オンラインJN0-335テストブレーン問題集とテストエンジン
リアルJuniper JN0-335試験問題集には正解100問題と解答があります
Juniper JN0-335認定試験は、Juniper Networks認定プログラムの一部である専門レベルの認定試験です。このプログラムは、Juniper Security Solutionsを設計、実装、および管理するために必要な知識とスキルをIT専門家に提供するように設計されています。 JN0-335試験では、候補者がファイアウォール、VPN、侵入予防システムなどのセキュリティテクノロジーを完全に理解する必要があります。
質問 # 47
You are asked to block malicious applications regardless of the port number being used.
In this scenario, which two application security features should be used? (Choose two.)
- A. AppTrack
- B. AppFW
- C. APPID
- D. AppQoE
正解:B、C
解説:
Explanation
AppFW and APPID are two application security features that can be used to block malicious applications regardless of the port number being used. AppFW provides policy-based enforcement and control on traffic based on application signatures. By using AppFW, you can block any application traffic not sanctioned by the enterprise. APPID identifies applications based on their behavior and characteristics, regardless of port, protocol, or encryption method. By using APPID, you can classify applications and apply appropriate security policies to them123 References:
AppSecure: Application Visibility and Control Solution Brief
Application Firewall | Junos OS | Juniper Networks
Security Policy Applications and Application Sets | Junos OS | Juniper Networks
質問 # 48
Which two statements describe JSA? (Choose two.)
- A. JSA can be used as a log node with Security Director or as a standalone solution.
- B. Security Director must be used to view third-party events rom JSA flow collectors.
- C. JSA events must be manually imported into Security Directory using an SSH connection.
- D. JSA supports events and flows from Junos devices, including third-party devices.
正解:A、D
質問 # 49
Which two statements are true about the vSRX? (Choose two.)
- A. It has VMXNET3 vNIC support.
- B. Linux is the base OS.
- C. It does not have VMXNET3 vNIC support.
- D. UNIX is the base OS.
正解:A、B
解説:
The vSRX is a virtual security appliance that runs on a virtual machine. It provides firewall, VPN, and other security services in a virtualized environment.
The vSRX is based on a version of Junos OS that is optimized for virtualization. It runs on a Linux kernel and uses a KVM hypervisor. It supports VMware ESXi and KVM hypervisors. The vSRX has support for VMXNET3 vNICs, which are high-performance virtual network interfaces provided by VMware. These interfaces can provide higher throughput and lower CPU utilization than other virtual NIC types.
質問 # 50
Which statement defines the function of an Application Layer Gateway (ALG)?
- A. The ALG uses software processes for managing specific protocols.
- B. The ALG contains protocols that use one application session for each TCP session.
- C. The ALG uses software that is used by a single TCP session using the same port numbers as the application.
- D. The ALG uses software processes for permitting or disallowing specific IP address ranges.
正解:A
解説:
The statement that defines the function of an Application Layer Gateway (ALG) is: The ALG uses software processes for managing specific protocols. An ALG is a security component that operates at the application layer (layer 7) of the OSI model and handles data associated with certain application protocols, such as SIP, FTP, RTSP, etc. An ALG acts as a proxy or intermediary between the client and the server applications and performs various functions, such as address and port translation, resource allocation, application response control, and synchronization of data and control traffic. An ALG can also inspect and modify the application payload to enable firewall or NAT traversal, prevent spoofing or DoS attacks, or enforce granular security policies based on application-specific commands. Reference := Application-level gateway - Wikipedia, What Is an Application Layer Gateway (ALG)? | F5, What is ALG ** Application Layer Gateway | 3CX
質問 # 51
Which two statements are correct about SSL proxy server protection? (Choose two.)
- A. You must load the server certificates on the SRX Series device.
- B. You do not need to configure the servers to use the SSL proxy the function on the SRX Series device.
- C. You must import the root CA on the servers.
- D. The servers must be configured to use the SSL proxy function on the SRX Series device.
正解:A、D
解説:
You must load the server certificates on the SRX Series device and configure the servers to use the SSL proxy function on the SRX Series device. This is done to ensure that the SSL proxy is able to decrypt the traffic between the client and server. Additionally, you must import the root CA on the servers in order for the SSL proxy to properly validate the server certificate.
