Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Juniper JN0-336 - Security, Specialist (JNCIS-SEC)

Page: 2 / 2
Total 66 questions

In Juniper high availability (HA) SRX Series device implementations, which interface will be used to exchange session state, configuration files, and ensure session continuity across nodes using the proprietary Trivial Network Protocol?

A.

fab

B.

fxp0

C.

fxp1

D.

swfab

You are asked to configure a cluster between SRX1 and SRX2.

Which two commands must be used to accomplish this task? (Choose two.)

A.

user@SRX2# set chassis cluster cluster-id 0 node 1

B.

user@SRX1 > set chassis cluster cluster-id 1 node 0

C.

user@SRX2 > set chassis cluster cluster-id 1 node 1

D.

user@SRX1# set chassis cluster cluster-id 0 node 2

What are two chassis cluster data plane interfaces? (Choose two.)

A.

swfab

B.

fab

C.

fxp1

D.

fxp0

Which two statements are correct about a chassis cluster? (Choose two.)

A.

If the cluster ID is set to 0, the HA configuration is ignored.

B.

You must reboot the device anytime you change the node ID configuration.

C.

If the node ID is set to 0, the HA configuration is ignored.

D.

You must have multiple Layer 2 domains if you require more than 255 node IDs.

Your manager asks you to update your SRX Series device’s IDP security package. You perform the required steps; however, when you attempt to install the package, you receive an error.

Referring to the exhibit, which two statements are correct about this error? (Choose two.)

A.

IDP stops inspecting traffic.

B.

The IDP license has expired.

C.

IDP continues to inspect traffic only using the installed signatures.

D.

The IDP license is missing/not installed.

Regarding static attack object groups, which two statements are true? (Choose two.)

A.

Matching attack objects are automatically added to a custom group.

B.

Group membership automatically changes when Juniper updates the IPS signature database.

C.

Group membership does not automatically change when Juniper updates the IPS signature database.

D.

You must manually add matching attack objects to a custom group.

Which two statements are correct about the security associations of an IPsec VPN? (Choose two.)

A.

IPsec security associations are established during IKEv1 Phase 2 negotiations.

B.

IKEv1 security associations are established during IKEv1 Phase 2 negotiations.

C.

IPsec security associations are established during IKEv1 Phase 1 negotiations.

D.

IKEv1 security associations are established during IKEv1 Phase 1 negotiations.

Which statement is correct about Active Directory as an identity source for identity-aware security policies?

A.

It supports a maximum of two domains.

B.

It supports logical systems.

C.

It supports 20 Active Directory servers per domain.

D.

It tracks non-Windows Active Directory users.

You need to deploy an SRX Series device in your virtual environment.

In this scenario, what are two benefits of using a CSRX? (Choose two.)

A.

The cSRX supports Layer 2 and Layer 3 deployments.

B.

The cSRX default configuration contains three default zones: trust, untrust, and management.

C.

The cSRX supports firewall, NAT, IPS, and UTM services.

D.

The cSRX has low memory requirements.