[Apr 06, 2025] Free JNCIS-SEC JN0-335 Exam Question [Q35-Q55]

Share

[Apr 06, 2025] Free JNCIS-SEC JN0-335 Exam Question

JN0-335 dumps & JNCIS-SEC sure practice dumps


The JN0-335 exam is an intermediate-level certification exam, and it is recommended that you have at least two years of experience in Junos security technologies before attempting the exam. JN0-335 exam is ideal for network security professionals, security engineers, and security consultants who want to validate their skills and knowledge in the field. Security, Specialist (JNCIS-SEC) certification can also be beneficial for those who want to advance their careers in the field of network security.

 

NEW QUESTION # 35
Which two statements describe JSA? (Choose two.)

  • A. Security Director must be used to view third-party events rom JSA flow collectors.
  • B. JSA can be used as a log node with Security Director or as a standalone solution.
  • C. JSA events must be manually imported into Security Directory using an SSH connection.
  • D. JSA supports events and flows from Junos devices, including third-party devices.

Answer: B,D


NEW QUESTION # 36
Which two statements are correct about the Junos IPS feature? (Choose two.)

  • A. IPS uses sandboxinQ to detect unknown attacks.
  • B. IPS is a standalone platform running on dedicated hardware or as a virtual device.
  • C. IPS is integrated as a security service on SRX Series devices.
  • D. IPS uses protocol anomaly rules to detect unknown attacks.

Answer: C,D

Explanation:
Junos IPS is a feature that provides intrusion prevention and detection services on SRX Series devices. It monitors network traffic and compares it against predefined signatures or custom rules to identify and block malicious or unwanted packets. Two statements that are correct about the Junos IPS feature are:
IPS is integrated as a security service on SRX Series devices: Junos IPS is not a separate platform or device, but a security service that runs on SRX Series firewalls. It can be enabled and configured as part of the security policy on the SRX Series device and applied to specific zones, interfaces, or traffic flows.
IPS uses protocol anomaly rules to detect unknown attacks: Junos IPS uses two types of rules to detect attacks: signature rules and protocol anomaly rules. Signature rules match traffic against known attack patterns or signatures and block them based on predefined actions. Protocol anomaly rules detect deviations from the expected behavior or structure of common protocols, such as TCP, UDP, ICMP, etc. Protocol anomaly rules can help identify unknown or zero-day attacks that may not have a signature yet.


NEW QUESTION # 37
Which two statements are correct when considering IPS rule base evaluation? (Choose two.)

  • A. IPS applies the least severe action to traffic matching multiple rules.
  • B. IPS evaluates rules sequentially
  • C. IPS evaluates rules concurrently.
  • D. IPS applies the most severe action to traffic matching multiple rules,

Answer: B,D

Explanation:
B). IPS applies the most severe action to traffic matching multiple rules. When traffic matches more than one rule, the action taken will be the most severe one specified among the matching rules.
C). IPS evaluates rules sequentially. This means that the rules within an IPS policy are processed in a specific order, typically from top to bottom.


NEW QUESTION # 38
A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?

  • A. the command-and-control cloud feed
  • B. the infected host cloud feed
  • C. the custom cloud feed
  • D. the allowlist and blocklist feed

Answer: B

Explanation:
Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers3. Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level3. Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud4. You can also configure your SRX Series device to block traffic from these IP addresses using security policies4.


NEW QUESTION # 39
What are two examples of RTOs? (Choose two.)

  • A. IPsec SA entries
  • B. session table entries
  • C. control link heartbeats
  • D. fabric link probes

Answer: C,D


NEW QUESTION # 40
You are deploying a new SRX Series device and you need to log denied traffic. In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)

  • A. session-close
  • B. deny
  • C. count
  • D. session-init

Answer: A,B

Explanation:
You need to create a global firewall rulebase that matches RT_FLOW_SESSION_DENY events.
To do this, you need to specify two policy parameters: deny and session-close.