質問 # 52
How does Juniper ATP Cloud protect a network from zero-day threats?
- A. It uses antivirus software.
- B. It uses dynamic analysis.
- C. It uses a cache lookup.
- D. It uses known virus signatures.
正解:B
解説:
Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Juniper ATP Cloud protects a network from zero-day threats by using dynamic analysis, which is a method of executing files in a sandbox environment and observing their behavior and network interactions. Dynamic analysis can uncover unknown malware that may evade static analysis or signature-based detection methods.
質問 # 53
You want to permit access to an application but block application sub-Which two security policy features provide this capability? (Choose two.)
- A. APPID
- B. content filtering
- C. micro application detection
- D. URL filtering
正解:B、C
解説:
Explanation
References:
Security Policies Feature Guide for Security Devices
Application Security User Guide for Security Devices
Understanding Micro Application Detection
Configuring Micro Application Detection
Content Filtering Feature Guide for Security Devices
質問 # 54
Your network uses a remote e-mail server that is used to send and receive e-mails for your users.
In this scenario, what should you do to protect users from receiving malicious files thorugh e-mail?
- A. Deploy Sky ATP POP3 e-mail protection
- B. Deploy Sky ATP SMTP e-mail protection
- C. Deploy Sky ATP IMAP e-mail protection
- D. Deploy Sky ATP MAPI e-mail protection
正解:B
質問 # 55
Which two statements about JIMS high availability are true? (Choose two.)
- A. SRX clients are configured with the shared virtual IP (VIP) address of the JIMS server.
- B. SRX clients are configured with the unique IP addresses of the primary and secondary JIMS servers.
- C. SRX clients synchronize authentication tables with both the primary and secondary JIMS servers.
- D. JIMS supports high availability through the installation of the primary and secondary JIMS servers.
正解:B、D
質問 # 56
Which two statements about SRX Series device chassis clusters are true? (Choose two.)
- A. Redundancy group 0 is only active on the cluster backup node.
- B. Chassis cluster member devices must be the same model.
- C. Each chassis cluster member device can host active redundancy groups
- D. Each chassis cluster member requires a unique cluster ID value.
正解:B、C
解説:
Explanation
A chassis cluster is a pair of SRX Series devices that are connected and configured to operate as a single node, providing high availability and load balancing for traffic flows1. A chassis cluster consists of two nodes:
one primary and one secondary. Each node can host one or more redundancy groups, which are logical entities that group the interfaces and services that need to fail over together in case of a node failure2. Redundancy group 0 is a special group that monitors the control plane of the cluster, such as the routing engine and the control link. Redundancy group 0 is always active on the primary node and standby on the secondary node3.
Therefore, option A is false. Each chassis cluster member requires a unique node ID value, which can be either
0 or 1, to identify itself within the cluster4. However, the cluster ID value is the same for both nodes, and it is used to identify the cluster as a whole. Therefore, option B is false. Each chassis cluster member device can host active redundancy groups, depending on the configuration and the status of the nodes. By default, the primary node hosts all the redundancy groups, but you can configure some groups to be preempted by the secondary node if it has a higher priority or load-sharing between the nodes if they have the same priority.
Therefore, option C is true. Chassis cluster member devices must be the same model, because different models have different hardware and software specifications that may not be compatible with each other in a cluster.
Therefore, option D is true. References:
Chassis Cluster User Guide for SRX Series Devices
Understanding Chassis Cluster Redundancy Groups
Understanding Redundancy Group 0
Understanding Chassis Cluster Node IDs
[Understanding Chassis Cluster Cluster IDs]
[Configuring Chassis Cluster Redundancy Group Settings]
[Chassis Cluster Feature Guide for SRX Series Devices]
質問 # 57
You are asked to track BitTorrent traffic on your network. You need to automatically add the workstations to the High_Risk_Workstations feed and the servers to the BitTorrent_Servers feed automatically to help mitigate future threats.
Which two commands would add this functionality to the FindThreat policy? (Choose two.)
- A.

- B.

- C.

