[2024年08月最新リリース]JN0-335試験問題はあなたをパスさせる [Q12-Q32]

Share

[2024年08月最新リリース]JN0-335試験問題はあなたをパスさせる

Juniper JN0-335試験基本問題とアンサー


Juniper JN0-335試験は、ネットワークセキュリティに特化した個人が求める貴重な認定です。この試験は、セキュリティ技術とネットワークの基礎に経験を持ち、Juniper Networksデバイスのセキュリティに関する知識やスキルを証明したいプロフェッショナルを対象としています。

 

質問 # 12
Click the Exhibit button.

You have configured the scheduler shown in the exhibit to prevent users from accessing certain websites from 1:00 PM to 3:00 PM Monday through Friday. This policy will remain in place until further notice. When testing the policy, you determine that the websites are still accessible during the restricted times.
In this scenario, which two actions should you perform to solve the problem? (Choose two.)

  • A. Use the PM parameter when specifying the time in the schedule.
  • B. Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule.
  • C. Use the 13:00 parameter and the 15:00 parameter when specifying the time.
  • D. Use the start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday.

正解:B、C


質問 # 13
Which two statements describe SSL proxy on SRX Series devices? (Choose two.)

  • A. Client-protection is also known as reverse proxy.
  • B. SSL proxy supports TLS version 1.2.
  • C. SSL proxy relies on Active Directory to provide secure communication.
  • D. SSL proxy is supported when enabled within logical systems.

正解:B、D

解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-ssl- tls.html


質問 # 14
What are two requirements for enabling AppQoE? (Choose two.)

  • A. You need two SRX Series device endpoints.
  • B. You need to configure AppQoE for reverse traffic.
  • C. You need two SRX Series or MX Series device endpoints.
  • D. You need an APPID feature license.

正解:C、D


質問 # 15
Which two statements are correct regarding reth interfaces? (Choose two.)

  • A. Child interfaces must be the same Ethernet interface type.
  • B. Child interfaces must be in the same slot on both nodes
  • C. Child interfaces can be a mixture of Ethernet interface types.
  • D. Child interfaces do not need to be in the same slot on both nodes.

正解:A、D


質問 # 16
Exhibit

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.
Which two actions would correct the error? (Choose two.)

  • A. Execute the Junos commit full command to override the error and apply the configuration.
  • B. Modify the security policy to use the built-in Junos-http applications.
  • C. Create a custom application named http at the [edit applications] hierarchy.
  • D. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.

正解:B、C

解説:
Explanation
The error occurred because the "http" application is not defined in this context of Juniper SRX Series device configuration. One solution is to create a custom application named "http" at the [edit applications] hierarchy level (Option C). Another solution is to modify the security policy to use the built-in "junos-http" application which is predefined and doesn't need an explicit definition (Option D). Options A and B are not correct because they do not address the root cause of the error, which is the undefined application "http". References:
The answers can be verified from Juniper's official documentation on security policies and applications available on their website. Here are some relevant links:
Security Policies Feature Guide for Security Devices
Understanding Applications and Application Sets for SRX Series Devices
Configuring Custom Applications for SRX Series Devices
Predefined Applications for SRX Series Devices


質問 # 17
Which two statements are true about the configuration shown in the exhibit? (Choose two.)

  • A. The session is removed from the session table after 10 milliseconds of inactivity.
  • B. Aggressive aging is triggered if the session table reaches 95% capacity.
  • C. Aggressive aging is triggered if the session table reaches 80% capacity.
  • D. The session is removed from the session table after 10 seconds of inactivity.

正解:B、D


質問 # 18
You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs).
Which two statements are true in this scenario? (Choose two.)

  • A. IPsec tunnels can be used to connect vSRX in different VPCs.
  • B. The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.
  • C. MPLS LSPs can be used to connect vSRXs in different VPCs.
  • D. The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.

正解:A、B


質問 # 19
Exhibit

Which two statements are correct about the configuration shown in the exhibit? (Choose two.)

