無料Juniper JN0-335テスト練習問題試験問題集 [Q14-Q38]

Share

無料Juniper JN0-335テスト練習問題試験問題集

試験準備には欠かさない!トップクラスのJuniper JN0-335試験最新版アプリ学習ガイドで練習

質問 # 14
You are configuring a client-protection SSL proxy profile.
Which statement is correct in this scenario?

  • A. A server certificate is not used but a root certificate authority is used.
  • B. A server certificate and root certificate authority are not used.
  • C. A server certificate and a root certificate authority are both used.
  • D. A server certificate is used but a root certificate authority is not used.

正解:C


質問 # 15
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)

  • A. AppQoE
  • B. AppQoS
  • C. Secure Application Manager
  • D. APBR
  • E. AppFormix

正解:A、B、D


質問 # 16
Which statement is true about JATP incidents?

  • A. Incidents are sorted by category, followed by severity.
  • B. Incidents consist of all the events associated with a single threat.
  • C. Incidents are always automatically mitigated.
  • D. Incidents have an associated threat number assigned to them.

正解:B


質問 # 17
You want to show interface-specific zone information and statistics. Which operational command would be used to accomplish this?

  • A. show interfaces ge-0/0/3.0 extensive
  • B. show interfaces ge-0/0/3.0
  • C. show security zones detail
  • D. show interfaces terse

正解:A


質問 # 18
Which two session parameters would be used to manage space on the session table? (Choose two.)

  • A. TCP RST
  • B. low watermark
  • C. TCP MSS
  • D. high watermark

正解:B、D

解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-flow-based- session-for-srx-series-devices.html


質問 # 19
You are asked to create an IPS-exempt rule base to eliminate false positives from happening.
Which two configuration parameters are available to exclude traffic from being examined? (Choose two.)

  • A. source port
  • B. source IP address
  • C. destination IP address
  • D. destination port

正解:B

解説:
To exclude traffic from being examined by IPS, you can use the source IP address and/or destination port as criteria for the exemption. This is achieved by configuring an IPS-exempt rule base that includes specific exemption rules based on these criteria.


質問 # 20
When considering managed sessions, which configuration parameter determines how full the session table must be to implement the early age-out function? (Choose two)

  • A. session service timeout
  • B. low watermark
  • C. policy rematch
  • D. high waremark

正解:A、D


質問 # 21
Your manager asks you to provide firewall and NAT services in a private cloud. Which two solutions will fulfill the minimum requirements for this deployment? (Choose two.)

  • A. a vSRX for firewall services and a separate vSRX for NAT services
  • B. a single cSRX
  • C. a cSRX for firewall services and a separate cSRX for NAT services
  • D. a single vSRX

正解:A、C

解説:
A single vSRX or cSRX cannot provide both firewall and NAT services simultaneously. To meet the minimum requirements for this deployment, you need to deploy a vSRX for firewall services and a separate vSRX for NAT services (option B), or a cSRX for firewall services and a separate cSRX for NAT services (option C).


質問 # 22
Which three statements are correct about fabric interfaces on the SRX5800? (Choose three.)

  • A. Fabric interfaces must be system-assigned interfaces.
  • B. Fabric interfaces must be same interface type.
  • C. Fabric interfaces must be user-assigned interfaces.
  • D. Fabric interfaces must have a user-assigned IP address.
  • E. Fabric interfaces must be on the same Layer 2 segment.

正解:A、B、E

解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-chassis-cluster- data-plane-interfaces.html


質問 # 23
Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.
Which configuration should you use in this scenario?

  • A. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.
  • B. Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
  • C. Use the CLI to create a custom profile and increase the scan limit.
  • D. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.

正解:A

解説:
In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.


質問 # 24
You have deployed an SRX300 Series device and determined that files have stopped being scanned.
In this scenario, what is a reason for this problem?

  • A. The infected host communicated with a command-and-control server, but it did not download malware.
  • B. The file is too small to have a virus.
  • C. You have exceeded the maximum files submission for your SRX platform size.
  • D. The software license is a free model and only scans executable type files.

正解:C

解説:
You have exceeded the maximum files submission for your SRX platform size: This statement is correct because file scanning on SRX300 Series device has a limit on the number of files that can be submitted per minute based on the platform size. For example, SRX320 has a limit of 10 files per minute.


質問 # 25
What are two types of system logs that Junos generates? (Choose two.)

  • A. control plane logs
  • B. system core dump files
  • C. SQL log files
  • D. data plane logs

正解:A、D

解説:
The two types of system logs that Junos generates are control plane logs and data plane logs.
Control plane logs are generated by the Junos operating system and contain system-level events such as system startup and shutdown, configuration changes, and system alarms. Data plane logs are generated by the network protocol processes and contain messages about the status of the network and its components, such as routing, firewall, NAT, and IPS. SQL log files and system core dump files are not types of system logs generated by Junos.


質問 # 26
You have implemented a vSRX in your VMware environment. You want to implement a second vSRX Series device and enable chassis clustering.
Which two statements are correct in this scenario about the control-link settings? (Choose two.)

