Practice Free JN0-335 Exam Online Questions
Question #1
You are asked to determine how much traffic a popular gaming application is generating on your network.
Which action will you perform to accomplish this task?
- A . Enable AppQoS on the proper security zones
- B . Enable APBR on the proper security zones
- C . Enable screen options on the proper security zones
- D . Enable AppTrack on the proper security zones.
Correct Answer: D
D
Explanation:
AppTrack is a feature of Juniper Networks firewall solutions that allows administrators to track applications, users, and the amount of traffic generated by those applications on the network. AppTrack can be enabled on specific security zones of the network to monitor traffic on those zones. This feature can be used to determine how much traffic a popular gaming application isgenerating on the network. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.
D
Explanation:
AppTrack is a feature of Juniper Networks firewall solutions that allows administrators to track applications, users, and the amount of traffic generated by those applications on the network. AppTrack can be enabled on specific security zones of the network to monitor traffic on those zones. This feature can be used to determine how much traffic a popular gaming application isgenerating on the network. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.
Question #2
Which two statements are correct about JSA data collection? (Choose two.)
- A . The Event Collector collects information using BGP FlowSpec.
- B . The Flow Collector can use statistical sampling
- C . The Flow Collector parses logs.
- D . The Event Collector parses logs
Correct Answer: B D
B D
Explanation:
The Flow Collector can use statistical sampling to collect and store network flow data in the JSA database. The Event Collector collects information from various sources including syslog, SNMP, NetFlow, and BGP FlowSpec. Both the Flow Collector and the Event Collector parse logs to extract useful information from the logs.
B D
Explanation:
The Flow Collector can use statistical sampling to collect and store network flow data in the JSA database. The Event Collector collects information from various sources including syslog, SNMP, NetFlow, and BGP FlowSpec. Both the Flow Collector and the Event Collector parse logs to extract useful information from the logs.
Question #3
You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device.
In this scenario, what is the correct order for rebooting the devices?
- A . Reboot the secondary device, then the primary device.
- B . Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
- C . Reboot the primary device, then the secondary device.
- D . Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.
Correct Answer: A
A
Explanation:
When chassis clustering is enabled and IDs are assigned, it is typically recommended to first reboot the secondary device. This allows the secondary device to fully integrate and recognize its role and settings within the cluster without affecting the ongoing traffic that the primary device might be handling.
Once the secondary device has successfully rebooted and is operational within the cluster, the primary device can then be rebooted. This ensures that the primary device’s reboot does not cause any network downtime, as the secondary device, now fully operational, can take over the traffic and roles as needed.
A
Explanation:
When chassis clustering is enabled and IDs are assigned, it is typically recommended to first reboot the secondary device. This allows the secondary device to fully integrate and recognize its role and settings within the cluster without affecting the ongoing traffic that the primary device might be handling.
Once the secondary device has successfully rebooted and is operational within the cluster, the primary device can then be rebooted. This ensures that the primary device’s reboot does not cause any network downtime, as the secondary device, now fully operational, can take over the traffic and roles as needed.
Question #4
You want to deploy a virtualized SRX in your environment.
In this scenario, why would you use a vSRX instead of a cSRX? (Choose two.)
- A . The vSRX supports Layer 2 and Layer 3 configurations.
- B . Only the vSRX provides clustering.
- C . The vSRX has faster boot times.
- D . Only the vSRX provides NAT, IPS, and UTM services
Correct Answer: A B
A B
Explanation:
vSRX provides flexible networking capabilities which include support for both Layer 2 (data link) and Layer 3 (network) configurations. This allows it to handle a variety of routing and switching tasks within virtual environments.
Clustering capability, which involves grouping multiple vSRX instances to operate as a single entity for redundancy and high availability, is a feature specific to vSRX. This is critical in environments where continuous uptime and resilience are required.
A B
Explanation:
vSRX provides flexible networking capabilities which include support for both Layer 2 (data link) and Layer 3 (network) configurations. This allows it to handle a variety of routing and switching tasks within virtual environments.
Clustering capability, which involves grouping multiple vSRX instances to operate as a single entity for redundancy and high availability, is a feature specific to vSRX. This is critical in environments where continuous uptime and resilience are required.
Question #5
You need to deploy an SRX Series device in your virtual environment. In this scenario, what are two benefits of using a CSRX? (Choose two.)
- A . The cSRX supports Layer 2 and Layer 3 deployments.
- B . The cSRX default configuration contains three default zones: trust, untrust, and management.
- C . The cSRX supports firewall, NAT, IPS, and UTM services.