  • A. Replacing the session-init parameter with session-lose will log unidentified flows.
  • B. The session-class parameter in only used when troubleshooting.
  • C. The others 300 parameter means unidentified traffic flows will be dropped in 300 milliseconds.
  • D. Every session that enters the SRX Series device will generate an event

正解:C、D

解説:
Explanation
The configuration shown in the exhibit is a pre-ID default policy, which is a security policy that applies to traffic that cannot be identified by the SRX Series device before the user authentication process is complete. The pre-ID default policy has the following characteristics1:
It is applied to all traffic that matches the from-zone and to-zone parameters, regardless of the source and destination addresses or applications.
It can only have the permit action, and it cannot be deleted or renamed.
It can have optional parameters such as log, session-timeout, and session-class.
The session-timeout parameter specifies the maximum time that a session can remain idle before it is closed by the SRX Series device. The session-timeout parameter can have different values for different types of traffic, such as TCP, UDP, or others. The others parameter applies to traffic that is not TCP or UDP, such as ICMP or GRE. The value of the others parameter is in seconds, not milliseconds. Therefore, the others 300 parameter means unidentified traffic flows will be dropped in 300 seconds, not milliseconds2. This statement is correct, so option B is a valid answer.
The log parameter enables the SRX Series device to generate a log message for each session that matches the pre-ID default policy. The log parameter can have two values: session-init and session-close. The session-init value logs the session when it is created, and the session-close value logs the session when it is closed. The session-init value is useful for identifying the source and destination of the unidentified traffic, while the session-close value is useful for measuring the duration and volume of the traffic3. The configuration shown in the exhibit has the session-init value, which means every session that enters the SRX Series device will generate an event. This statement is correct, so option C is a valid answer.
The session-class parameter is used to assign a priority to the sessions that match the pre-ID default policy.
The session-class parameter can have four values: high, medium-high, medium-low, and low. The session-class parameter is useful for managing the resources allocated to the sessions and for applying quality of service (QoS) policies. The session-class parameter is not only used when troubleshooting, but also when optimizing the performance and security of the SRX Series device4. This statement is incorrect, so option A is not a valid answer.
Replacing the session-init parameter with session-lose will not log unidentified flows, but rather log the sessions that are closed due to session timeout or other reasons. This will not help in identifying the source and destination of the unidentified traffic, but rather provide information about the duration and volume of the traffic. This statement is incorrect, so option D is not a valid answer.
References:
Pre-ID Default Policy Overview
Configuring Session Timeout Values for Security Policies
Configuring Logging for Security Policies
Configuring Session Class for Security Policies


質問 # 20
Which two statements are correct about Juniper ATP Cloud? (Choose two.)

  • A. Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 5 minutes.
  • B. The threat levels range from 0-10.
  • C. The threat levels range from 0-100.
  • D. Once the target threshold is met, Juniper ATP Cloud continues looking for threats levels range from 0 to 10 minutes.

正解:A、B

解説:
According to the Juniper Networks JNCIS-SEC Study Guide, Juniper ATP Cloud sets target thresholds for security events and then continuously scans the environment for any activity that exceeds this threshold. Once the threshold is met, Juniper ATP Cloud continues looking for threats for a period of 0 to 5 minutes. The threat levels range from 0 to 10, with 0 being the lowest and 10 being the highest.


質問 # 21
What are three capabilities of AppQoS? (Choose three.)

  • A. assign a forwarding class
  • B. rate-limit traffic
  • C. re-write DSCP values
  • D. re-write the TTL
  • E. reserve bandwidth

正解:A、C、E

解説:
AppQoS (Application Quality of Service) is a Junos OS feature that provides advanced control and prioritization of application traffic. With AppQoS, you can classify application traffic, assign a forwarding class to the traffic, and apply quality of service (QoS) policies to the traffic. You can also re-write DSCP values and reserve bandwidth for important applications. However, AppQoS does not re-write the TTL or rate-limit traffic.


質問 # 22
You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.
Which Juniper Networks solution will accomplish this task?

