• Home
  • Blogs
  • [Nov 27, 2023] JN0-335 Dumps PDF and Test Engine Exam Questions - ExamPrepAway [Q31-Q49]

[Nov 27, 2023] JN0-335 Dumps PDF and Test Engine Exam Questions - ExamPrepAway [Q31-Q49]

Share

[Nov 27, 2023] JN0-335 Dumps PDF and Test Engine Exam Questions - ExamPrepAway

Verified JN0-335 exam dumps Q&As with Correct 100 Questions and Answers

NEW QUESTION # 31
Which two statements are correct about server-protection SSP proxy? (Choose two.)

  • A. The server-protection SSL proxy forwards the server certificate after modification.
  • B. The server-protection SSL proxy acts as the server from the client's perspective.
  • C. The server-protection SSL proxy is also known as SSL reverse proxy.
  • D. The server-protection SSL proxy intercepts the server certificate.

Answer: B,C


NEW QUESTION # 32
You are deploying a new SRX Series device and you need to log denied traffic.
In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)

  • A. session-close
  • B. session-init
  • C. count
  • D. deny

Answer: A,D

Explanation:
you need to create a global firewall rulebase that matches RT_FLOW_SESSION_DENY events2. To do this, you need to specify two policy parameters: deny and session-close3.


NEW QUESTION # 33
Click the Exhibit button.

Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?

  • A. Screens
  • B. Forwarding Lookup
  • C. Services ALGs
  • D. Security Policy

Answer: D


NEW QUESTION # 34
You need to implement Junos Screen options to protect traffic coming through the ge-0/0/0 and ge-0/0/1 interfaces which are located in the trust and DMZ zones, respectively. Where would you enable the Junos Screen options?

  • A. in the global security zone settings
  • B. on the ge-0/0/0 and ge-0/0/1 interfaces
  • C. in a security policy
  • D. in the trust and DMZ zone settings

Answer: D


NEW QUESTION # 35
Click the Exhibit button.

You examine the log file shown in the exhibit after running the set security idp active-policy command.
Which two statements are true in this scenario? (Choose two.)

  • A. The IDP policy compiled successfully.
  • B. The IDP policy loaded successfully.
  • C. The IDP hit cache is set to 16384.
  • D. The entire configuration was committed.

Answer: A,B


NEW QUESTION # 36
You are troubleshooting advanced policy-based routing (APBR). Which two actions should you perform in this scenario? (Choose two.)

  • A. Review the APBR statistics for matching rules and route modifications.
  • B. Verity inet.0 for correct route leaking.
  • C. Verify that the APBR profiles are applied to the egress zone.
  • D. Inspect the application system cache for the application entry.

Answer: A,D


NEW QUESTION # 37
Click the Exhibit button.

Which two statements are true about the session shown in the exhibit? (Choose two.)

  • A. Two security policies are required for bidirectional traffic flow.
  • B. The ALG was enabled by manual configuration.
  • C. The ALG was enabled by default.
  • D. One security policy is required for bidirectional traffic flow.

Answer: A,B


NEW QUESTION # 38
You have implemented a vSRX in your VMware environment. You want to implement a second vSRX Series device and enable chassis clustering.
Which two statements are correct in this scenario about the control-link settings? (Choose two.)

  • A. In the vSwitch properties settings, set the VLAN ID to None.
  • B. In the vSwitch security settings, reject MAC address changes.
  • C. In the vSwitch security settings, accept promiscuous mode.
  • D. In the vSwitch security settings, reject forged transmits.

Answer: B,D


NEW QUESTION # 39
What are two valid JIMS event log sources? (Choose two.)

  • A. Microsoft Exchange Server event logs
  • B. Microsoft Windows Server 2012 audit logs
  • C. Microsoft Active Directory server event logs
  • D. Microsoft Active Directory audit logs

Answer: A,C


NEW QUESTION # 40
After JSA receives external events and flows, which two steps occur? (Choose two.)

