Security Design, Specialist (JNCDS-SEC) v7.0 (JN0-1330)

Page:    1 / 5   
Total 65 questions

Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support dual stack They have decided against using a dynamic routing protocol. They are concerned about the difficulty of managing configurations and operations at the hub location as they deploy branch routers
In this scenario, what ate three reasons for selecting route-based VPNs with traffic selectors'? (Choose three)

  • A. Traffic selectors support IPv4 and IPv6.
  • B. Traffic selectors reduce the number of Phase 2 IPsec security associations.
  • C. Traffic selectors reduce latency because they bypass UTM.
  • D. Traffic selectors support auto route insertion
  • E. You can define mutliple traffic selectors within a single route-based VPN

Answer : A,D,E

Your company's IT policy restricts general access to recruitment websites from within the corporate network However, the human resources department requires access to these sites.
Which two features accomplish this goal? (Choose two)

  • A. URL whitelist
  • B. Active Directory authentication
  • C. Web authentication enhanced
  • D. Web filtering

Answer : A,D

What are two design requirements for deploying a chassis cluster across a Layer 2 network? (Choose two)

  • A. VLAN tags from high availability traffic should be preserved.
  • B. Latency between the two nodes must be less than 100 ms.
  • C. Fabric links should share the transit traffic infrastructure.
  • D. Control and fabric link must use different VLAN IDs.

Answer : A,B

You must implement access control lists to protect the control plane of a service provider's core devices What are two ways to accomplish this task? (Choose two.)

  • A. Implement access control lists to filter RFC 1918 IP addresses from reaching the control plane.
  • B. Implement access control lists to permit only internal management networks to reach the control plane.
  • C. Implement access control lists to drop all IP packets that are fragments.
  • D. Implement access control lists to protect the control plane against unauthorized user credentials.

Answer : B,C

You need to provide wireless access to the user community without reducing security.
Which action accomplishes this task?

  • A. Provide all users with the pre-shared key to the SSID to validate their access
  • B. Record the users' MAC addresses.
  • C. Require users to authenticate with EAP-TLS.
  • D. Hide the broadcast of the SSID

Answer : C

What is the maximum number of SRX Series devices in a chassis cluster?

  • A. 2
  • B. 3
  • C. 4
  • D. 5

Answer : A

A client wants to deploy a vSRX chassis cluster across two existing ESXi hosts without changing the external switch configuration Which two actions must you perform to meet this requirement? (Choose two.)

  • A. Use a distributed virtual switch
  • B. Use an overlay network to transport cluster heartbeats over Layer 3.
  • C. Configure private VLANs on the virtual switch (or the control and fabric links.
  • D. Use a standard virtual switch.

Answer : A,C

You are designing a network management solution for a customer's data center Your design must include a solution that supports the collection of events from SRX Series devices, as well as events from various third-party devices.
In this scenario, which solution should you recommend"?

  • A. Secure Analytics
  • B. Cloud Analytics Engine
  • C. Log Director NorthStar
  • D. Controller

Answer : A

You must design a solution to collect logs from a group of SRX Series devices using Junos
Space Log Director You will deploy this solution on virtual machines that How would you accomplish this task?

  • A. Implement one centralized log collectorand continue the SRX Series clusters to forward logs to it.
  • B. Implement one centralized log concentrator and configure the SRX Series clusters lo forward logs to it
  • C. Implement one log concentrator, two log collectors, and a load balancer in front of them, configuring D. SRX Series devices to forward the logs to the Load.
  • D. Implement one log concentrator, three log collectors, and configure the SRX Series clusters to distribute the logs among the log collectors.

Answer : D

Which three statements are correct about BGP flowspec? (Choose three.)

  • A. BGP flowspec uses MP-BGP to automatically distribute fitters to service provider edge routers.
  • B. BGP flowspec fitters are implemented in the forwarding plane of an MX Series router to enable high-speed filtering ofattacks.
  • C. BGP flowspec uses Junos Space Security Director to distribute filters to service provider edge routers.
  • D. The BGP flowspec service runs on service provider edge routers to quickly detect DDoS attacks
  • E. BGP flowspec allows for more granular filtering that null-routing DDoS victims at the service provider edge.

Answer : A,D,E

Your company is migrating an existing enterprise application lo use TLS The application is written in PHP and must have IPS protection Which two actions will ensure that the application is protected on an SRX5400? (Choose two.)

  • A. Use an IPS policy to protect all port 80 traffic.
  • B. Use the SSL reverse proxy feature
  • C. Use the IPS policy that includes critical and major PHP signatures
  • D. Use enhanced Web filtering.

Answer : C,D

You are asked to deploy security in your data center with the criteria listed below
-The deployment must allow for selective firewall redirect -The deployment must allow (or selective firewall bypass
Which deployment meets these requirements?

  • A. inline firewall
  • B. two-arm firewall
  • C. one-arm firewall
  • D. transparent firewall

Answer : C

Which solution centralizes the management of security devices in your data center?

  • A. Juniper Secure Analytics
  • B. J-Web
  • C. Junos Space Security Director
  • D. Junos CU

Answer : C

Spotlight Secure provides which benefit?

  • A. log management
  • B. botnet protection
  • C. centralized management of security devices
  • D. IPsec encryption

Answer : C

You are designing an IPsec VPN solution for a customer with the requirements shown below:
-It must be scalable
-It must support VoIP traffic with minimal latency
-It must allow remote locations to be added to the VPN topology with minimal effort and in a secure way
Which solution meets these requirements?

  • A. Auto Discovery VPN
  • B. AutoVPN
  • C. route-based VPN
  • D. hub-and spoke VPN

Answer : B

Page:    1 / 5   
Total 65 questions