- D.

正解:A
質問 # 58
Which three statements about SRX Series device chassis clusters are true? (Choose three.)
- A. Heartbeat messages verify that the chassis cluster control link is working.
- B. Chassis cluster control links must be configured using RFC 1918 IP addresses.
- C. Recovery from a control link failure requires that the secondary member device be rebooted.
- D. A control link failure causes the secondary cluster node to be disabled.
- E. Chassis cluster member devices synchronize configuration using the control link.
正解:A、D、E
解説:
1. Chassis cluster member devices synchronize configuration using the control link: This statement is correct because the control link is used for configuration synchronization among other functions.
2. A control link failure causes the secondary cluster node to be disabled: This statement is correct because a control link failure causes the secondary node to become ineligible for primary role and remain in secondary role until the control link is restored.
3. Heartbeat messages verify that the chassis cluster control link is working: This statement is correct because heartbeat messages are sent periodically over the control link to monitor its status.
質問 # 59
Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types.
Which configuration should you use in this scenario?
- A. Use the ATP Cloud Ul to update a custom profile and increase the scan limit for executable files to 30 MB.
- B. Use the CLI to create a custom profile and increase the scan limit.
- C. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB.
- D. Use the ATP Cloud Ul to change the default profile to increase the scan limit for all files to 30 MB.
正解:A
解説:
Explanation
Juniper ATP Cloud profiles let you define which files to send to the cloud for inspection. You can group types of files to be scanned together (such as.tar,.exe, and.java) under a common name and create multiple profiles based on the content you want scanned. Then enter the profile names on eligible SRX Series devices to apply them1. To update a custom profile, you can use the ATP Cloud Ul and navigate to Configure > File Inspection Management > Profiles. There you can edit the existing profile and change the scan limit for executable files to 30 MB, while keeping the scan limit for other files at 10 MB. This way, you can scan larger executable files without increasing the scan time for other file types. References: File Inspection Profiles Overview
質問 # 60
A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?
- A. the allowlist and blocklist feed
- B. the custom cloud feed
- C. the infected host cloud feed
- D. the command-and-control cloud feed
正解:C
解説:
Explanation
The infected host cloud feed is a list of IP addresses that have been identified as compromised or infected by malware. The feed is updated by Juniper ATP Cloud based on the detection of malicious activity from the hosts, such as contacting known command-and-control servers. When a host on the network reaches the configured threat level threshold, its IP address is automatically added to the infected host cloud feed and blocked from communicating with any other hosts on the Internet. The other feeds are not relevant for this situation. The command-and-control cloud feed is a list of IP addresses that are known to be used by malware for remote control and communication. The allowlist and blocklist feed is a user-defined list of IP addresses that are either allowed or denied by the SRX Series device. The custom cloud feed is a user-defined list of IP addresses that are associated with a specific category or threat level. References:
Infected Hosts: More Information
Juniper's Attacker IP feed bolsters threat protection with SecIntel
ATP Appliance and SRX Series Threat Level Comparison Chart
質問 # 61
You are experiencing excessive packet loss on one of your two WAN links route traffic from the degraded link to the working link Which AppSecure component would you use to accomplish this task?
- A. APBR
- B. AppFW
- C. AppQoS
- D. AppQoE
正解:A
解説:
APBR (Application Path-Based Routing) is an AppSecure component which can be used to route traffic from the degraded link to the working link in order to reduce packet loss. APBR is a policy-based routing solution that allows you to configure rules to direct traffic to the most appropriate path, based on application, user, or network metrics.
質問 # 62
On which three Hypervisors is vSRX supported? (Choose three.)
- A. Oracle VM
- B. KVM
- C. Citrix Hypervisor
- D. VMware ESXi
- E. Hyper-V
正解:B、D、E
解説:
Explanation
vSRX is a virtual firewall that runs on various hypervisors, such as VMware ESXi, Microsoft Hyper-V, and KVM. vSRX provides security and networking services at the perimeter or edge of virtualized environments.
vSRX supports different versions of VMware ESXi, Hyper-V, and KVM, depending on the Junos OS release and the vSRXflavor. Citrix Hypervisor and Oracle VM are not supported hypervisors for vSRX. References:
vSRX Overview
Understand vSRX with Microsoft Hyper-V
Requirements for vSRX Virtual Firewall on VMware
vSRX Deployment Guide for Microsoft Hyper-V
vSRX Chassis Cluster/High Availability support for vSRX
質問 # 63
You are deploying the Junos application firewall feature in your network.