  • A. After the information is filtered, JSA responds with active measures
  • B. After formatting the data, the data is stored in an asset database.
  • C. Before formatting the data, the data is analyzed for relevant information.
  • D. Before the information is filtered, the information is formatted

Answer: C,D

Explanation:
Before formatting the data, the data is analyzed for relevant information. This is done to filter out any irrelevant data and to extract any useful information from the data. After the information is filtered, it is then formatted so that it can be stored in an asset database. After the data has been formatted, JSA will then respond with active measures.


NEW QUESTION # 41
Which two are negotiated during Phase 2 of an IPsec VPN tunnel establishment? (Choose two.)

  • A. security protocol
  • B. UDP port number
  • C. proxy IDs
  • D. VPN monitor interval

Answer: A,C


NEW QUESTION # 42
You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device. In this scenario, what is the correct order for rebooting the devices?

  • A. Reboot the secondary device, then the primary device.
  • B. Reboot the primary device, then the secondary device.
  • C. Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
  • D. Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.

Answer: B

Explanation:
when enabling chassis clustering on two devices, the correct order for rebooting them is to reboot the primary device first, followed by the secondary device. It is not possible for either device to assign itself the correct cluster and node ID, so both devices must be rebooted to ensure the proper configuration is applied.


NEW QUESTION # 43
What are two types of collectors for the JATP core engine? (Choose two.)

  • A. telemetry
  • B. e-mail
  • C. Web
  • D. SNMP

Answer: B,C


NEW QUESTION # 44
Which two solutions provide a sandboxing feature for finding zero-day malware threats? (Choose two.)

  • A. JATP
  • B. IPS
  • C. UTM
  • D. Sky ATP

Answer: A,D


NEW QUESTION # 45
Which two statements describe IPS? (Choose two.)

  • A. IPS inspects up to Layer 7 in the OSI model.
  • B. IPS inspects up to Layer 4 in the OSI model.
  • C. IPS can be used to prevent future attacks from occurring.
  • D. IPS dynamically sends policy changes to SRX Series devices.

Answer: A,C


NEW QUESTION # 46
A routing change occurs on an SRX Series device that involves choosing a new egress interface.
In this scenario, which statement is true for all affected current sessions?

  • A. The current sessions do not change.
  • B. The current session are torn dowm only if the policy-rematch option has been enabled.
  • C. The current sessions are torn down and go through first path processing based on the new route.
  • D. The current sessions might change based on the corresponding security policy.

Answer: C


NEW QUESTION # 47
You are asked to create an IPS-exempt rule base to eliminate false positives from happening.
Which two configuration parameters are available to exclude traffic from being examined?
(Choose two.)

  • A. destination IP address
  • B. destination port
  • C. source IP address
  • D. source port

Answer: C

Explanation:
To exclude traffic from being examined by IPS, you can use the source IP address and/or destination port as criteria for the exemption. This is achieved by configuring an IPS-exempt rule base that includes specific exemption rules based on these criteria.


NEW QUESTION # 48
Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.
Which configuration should you use in this scenario?

  • A. Use the CLI to create a custom profile and increase the scan limit.
  • B. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.
  • C. Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
  • D. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.

Answer: B

Explanation:
In this scenario, you should use the ATP Cloud Ul to create a custom profile and update the scan limit for executable files to 30 MB. This will ensure that executable files up to 30 MB can be scanned, while at the same time minimizing the change in scan time for other file types. To do this, log in to the ATP Cloud Ul and go to the Profiles tab. Click the Create button to create a new profile, and then adjust the scan limits for executable files to 30 MB. Once you have saved the custom profile, you can apply it to the desired systems and the new scan limit will be in effect.


NEW QUESTION # 49
......

Juniper JN0-335 Test Engine PDF - All Free Dumps: https://www.examprepaway.com/Juniper/braindumps.JN0-335.ete.file.html

Get New JN0-335 Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1W-Dsn07AUABT3NnTrAdu8xgJJiNmppSV

Related Blogs

more
Juniper JN0-335 Certification Practice Exam