  • A. Encrypted Traffic Insights
  • B. UTM
  • C. JIMS
  • D. Adaptive Threat Profiling

正解:D

解説:
Explanation
Adaptive Threat Profiling is a feature that allows SRX Series Firewalls to generate, propagate, and consume threat feeds based on their own advanced detection and policy-match events. This feature enables you to configure security or IDP policies that, when matched, inject the source IP address, destination IP address, source identity, or destination identity into a threat feed, which can be leveraged by other devices as a dynamic-address-group (DAG). With adaptive threat profiling, the Juniper ATP Cloud service acts as a feed-aggregator and consolidates feeds from SRX across your enterprise and shares the deduplicated results back to all SRX Series Firewalls in the realm at regular intervals. SRX Series Firewalls can then use these feeds to perform further actions against the traffic. This feature allows you to find systems running applications that increase the risks on your network and ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection1. References:
Adaptive Threat Profiling Overview and Configuration
Adaptive Threat Profiling Overview
Juniper Launches Adaptive Threat Profiling, New VPN Features
Juniper Networks Answers Who and What is On the Network with Risk-Based Access Control Capabilities and New VPN Application Adaptive Threat Profiling Overview | SD Cloud


質問 # 23
Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.
Which configuration should you use in this scenario?

  • A. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.
  • B. Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
  • C. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.
  • D. Use the CLI to create a custom profile and increase the scan limit.

正解:A

解説:
In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.


質問 # 24
Which two statements are correct about AppTrack? (Choose two.)

  • A. AppTrack collects traffic flow information including byte, packet, and duration statistics.
  • B. AppTrack can only be configured in the main logical system on an SRX Series device.
  • C. AppTrack can be configured for any defined logical system on an SRX Series device.
  • D. AppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used.

正解:A、C

解説:
Explanation
AppTrack is a logging and reporting tool that provides statistics for analyzing bandwidth usage of your network. It can be enabled on any logical system on an SRX Series device1. AppTrack collects byte, packet, and duration statistics for application flows in the specified zone2. AppTrack sends log messages through syslog providing application activity update messages1.
AppTrack does not identify or block traffic flows that might be malicious. That is the function of AppSecure, which is a suite of application security tools that includes AppID, AppFW, AppQoS, and AppDoS3. AppTrack is a complementary tool that provides visibility into the types of applications traversing through the SRX Series gateway4.
AppTrack can be configured in any logical system on an SRX Series device, not just the main one1.
This allows for more flexibility and granularity in monitoring application traffic across different logical systems.
References:
1: Application Tracking | Junos OS | Juniper Networks
2: application-tracking | Junos OS | Juniper Networks
3: Juniper Networks AppSecure | NetworkScreen.com
4: [SRX] AppTrack log messages continue to get generated even after disabling the feature - Juniper Networks


質問 # 25
You must deploy AppSecure in your network to block risky applications.
In this scenario, which two AppSecure features are required? (Choose two.)

  • A. AppTrack
  • B. AppFW
  • C. AppID
  • D. APBR

正解:A、C


質問 # 26
Click the Exhibit button.

The output shown in the exhibit is displayed in which format?

  • A. binary
  • B. sd-syslog
  • C. syslog
  • D. WELF

正解:B


質問 # 27
Which statement defines the function of an Application Layer Gateway (ALG)?

  • A. The ALG contains protocols that use one application session for each TCP session.
  • B. The ALG uses software that is used by a single TCP session using the same port numbers as the application.
  • C. The ALG uses software processes for managing specific protocols.
  • D. The ALG uses software processes for permitting or disallowing specific IP address ranges.

正解:C

解説:
Explanation
An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols such as Session Initiation Protocol (SIP) or FTP on Juniper Networks devices running Junos OS. The ALG module is responsible for Application-Layer aware packet processing on switches1. The ALG can perform various functions such as modifying the payload and header of packets, opening secondary connections, translating addresses and ports, and applying security policies1. The ALG does not use software processes for permitting or disallowing specific IP address ranges, as this is the function of firewall filters or security zones2. The ALG does not use software that is used by a single TCP session using the same port numbers as the application, as this is the definition of a stateful firewall3. The ALG does not contain protocols that use one application session for each TCP session, as this is the characteristic of some application protocols such as HTTP or SMTP4. References:
1: ALG Overview | Junos OS | Juniper Networks
2: Firewall Filters Overview | Junos OS | Juniper Networks
3: Stateful Firewall Overview | Junos OS | Juniper Networks
4: Application Layer Protocols | Junos OS | Juniper Networks


質問 # 28
Exhibit

You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them.
Which statement is correct in this scenario?