- D . The cSRX has low memory requirements.
Correct Answer: C, D
C, D
Explanation:
Two benefits of using a cSRX in your virtual environment are:
The cSRX supports firewall, NAT, IPS, and UTM services: The cSRX is a containerized version of the SRX Series firewall that runs as a Docker container on Linux hosts. It provides the same features and functionality as the SRX Series physical firewalls, such as firewall, NAT, IPS, and UTM services. The cSRX can protect your virtual workloads and applications from various threats and attacks.
The cSRX has low memory requirements: The cSRX is designed to be lightweight and efficient, with low memory and CPU requirements. The cSRX can run on as little as 1 GB of RAM and 1 vCPU, making it suitable for resource-constrained environments. Reference: = cSRX Overview, cSRX Container Firewall Datasheet
C, D
Explanation:
Two benefits of using a cSRX in your virtual environment are:
The cSRX supports firewall, NAT, IPS, and UTM services: The cSRX is a containerized version of the SRX Series firewall that runs as a Docker container on Linux hosts. It provides the same features and functionality as the SRX Series physical firewalls, such as firewall, NAT, IPS, and UTM services. The cSRX can protect your virtual workloads and applications from various threats and attacks.
The cSRX has low memory requirements: The cSRX is designed to be lightweight and efficient, with low memory and CPU requirements. The cSRX can run on as little as 1 GB of RAM and 1 vCPU, making it suitable for resource-constrained environments. Reference: = cSRX Overview, cSRX Container Firewall Datasheet
Question #6
Which solution enables you to create security policies that include user and group information?
- A . JIMS
- B . ATP Appliance
- C . Network Director
- D . NETCONF
Correct Answer: A
A
Explanation:
The solution that enables you to create security policies that include user and group information is JIMS (Juniper Identity Management Service). JIMS collects and maintains a large database of user, device, and group information from Active Directory domains or syslog sources, and enables SRX Series devices to rapidly identify thousands of users in a large, distributed enterprise. With JIMS, you can create security policies that include user and group information, and enforce user-based access control policies to protect network resources.
A
Explanation:
The solution that enables you to create security policies that include user and group information is JIMS (Juniper Identity Management Service). JIMS collects and maintains a large database of user, device, and group information from Active Directory domains or syslog sources, and enables SRX Series devices to rapidly identify thousands of users in a large, distributed enterprise. With JIMS, you can create security policies that include user and group information, and enforce user-based access control policies to protect network resources.
Question #7
Which two statements are correct about the fab interface in a chassis cluster? (Choose two.)
- A . Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization.
- B . In an active/active configuration, inter-chassis transit traffic is sent over the fab interface.
- C . The fab interface enables configuration synchronization.
- D . Heartbeat signals sent on the fab interface monitor the health of the control plane link.
Correct Answer: A, B
A, B
Explanation:
The fab interface is a fabric link that connects the two nodes in a chassis cluster. A chassis cluster is a high-availability feature that groups two identical SRX Series devices into a cluster that acts as a single device.
The fab interface has two functions:
Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization: RTOs are data structures that store information about active sessions, such as source and destination IP addresses, ports, protocols, and security policies. RTOs are exchanged between the nodes on the fab interface to ensure that both nodes have the same session information and can take over the traffic in case of a failover.
In an active/active configuration, inter-chassis transit traffic is sent over the fab interface: In an active/active configuration, both nodes in a cluster can process traffic for different redundancy groups (RGs). RGs are collections of interfaces or services that fail over together from one node to another. If traffic needs to transit from one RG to another RG that is active on a different node, it is sent over the fab interface.
Reference: = Configuring Chassis Clustering on SRX Series Devices, Chassis Cluster Redundancy Groups, Chassis Cluster Data Plane
A, B
Explanation:
The fab interface is a fabric link that connects the two nodes in a chassis cluster. A chassis cluster is a high-availability feature that groups two identical SRX Series devices into a cluster that acts as a single device.
The fab interface has two functions:
Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization: RTOs are data structures that store information about active sessions, such as source and destination IP addresses, ports, protocols, and security policies. RTOs are exchanged between the nodes on the fab interface to ensure that both nodes have the same session information and can take over the traffic in case of a failover.
In an active/active configuration, inter-chassis transit traffic is sent over the fab interface: In an active/active configuration, both nodes in a cluster can process traffic for different redundancy groups (RGs). RGs are collections of interfaces or services that fail over together from one node to another. If traffic needs to transit from one RG to another RG that is active on a different node, it is sent over the fab interface.