In this scenario, which two elements are mapped to applications in the application system cache?
(Choose two.)
- A. source port
- B. source IP address
- C. destination port
- D. destination IP address
正解:C、D
質問 # 64
You administer a JSA host and want to include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall.
Which JSA rule type satisfies this requirement?
- A. flow
- B. common
- C. offense
- D. event
正解:D
解説:
To include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall, you need to use an event rule type in JSA. An event rule type allows you to create custom rules based on the events that are collected and normalized by JSA from various sources, such as firewalls, routers, switches, servers, and so on. You can define the conditions, tests, and actions for an event rule, such as matching a specific event name, setting a threshold for the number of occurrences, and sending an SNMP trap to a specified host. Reference := Creating a Custom Rule, Customizing the SNMP Trap Output
質問 # 65
Which two statements are true about Juniper ATP Cloud? (Choose two.)
- A. Dynamic analysis is not always necessary to determine if a file contains malware.
- B. If the cache lookup determines that a file contains malware, static analysis is not performed to verify the results.
- C. Dynamic analysis is always performed to determine if a file contains malware.
- D. If the cache lookup determines that a file contains malware, performed to verify the results.
正解:A、B
解説:
Explanation
Juniper ATP Cloud is a cloud-based threat detection service that protects all hosts in your network against evolving security threats. It uses a combination of tools to identify and block malware, such as cache lookup, static analysis, and dynamic analysis12 Cache lookup is the first step in the malware detection process. It checks the file hash against a database of known malicious and benign files. If the file is found in the cache, the analysis is completed and the file is either allowed or blocked based on the cache result12 Static analysis is the second step in the malware detection process. It examines the file attributes, such as file size, file type, file name, and embedded URLs, to determine if the file is suspicious or not. If the file is deemed suspicious, it is sent to the next step for further analysis. If the file is deemed benign, it is allowed to pass through12 Dynamic analysis is the third and final step in the malware detection process. It executes the file in a sandbox environment and observes its behavior, such as network connections, registry changes, file operations, and process injections. If the file exhibits malicious behavior, it is blocked and reported. If the file does not exhibit malicious behavior, it is allowed to pass through12 Therefore, dynamic analysis is not always performed to determine if a file contains malware, as it depends on the results of the cache lookup and static analysis. Similarly, if the cache lookup determines that a file contains malware, static analysis is not performed to verify the results, as the file is already blocked based on the cache lookup12 References:
Juniper Advanced Threat Prevention Cloud (ATP Cloud) Documentation
Juniper Advanced Threat Prevention Cloud | Juniper Networks
質問 # 66
You are troubleshooting advanced policy-based routing (APBR). Which two actions should you perform in this scenario? (Choose two.)
- A. Verity inet.0 for correct route leaking.
- B. Inspect the application system cache for the application entry.
- C. Review the APBR statistics for matching rules and route modifications.
- D. Verify that the APBR profiles are applied to the egress zone.
正解:B、C
質問 # 67
......
Juniper JN0-335認定試験は、セキュリティを専門としたいIT専門家向けに設計されています。セキュリティ、スペシャリスト(JNCIS-SEC)認定試験は、Junosセキュリティプラットフォームの構成とトラブルシューティングにおける候補者の知識とスキルを検証するように設計されています。この試験に合格した候補者は、ネットワークセキュリティの認定スペシャリストとして認識されており、この認定は、ITの専門家がネットワークセキュリティのキャリアを進めるのに役立ちます。
有効なJN0-335テスト解答とJuniper JN0-335試験PDF:https://jp.fast2test.com/JN0-335-premium-file.html
Juniper JN0-335認定リアル2024年最新の模擬試験:https://drive.google.com/open?id=1F8pfD9d0vOqeSHhH3yDGHe8V9gz_hs10