  • A. Set the maximum C&C entries within the Juniper ATP Cloud GUI.
  • B. Use the commit full command to start the download.
  • C. No action is required, the feeds take a few minutes to download.
  • D. The security intelligence policy must be configured; on a unified security policy

正解:C

解説:
According to the Juniper Networks JNCIS-SEC Study Guide, when you set up your command-and-control (C&C) category with Juniper ATP Cloud, all of the feeds will initially have zero objects in them. This is normal, as it can take a few minutes for the feeds to download. No action is required in this scenario and you will notice the feeds start to populate with objects once the download is complete.


質問 # 29
Which two statements are correct when considering IPS rule base evaluation? (Choose two.)

  • A. IPS applies the most severe action to traffic matching multiple rules,
  • B. IPS evaluates rules sequentially
  • C. IPS evaluates rules concurrently.
  • D. IPS applies the least severe action to traffic matching multiple rules.

正解:A、C

解説:
Reference:
The Intrusion Prevention System (IPS) is a feature that provides protection against network-based threats. The IPS uses a rule base to evaluate network traffic and apply actions based on the rules that match the traffic.
When evaluating the rule base, the IPS evaluates the rules concurrently (option A). This means that the IPS can apply multiple rules to the same traffic simultaneously.
If multiple rules match the same traffic, the IPS applies the most severe action (option B). This means that if there are conflicting actions specified in different rules, the IPS will apply the action that has the highest severity. For example, if one rule specifies a "drop" action and another rule specifies a "log" action for the same traffic, the IPS will drop the traffic because dropping has a higher severity than logging.


質問 # 30
Your network uses a single JSA host and you want to implement a cluster.
In this scenario, which two statements are correct? (Choose two.)

  • A. The software versions on both primary and secondary hosts
  • B. The secondary host can backup multiple JSA primary hosts.
  • C. The primary and secondary hosts must be configured with the same storage devices.
  • D. The cluster virtual IP will need an unused IP address assigned.

正解:A、D

解説:
Explanation
JSA supports high availability (HA) clusters, which are two JSA hosts that act as a single system. The primary host is the active host and the secondary host is the standby host. If the primary host fails, the secondary host takes over and becomes the active host1 To configure an HA cluster, you must ensure that the software versions on both primary and secondary hosts are the same, and that the cluster virtual IP address is an unused IP address on the same subnet as the primary and secondary hosts1 The secondary host does not backup multiple JSA primary hosts, as each HA cluster consists of only one primary and one secondary host1 The primary and secondary hosts do not need to be configured with the same storage devices, as long as they have enough disk space to store the same amount of data2 References:
1: HA Clusters | Junos OS | Juniper Networks
2: JSA Virtual Appliance | Juniper Networks US


質問 # 31
Your network uses a remote e-mail server that is used to send and receive e-mails for your users.
In this scenario, what should you do to protect users from receiving malicious files thorugh e-mail?

  • A. Deploy Sky ATP SMTP e-mail protection
  • B. Deploy Sky ATP MAPI e-mail protection
  • C. Deploy Sky ATP POP3 e-mail protection
  • D. Deploy Sky ATP IMAP e-mail protection

正解:A


質問 # 32
......

2024年最新のリアルな無料Juniper JN0-335試験問題集問題と解答:https://www.passtest.jp/Juniper/JN0-335-shiken.html

JN0-335練習テストエンジン購入前に試そう100試験問題:https://drive.google.com/open?id=1DqLNnaOMmOgNrBrbxz4zdqeFxKs1Sj2G