JN0-335無料問題集「Juniper Security, Specialist (JNCIS-SEC)」

質問 1

You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs).
Which two statements are true in this scenario? (Choose two.)

（A）The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.

（B）The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.

（C）IPsec tunnels can be used to connect vSRX in different VPCs.

（D）MPLS LSPs can be used to connect vSRXs in different VPCs.

正解：A、C 解答を投票する

質問 2

Click the Exhibit button.

You have deployed Sky ATP to protect your network from attacks so that users are unable to download malicious files. However, after a user attempts to download a malicious file, they are still able to communicate through the SRX Series device.
Referring to the exhibit, which statement is correct?

（A）Configure a security intelligence policy and apply it to the security policy.

（B）Change the security policy from a standard security policy to a unified security policy.

（C）Remove the fallback options in the advanced anti-malware policy.

（D）Lower the verdict threshold in the advanced anti-malware policy.

正解：A 解答を投票する

質問 3

You are preparing a proposal for a new customer who has submitted the following requirements for a vSRX deployment:
-- globally distributed,
-- rapid provisioning,
-- scale based on demand,
-- and low CapEx.
Which solution satisfies these requirements?

（A）AWS

（B）VMWare ESXi

（C）Network Director

（D）Juniper ATP Cloud

正解：A 解答を投票する

質問 4

You are asked to enable AppTrack to monitor application traffic from hosts in the User zone destined to hosts in the Internet zone.
In this scenario, which statement is true?

（A）You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.

（B）You must enable the AppTrack feature within the Internet zone configuration.

（C）You must enable the AppTrack feature within the interface configuration associated with the User zone.

（D）You must enable the AppTrack feature within the User zone configuration.

正解：D 解答を投票する

質問 5

When considering managed sessions, which configuration parameter determines how full the session table must be to implement the early age-out function?

（A）session service timeout

（B）low watermark

（C）policy rematch

（D）high waremark

正解：D 解答を投票する

質問 6

Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)

（A）When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.

（B）When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained

（C）When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.

（D）When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Referring to the exhibit, which statement is true?

（A）Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed.

（B）Malicious HTTP file downloads are never blocked.

（C）Malicious HTTP file downloads are always blocked.

（D）Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score.

正解：D 解答を投票する

質問 8

Which two statements about SRX Series device chassis clusters are correct? (Choose two.)

（A）The chassis cluster data plane is connected with SPC ports.

（B）The chassis cluster can contain a maximum of two devices.

（C）The chassis cluster can contain a maximum of three devices.

（D）The chassis cluster data plane is connected with revenue ports.

正解：B、D 解答を投票する

質問 9

Which sequence does an SRX Series device use when implementing stateful session security policies using Layer 3 routes?

（A）An SRX Series device will perform a security policy search before conducting a longest-match Layer 3 route table lookup.

（B）An SRX Series device performs a security policy search before implementing an ALG security check on the longest-match Layer 3 route.

（C）An SRX Series device conducts an ALG security check on the longest-match route before performing a security policy search.

（D）An SRX Series device will conduct a longest-match Layer 3 route table lookup before performing a security policy search.

正解：D 解答を投票する

質問 10

What is the default timeout for a TCP session on an SRX Series device?

（A）1 minute

（B）30 seconds

（C）30 minutes

（D）1 hour

正解：C 解答を投票する

JN0-335 無料問題集「Juniper Security, Specialist (JNCIS-SEC)」

弊社を連絡する

関連リンク

トップ試験