Reference: = Configuring Chassis Clustering on SRX Series Devices, Chassis Cluster Redundancy Groups, Chassis Cluster Data Plane
Question #8
You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.
Which Juniper Networks solution will accomplish this task?
- A . JIMS
- B . Encrypted Traffic Insights
- C . UTM
- D . Adaptive Threat Profiling
Correct Answer: D
D
Explanation:
Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper’s advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time. ATP is integrated with Juniper’s Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.
D
Explanation:
Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper’s advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time. ATP is integrated with Juniper’s Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.
Question #9
Which two statements are correct about the Junos IPS feature? (Choose two.)
- A . IPS is integrated as a security service on SRX Series devices.
- B . IPS uses sandboxinQ to detect unknown attacks.
- C . IPS is a standalone platform running on dedicated hardware or as a virtual device.
- D . IPS uses protocol anomaly rules to detect unknown attacks.
Correct Answer: A, D
A, D
Explanation:
Junos IPS is a feature that provides intrusion prevention and detection services on SRX Series devices. It monitors network traffic and compares it against predefined signatures or custom rules to identify and block malicious or unwanted packets. Two statements that are correct about the Junos IPS feature are:
IPS is integrated as a security service on SRX Series devices: Junos IPS is not a separate platform or device, but a security service that runs on SRX Series firewalls. It can be enabled and configured as part of the security policy on the SRX Series device and applied to specific zones, interfaces, or traffic flows.
IPS uses protocol anomaly rules to detect unknown attacks: Junos IPS uses two types of rules to detect attacks: signature rules and protocol anomaly rules. Signature rules match traffic against known attack patterns or signatures and block them based on predefined actions. Protocol anomaly rules detect deviations from the expected behavior or structure of common protocols, such as TCP, UDP, ICMP, etc. Protocol anomaly rules can help identify unknown or zero-day attacks that may not have a signature yet.
Reference: = Intrusion Detection and Prevention Feature Guide for Security Devices, Understanding Intrusion Detection and Prevention for SRX Series Devices, Understanding Signature Rules and Protocol Anomaly Rules
A, D
Explanation:
Junos IPS is a feature that provides intrusion prevention and detection services on SRX Series devices. It monitors network traffic and compares it against predefined signatures or custom rules to identify and block malicious or unwanted packets. Two statements that are correct about the Junos IPS feature are:
IPS is integrated as a security service on SRX Series devices: Junos IPS is not a separate platform or device, but a security service that runs on SRX Series firewalls. It can be enabled and configured as part of the security policy on the SRX Series device and applied to specific zones, interfaces, or traffic flows.
IPS uses protocol anomaly rules to detect unknown attacks: Junos IPS uses two types of rules to detect attacks: signature rules and protocol anomaly rules. Signature rules match traffic against known attack patterns or signatures and block them based on predefined actions. Protocol anomaly rules detect deviations from the expected behavior or structure of common protocols, such as TCP, UDP, ICMP, etc. Protocol anomaly rules can help identify unknown or zero-day attacks that may not have a signature yet.
Reference: = Intrusion Detection and Prevention Feature Guide for Security Devices, Understanding Intrusion Detection and Prevention for SRX Series Devices, Understanding Signature Rules and Protocol Anomaly Rules
Question #10
Which two statements are correct about Juniper ATP Cloud? (Choose two.)
- A . Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 5 minutes.
- B . Once the target threshold is met, Juniper ATP Cloud continues looking for threats levels range from 0 to 10 minutes.
- C . The threat levels range from 0-10.
- D . The threat levels range from 0-100.
Correct Answer: C D
C D
Explanation:
In many threat intelligence and evaluation systems, including Juniper ATP Cloud, the threat levels are often scored on a scale to provide a quick reference of the potential risk associated with a threat. A common range for these threat levels is from 0 to 10, with 0 representing minimal or no threat and 10 representing a severe threat.
Alternatively, some systems may use a more granular scoring system ranging from 0 to 100, providing a more nuanced assessment of threat levels. This range allows for finer differentiation between the levels of threat severity.
C D
Explanation:
In many threat intelligence and evaluation systems, including Juniper ATP Cloud, the threat levels are often scored on a scale to provide a quick reference of the potential risk associated with a threat. A common range for these threat levels is from 0 to 10, with 0 representing minimal or no threat and 10 representing a severe threat.
Alternatively, some systems may use a more granular scoring system ranging from 0 to 100, providing a more nuanced assessment of threat levels. This range allows for finer differentiation between the levels of threat severity.