Juniper JN0-335 Online Practice Questions and Exam Preparation

Juniper JN0-335 Online Questions & Answers

• Question 1:

  You are asked to ensure that if the session table on your SRX Series device gets close to exhausting its resources, that you enforce a more aggress.ve age-out of existing flows.

  In this scenario, which two statements are correct? (Choose two.)

  A. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the low-watermark value is met.
  B. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met.
  C. The high-watermark configuration specifies the percentage of how much of the session table is left before disabling a more aggressive age- out timer.
  D. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer
  B. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met.
  D. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer

  ---

  explanation:

  Explanation

  The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer. This ensures that the session table does not become full and cause traffic issues, and also ensures that existing flows are aged out quickly when the table begins to get close to being full.

• Question 2:

  Which two functions does Juniper ATP Cloud perform to reduce delays in the inspection of files? (Choose two.)

  A. Juniper ATP Cloud allows the creation of allowlists.
  B. Juniper ATP Cloud uses a single antivirus software package to analyze files.
  C. Juniper ATP Cloud allows end users to bypass the inspection of files.
  D. Juniper ATP Cloud performs a cache lookup on files.
  A. Juniper ATP Cloud allows the creation of allowlists.
  D. Juniper ATP Cloud performs a cache lookup on files.

  ---

  explanation:

  Explanation

  Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Two functions that Juniper ATP Cloud performs to reduce delays in the inspection of files are: Juniper ATP Cloud allows the creation of allowlists: Allowlists are lists of trusted files or file hashes that are excluded from scanning by Juniper ATP Cloud. You can create allowlists based on file name, file type, file size, file hash, or sender domain. By using allowlists, you can reduce the number of files that need to be uploaded to Juniper ATP Cloud for analysis and improve the performance and efficiency of your network. Juniper ATP Cloud performs a cache lookup on files: Cache lookup is a process that checks if a file has been previously scanned by Juniper ATP Cloud and if there is a cached verdict for it. If there is a cached verdict, Juniper ATP Cloud returns it immediately without scanning the file again. If there is no cached verdict, Juniper ATP Cloud uploads the file for analysis. By using cache lookup, you can reduce the time and bandwidth required for scanning files by Juniper ATP Cloud.

  References: [Juniper Advanced Threat Prevention Cloud (ATP Cloud)], [Configuring Allowlists], [Understanding Cache Lookup]

• Question 3:

  Click the Exhibit button.

  

  You are validating the configuration template for device access. The commands in the exhibit have been entered to secure IP access to an SRX Series device.

  Referring to the exhibit, which two statements are true? (Choose two.)

  A. The device manager can access the device from 192.168.11.248.
  B. The loopback interface blocks invalid traffic on its entry into the device.
  C. The loopback interface blocks invalid traffic on its exit from the device.
  D. The device manager can access the device from 10.253.1.2.
  B. The loopback interface blocks invalid traffic on its entry into the device.
  D. The device manager can access the device from 10.253.1.2.

  ---

  explanation:

  Explanation

  The commands in the exhibit show how to configure a firewall filter on the loopback interface (lo0) of an SRX Series device. The loopback interface is a gateway for all the control traffic that enters the Routing Engine of the device. The firewall filter can be used to monitor and protect this control traffic from various attacks. Two statements that are true based on the exhibit are: The loopback interface blocks invalid traffic on its entry into the device: The firewall filter applied on lo0 has a term that matches any packet with an invalid source address (such as 0.0.0.0/8 or 127.0.0.0/8) and discards it. This prevents spoofing or DoS attacks using invalid source addresses. The device manager can access the device from 10.253.1.2: The firewall filter applied on lo0 has a term that matches any packet with a source address of 10.253.1.2 and accepts it. This allows the device manager to access the device from this IP address using protocols such as SSH, Telnet, HTTP, or HTTPS.

  References: Firewall Filter Support on Loopback Interface, [MX/SRX] The behavior of firewall filters that are applied on the loopback interfaces in virtual routers

• Question 4:

  You want to permit access to an application but block application sub-Which two security policy features provide this capability? (Choose two.)

  A. URL filtering
  B. micro application detection
  C. content filtering
  D. APPID
  A. URL filtering
  B. micro application detection

  ---

  explanation:

  Explanation

  The two security policy features that provide the capability to permit access to an application but block its sub-applications are URL filtering and micro application detection. URL filtering allows you to create policies that permit or block access to certain websites or webpages based on URL patterns. Micro application detection is a more sophisticated approach that can identify and block specific applications, even if they are embedded within other applications or websites. According to the Juniper Networks Certified Internet Specialist (JNCIS-SEC) Study Guide [1], "micro application detection is the most accurate way to detect and control applications." Content filtering and APPID are more general approaches and are not as effective in providing the level of granularity needed to block sub-applications.

