Security, Professional (JNCIP-SEC) v7.0 (JN0-634)

Page:    1 / 5   
Total 65 questions

What are three components of Software-Defined Secure Networks? (Choose three.)

  • A. ContrailB. Sky ATP
  • B. SRX Series device
  • C. Security Director
  • D. Network Director


Answer : B,C,D

You have been notified by your colocation provider that your infrastructure racks will no longer be adjacent to each other.
In this scenario, which technology would you use to secure all Layer 2 and Layer 3 traffic between racks?

  • A. IPsec
  • B. GRE
  • C. 802.1BR
  • D. MACsec


Answer : D

Using content filtering on an SRX Series device, which three types of HTTP content are able to be blocked? (Choose three.)

  • A. PDF files
  • B. ZIP files
  • C. Java applets
  • D. Active X
  • E. Flash


Answer : B,C,D

To which three UTM components would the custom-objects parameter apply? (Choose three.)

  • A. Sky ATP
  • B. antispam
  • C. content filtering
  • D. antivirus
  • E. Web filtering


Answer : B,C,E

You have set up Sky ATP with the SRX Series devices in your network. However, your
SRX Series devices are unable to communicate with the Sky ATP cloud because the communication is being blocked by a gateway network device.
Which two actions should you take to solve the problem? (Choose two.)

  • A. Open destination port 443 inbound from the Internet on the gateway network device.
  • B. Open destination port 8080 outbound from the Internet on the gateway network device.
  • C. Open destination port 443 outbound from the Internet on the gateway network device.
  • D. Open destination port 8080 inbound from the Internet on the gateway network device.


Answer : C,D

Using the Policy Controller API, which configuration would post Sky ATP with PE mode to the Policy Enforcer controller configuration?

  • A. “configs”: {“sdsn”: false“cloudonly”: true}
  • B. “configs”: {“sdsn”: false“cloud”: false}
  • C. “configs”: {“sdsn”: true“cloudonly”: false}
  • D. “configs”: {“sdsn”: false“cloud”: true}


Answer : C

Your network includes SRX Series devices at all headquarter, data center, and branch locations. The headquarter and data center locations use high-end SRX Series devices, and the branch locations use branch SRX Series devices. You are asked to deploy IPS on the SRX Series devices using one of the available IPS deployment modes.
In this scenario, which two statements are true? (Choose two.)

  • A. Inline tap mode provides enforcement.
  • B. Inline tap mode can be used at all locations.
  • C. Integrated mode can be used at all locations.
  • D. Integrated mode provides enforcement.


Answer : C,D

What is a function of UTM?

  • A. AppFW
  • B. IPsec
  • C. content filtering
  • D. bridge mode


Answer : C

Which interface family is required for Layer 2 transparent mode on SRX Series devices?

  • A. LLDP
  • B. Ethernet switching
  • C. inet
  • D. VPLS


Answer : B

What is the required when deploying a log collector in Junos Space?

  • A. root user access to the log collector
  • B. a shared log file directory on the log collector
  • C. the IP address of interface eth1 on the log collector
  • D. a distributed deployment of the log collector nodes


Answer : A

Click the Exhibit button.


Referring to the exhibit, which two statements are true? (Choose two.)

  • A. The application firewall rule is not inspecting encrypted traffic.
  • B. There are two rules configured in the rule set.
  • C. The rule set uses application definitions from the predefined library.
  • D. The configured rule set matches most analyzed applications.


Answer : A,C

Your manager has notices a drop in productivity and believes it is due to employees checking their social media feeds too frequently. You are asked to provide analytical statistics for this traffic within your network on an hourly basis.
Which AppSecure feature should be used to collect this information?

  • A. AppQoS
  • B. AppFW
  • C. AppTrack
  • D. APBR


Answer : C

Click the Exhibit button.


Referring to the exhibit, a user with IP address 10.1.1.85 generates a request that triggers the HTTP:EXT:DOT-LNK IDP signature that is a member of the HTTP All predefined attack group.
In this scenario, which statement is true?

  • A. The session will be closed and a reset sent to the client and server.
  • B. A Differentiated Services code point value of 8 will be applied.
  • C. No action will be taken and the attack information will be logged.
  • D. The session will be dropped with no reset sent to the client or server.


Answer : D

Click the Exhibit button.


Referring to the exhibit, how many AppTrack logs will be generated for an HTTP session lasting 12 minutes?

  • A. 4
  • B. 2
  • C. 1
  • D. 3


Answer : A

Click the Exhibit button.


You have configured integrated user firewall on the SRX Series devices in your network.
However, you noticed that no users can access the servers that are behind the SRX Series devices.
Referring to the exhibit, what is the problem?

  • A. The Kerberos service is not configured correctly on the Active Directory server.
  • B. There are no authentication entries in the SRX Series device for the users.
  • C. The security policy on the SRX Series device is configured incorrectly.
  • D. The SAML service is not configured correctly on the Active Directory server.


Answer : C

Page:    1 / 5   
Total 65 questions