Security Design, Specialist (JNCDS-SEC) v1.0 (JN0-1331)

Page:    1 / 5   
Total 69 questions

You are designing a data center interconnect between two sites across a service provider Layer 3 VPN service. The sites require Layer 2 connectivity between hosts, and the connection must be secure.
In this scenario, what will accomplish this task?

  • A. EVPN over IPsec
  • B. MACsec encryption
  • C. SSL VPN encryption
  • D. stacked VLAN tagging


Answer : B

You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic.
In this scenario, which type of WAN load balancing would you use?

  • A. BGP
  • B. OSPF
  • C. FBF
  • D. ECMP


Answer : C

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-advanced-policy-based-routing.html

You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?

  • A. MACsec encryption
  • B. LAG Layer 2 hashing
  • C. IRB VLAN routing between hosts
  • D. stacked VLAN tagging on the core switches


Answer : C

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/example/private-vlans-irb-interfaces-mx-series-l2ng-configuring.html

In a data center, what are two characteristics of access tier VLAN termination on the aggregation tier? (Choose two.)

  • A. Multiple VLANs can be part of one security zone
  • B. A security zone is limited to a single VLAN
  • C. Inter-VLAN traffic within a zone can bypass firewall services
  • D. Inter-VLAN traffic is secured through firewall services


Answer : AD

What is the maximum number of SRX Series devices in a chassis cluster?

  • A. 2
  • B. 3
  • C. 4
  • D. 5


Answer : A

Reference:
https://www.oreilly.com/library/view/juniper-srx-series/9781449339029/ch07.html

You want to deploy a VPN that will connect branch locations to the main office. You will eventually add additional branch locations to the topology, and you must avoid additional configuration on the hub when those sites are added.
In this scenario, which VPN solution would you recommend?

  • A. Site-to-Site VPN
  • B. Hub-and-Spoke VPN
  • C. AutoVPN
  • D. Group VPN


Answer : C

Reference:
https://www.juniper.net/assets/us/en/local/pdf/solutionbriefs/3510477-en.pdf

Which two steps should be included in your security design process? (Choose two.)

  • A. Identify external attackers
  • B. Define safety requirements for the customerג€™s organization
  • C. Identify the firewall enforcement points
  • D. Define overall security policies


Answer : CD

Reference:
https://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000591-en.pdf

You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below:
✑ You must ensure that every packet entering your device is independently inspected against a set of rules.
✑ You must provide a way to protect the device from undesired access attempts.
✑ You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device.
In this scenario, what do you recommend using to accomplish these requirements?

  • A. firewall filters
  • B. intrusion prevention system
  • C. unified threat management
  • D. screens


Answer : A

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-stateless-example-trusted-source-block-telnet-and-ssh-access.html

Which statement is correct about service chaining?

  • A. Service chaining uses IPsec to connect together two or more VMs
  • B. Service chaining evaluates traffic by using multiple security features on the same instance
  • C. Service chaining redirects traffic back through the same device for additional processing
  • D. Service chaining combines multiple VNF instances together in the data flow


Answer : D

You are designing a data center security solution for a customer. The customer asks that you provide a DDoS solution. Several IPsec tunnels will be terminated at the data center gateway.
Which type of security is your customer asking you to implement?

  • A. segmentation
  • B. intra-data center policy enforcement
  • C. perimeter protection
  • D. compliance


Answer : C

You have a site that has two Internet connections but no switch on the outside of the firewall. You want to use ISP-A over ISP-B during normal operations.
Which type of chassis cluster design would you propose to satisfy this requirement?

  • A. Propose active/active cluster deployment with separate redundancy groups
  • B. Propose active/passive cluster deployment with separate redundancy groups
  • C. Propose active/active cluster deployment without separate redundancy groups
  • D. Propose active/passive cluster deployment without separate redundancy groups


Answer : A

Reference:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/chassis-cluster-srx-active-active-configuring.html

You are designing a data center security architecture. The design requires automated scaling of security services according to real-time traffic flows.
Which two design components will accomplish this task? (Choose two.)

  • A. telemetry with an SDN controller
  • B. JFlow traffic monitoring with event scripts
  • C. VNF security devices deployed on x86 servers
  • D. VRF segmentation on high-capacity physical security appliances


Answer : BC

Reference:
https://www.juniper.net/documentation/en_US/learn-about/LearnAbout_NFV.pdf

You are deploying Security Director with the logging and reporting functionality for VMs that use SSDs. You expect to have approximately 20,000 events per second of logging in your network.
In this scenario, what is the minimum number of log receiver devices that you should use?

  • A. 4
  • B. 3
  • C. 2
  • D. 1


Answer : D

Reference:
https://www.juniper.net/documentation/en_US/junos-space17.1/topics/task/multi-task/junos-space-sd-log-collector-installing.html

You are asked to design a secure enterprise WAN where all payload data is encrypted and branch sites communicate directly without routing all traffic through a central hub.
Which two technologies would accomplish this task? (Choose two.)

  • A. group VPN
  • B. AutoVPN
  • C. MPLS Layer 3 VPN
  • D. Auto Discovery VPN


Answer : CD

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html

You are asked to provide a design proposal for a campus network. As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network.
Which feature meets this requirement?

  • A. IPsec
  • B. 802.1X
  • C. NAT
  • D. ALGs


Answer : B

Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/802-1x-authentication-switching-devices.html

Page:    1 / 5   
Total 69 questions