns of connections, such as high frequency, low duration, or unusual timing.
質問 # 59
Which two statements describe application-layer gateways (ALGs)? (Choose two.)
- A. ALGs are designed for specific protocols that use a single TCP session.
- B. ALGs are designed for specific protocols that require multiple sessions.
- C. ALGs can only be configured using Security Director.
- D. ALGs are used with protocols that use multiple ports.
正解:B、D
質問 # 60
......
Juniper JN0-335認定試験は、グローバルに認識されているベンダー中立認証です。成功した候補者には、Juniper Networks Security Solutionsを構成およびトラブルシューティングするために必要なスキルが装備されています。これは、どの組織でも適用できます。この認定は、キャリアの見通しを強化し、ネットワークセキュリティの分野での専門知識を証明したいネットワークセキュリティの専門家に最適です。
リアルなJN0-335試験別格な練習試験問題:https://www.passtest.jp/Juniper/JN0-335-shiken.html
100%合格率でリアルなJN0-335試験成功ゲット:https://drive.google.com/open?id=1-HhfbtQeyitxIQRBKW3K7abXPErx4KxO