• Question 5:

  You want to use IPS signatures to monitor traffic.

  Which module in the AppSecure suite will help in this task?

  A. AppTrack
  B. AppQoS
  C. AppFW
  D. APPID
  C. AppFW

  ---

  explanation:

  Explanation

  The AppFW module in the AppSecure suite provides IPS signatures that can be used to monitor traffic and detect malicious activities. AppFW also provides other security controls such as Web application firewall, URL filtering, and application-level visibility.

• Question 6:

  Which two statements are correct about the cSRX? (Choose two.)

  A. The cSRX supports firewall, NAT, IPS, and UTM services.
  B. The cSRX only supports Layer 2 "bump-in-the-wire" deployments.
  C. The cSRX supports BGP, OSPF. and IS-IS routing services.
  D. The cSRX has three default zones: trust, untrust, and management
  A. The cSRX supports firewall, NAT, IPS, and UTM services.
  D. The cSRX has three default zones: trust, untrust, and management

  ---

  explanation:

  Explanation

  The two statements that are correct about the cSRX are that it supports firewall, NAT, IPS, and UTM services, and that it has three default zones: trust, untrust, and management. The cSRX is a software-defined security solution that provides comprehensive network security capabilities and is designed for virtualized environments. It supports firewall, NAT, IPS, and UTM services to protect against threats, as well as BGP, OSPF, and IS-IS routing services for routing functionality. Additionally, the cSRX has three default zones: trust, untrust, and management. The trust zone is used to define traffic that is allowed to enter the network, the untrust zone is used to define traffic that should be blocked from entering the network, and the management zone is used to manage the device itself. The cSRX does not support Layer 2 "bump-in-the-wire" deployments.

• Question 7:

  Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.

  Which configuration should you use in this scenario?

  A. Use the CLI to create a custom profile and increase the scan limit.
  B. Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
  C. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.
  D. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.
  D. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.

  ---

  explanation:

  Explanation

  In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.

• Question 8:

  Exhibit

  

  Using the information from the exhibit, which statement is correct?

  A. Redundancy group 1 is in an ineligible state.
  B. Node1 is the active node for the control plane
  C. There are no issues with the cluster.
  D. Redundancy group 0 is in an ineligible state.
  A. Redundancy group 1 is in an ineligible state.

  ---

  explanation:

  Explanation

• Question 9:

  Which two statements are correct about JSA data collection? (Choose two.)

  A. The Event Collector collects information using BGP FlowSpec.
  B. The Flow Collector can use statistical sampling
  C. The Flow Collector parses logs.
  D. The Event Collector parses logs
  B. The Flow Collector can use statistical sampling
  D. The Event Collector parses logs

  ---

  explanation:

  Explanation

  The Flow Collector can use statistical sampling to collect and store network flow data in the JSA database. The Event Collector collects information from various sources including syslog, SNMP, NetFlow, and BGP FlowSpec. Both the Flow Collector and the Event Collector parse logs to extract useful information from the logs.

• Question 10:

  On an SRX Series firewall, what are two ways that Encrypted Traffic Insights assess the threat of the traffic? (Choose two.)

  A. It decrypts the file in a sandbox.
  B. It validates the certificates used.
  C. It decrypts the data to validate the hash.
  D. It reviews the timing and frequency of the connections.
  B. It validates the certificates used.
  D. It reviews the timing and frequency of the connections.

  ---

  explanation:

  Explanation

  Encrypted Traffic Insights is a feature that enables the SRX Series firewall and the ATP Cloud to detect malicious threats that are hidden in encrypted traffic without decrypting the traffic. It does so by analyzing the metadata and connection patterns of the encrypted sessions. Two ways that Encrypted Traffic Insights assess the threat of the traffic are: It validates the certificates used: The SRX Series firewall extracts the server certificate from the encrypted session and compares its signature with a blocklist of known malicious certificates provided by ATP Cloud. If there is a match, the session is blocked and reported as a threat. It reviews the timing and frequency of the connections: The SRX Series firewall sends the connection details, such as source and destination IP addresses, ports, protocols, and timestamps, to ATP Cloud. ATP Cloud applies behavior analysis and machine learning algorithms to detect anomalous or suspicious patterns of connections, such as high frequency, low duration, or unusual timing.

  References: Juniper Networks Expands Connected Security Portfolio with Encrypted Traffic Analysis for Juniper Advanced Threat Prevention and SecIntel for Mist Wireless, Encrypted Traffic Insights Overview, Configure Encrypted Traffic Insights