  • A. In the vSwitch properties settings, set the VLAN ID to None.
  • B. In the vSwitch security settings, reject forged transmits.
  • C. In the vSwitch security settings, reject MAC address changes.
  • D. In the vSwitch security settings, accept promiscuous mode.

正解:B、C


質問 # 27
Which two statements are correct when considering IPS rule base evaluation? (Choose two.)

  • A. IPS applies the least severe action to traffic matching multiple rules.
  • B. IPS evaluates rules concurrently.
  • C. IPS evaluates rules sequentially
  • D. IPS applies the most severe action to traffic matching multiple rules,

正解:B、D

解説:
The Intrusion Prevention System (IPS) is a feature that provides protection against network- based threats. The IPS uses a rule base to evaluate network traffic and apply actions based on the rules that match the traffic.
When evaluating the rule base, the IPS evaluates the rules concurrently (option A). This means that the IPS can apply multiple rules to the same traffic simultaneously. If multiple rules match the same traffic, the IPS applies the most severe action (option B). This means that if there are conflicting actions specified in different rules, the IPS will apply the action that has the highest severity. For example, if one rule specifies a "drop" action and another rule specifies a "log" action for the same traffic, the IPS will drop the traffic because dropping has a higher severity than logging.


質問 # 28
Click the Exhibit button.

You examine the log file shown in the exhibit after running the set security idp active-policy command.
Which two statements are true in this scenario? (Choose two.)

  • A. The IDP policy loaded successfully.
  • B. The entire configuration was committed.
  • C. The IDP hit cache is set to 16384.
  • D. The IDP policy compiled successfully.

正解:A、D


質問 # 29
You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.
Which Juniper Networks solution will accomplish this task?

  • A. Encrypted Traffic Insights
  • B. JIMS
  • C. UTM
  • D. Adaptive Threat Profiling

正解:D

解説:
Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper's advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time. ATP is integrated with Juniper's Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.


質問 # 30
You are deploying the Junos application firewall feature in your network.
In this scenario, which two elements are mapped to applications in the application system cache? (Choose two.)

  • A. destination port
  • B. source port
  • C. source IP address
  • D. destination IP address

正解:A、D


質問 # 31
Exhibit

Referring to the exhibit, what do you determine about the status of the cluster.

  • A. Node 1 is down
  • B. Both nodes determine that they are in a primary state.
  • C. There are no issues with the cluster.
  • D. Node 2 is down.

正解:D


質問 # 32
You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.
Which Juniper Networks solution will accomplish this task?

  • A. Encrypted Traffic Insights
  • B. JIMS
  • C. UTM
  • D. Adaptive Threat Profiling

正解:D

解説:
Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper's advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time.
ATP is integrated with Juniper's Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.


質問 # 33
Which two statements describe how rules are used with Juniper Secure Analytics? (Choose two.)

  • A. Rules are defined on Junos Space Security Director, and then pushed to JSA log collectors.
  • B. A rule defines matching criteria and actions that should be taken when an events matches the rule.
  • C. When a rule is triggered, JSA can respond by blocking all traffic from a specific source address.
  • D. When a rule is triggered, JSA can respond by sending an e-mail to JSA administrators.

正解:B、D


質問 # 34
Click the Exhibit button.

The output shown in the exhibit is displayed in which format?

  • A. sd-syslog
  • B. syslog
  • C. WELF
  • D. binary

正解:B


質問 # 35
You are asked to create an IPS-exempt rule base to eliminate false positives from happening.
Which two configuration parameters are available to exclude traffic from being examined?
(Choose two.)

  • A. source port
  • B. source IP address
  • C. destination IP address
  • D. destination port

正解:B

解説:
To exclude traffic from being examined by IPS, you can use the source IP address and/or destination port as criteria for the exemption. This is achieved by configuring an IPS-exempt rule base that includes specific exemption rules based on these criteria.


質問 # 36
Click the Exhibit button.

You have configured your SRX Series device to receive authentication information from a JIMS server. However, the SRX is not receiving any authentication information.
Referring to the exhibit, how would you solve the problem?

  • A. Generate an access token on the SRX device that matches the access token on the JIMS server.
  • B. Change the SRX configuration to connect to the JIMS server using HTTP.
  • C. Update the IP address of the JIMS server
  • D. Use the JIMS Administrator user interface to add the SRX device as client.

正解:D


質問 # 37
Which statement about the control link in a chassis cluster is correct?

  • A. Recovering from a control link failure requires a reboot.
  • B. The control messages sent over the link are encrypted by default.
  • C. A cluster can have redundant control links.
  • D. The control link heartbeats contain the configuration file of the nodes.

正解:C

解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-chassis-cluster- dual-control-links.html


質問 # 38
......

今すぐJN0-335問題を使おうJN0-335問題集PDF:https://www.passtest.jp/Juniper/JN0-335-shiken.html

問題集練習試験問題学習ガイドはJN0-335試験にはこれ:https://drive.google.com/open?id=14mI5WPHSSXP8MZUENosAkDOwCysyAW4J