NEW QUESTION # 41
Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)

  • A. assets
  • B. tests
  • C. building blocks
  • D. events

Answer: B,D

Explanation:
The two configurable features on Juniper Secure Analytics (JSA) that can be used to ensure that alerts are triggered when matching certain criteria are events and tests. Events refer to the collection of data from different sources, while tests are used to define the criteria for which an alert is triggered. For example, you can use events to collect data from a firewall and tests to define criteria such as IP address, port number, and the type of traffic.


NEW QUESTION # 42
Your network uses a single JSA host and you want to implement a cluster. In this scenario, which two statements are correct? (Choose two.)

  • A. The software versions on both primary and secondary hosts
  • B. The secondary host can backup multiple JSA primary hosts.
  • C. The cluster virtual IP will need an unused IP address assigned.
  • D. The primary and secondary hosts must be configured with the same storage devices.

Answer: A,C

Explanation:
According to the Juniper Networks JNCIP-SEC Study Guide, when setting up a cluster with a single JSA host, both the primary and secondary hosts must have the same software version installed. Additionally, an unused IP address must be assigned to the cluster virtual IP. The primary and secondary hosts do not need to be configured with the same storage devices, and the secondary host cannot be used to backup multiple JSA primary hosts.


NEW QUESTION # 43
Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

  • A. Nancy is a member of the Active Directory sales group.
  • B. Nancy logged in to the juniper.net Active Directory domain.
  • C. The IP address of the authenticating domain controller is 172.25.11.140.
  • D. The IP address of Nancy's client PC is 172.25.11.

Answer: C


NEW QUESTION # 44
You are asked to ensure that if the session table on your SRX Series device gets close to exhausting its resources, that you enforce a more aggress.ve age-out of existing flows.
In this scenario, which two statements are correct? (Choose two.)

  • A. The high-watermark configuration specifies the percentage of how much of the session table is left before disabling a more aggressive age- out timer.
  • B. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met.
  • C. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer
  • D. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the low-watermark value is met.

Answer: B,C

Explanation:
Explanation
The session table is a limited resource for SRX Series devices. If the session table is full, any new sessions will be rejected by the device. The aggressive session-aging mechanism accelerates the session timeout process when the number of sessions in the session table exceeds the specified high-watermark threshold. This mechanism minimizes the likelihood that the SRX Series devices will reject new sessions when the session table becomes full1. To perform aggressive session aging, you need to configure the following parameters1:
early-ageout -During aggressive session aging, the sessions with an age-out time lower than the early-ageout threshold are marked as invalid. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met. For example, if you set the early-ageout to 30 seconds, any session that has been inactive for at least 30 seconds will be aged out when the high-watermark is reached2.
high-watermark -The device performs aggressive session aging when the number of sessions in the session table exceeds the high-watermark threshold. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer. For example, if you set the high-watermark to 90 percent, the device will start aging out sessions more aggressively when the session table reaches 90 percent of its capacity3.
Therefore, the correct statements are B and D.
References: Understanding Aggressive Session Aging high-watermark early-ageout


NEW QUESTION # 45
When considering managed sessions, which configuration parameter determines how full the session table must be to implement the early age-out function? (Choose two)

  • A. policy rematch
  • B. low watermark
  • C. session service timeout
  • D. high waremark

Answer: C,D


NEW QUESTION # 46
Exhibit

You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them.
Which statement is correct in this scenario?

  • A. Use the commit full command to start the download.
  • B. Set the maximum C&C entries within the Juniper ATP Cloud GUI.
  • C. No action is required, the feeds take a few minutes to download.
  • D. The security intelligence policy must be configured; on a unified security policy

Answer: C

Explanation:
Explanation
Juniper ATP Cloud is the threat intelligence hub for Juniper customers, identifying indicators of compromise for users and devices across the network. It provides security intelligence feeds, such as command and control (C&C) and infected hosts, that can be used to block or log malicious traffic. When you configure the C&C category with Juniper ATP Cloud, you need to specify the authentication token, the URL, and the update interval for the feeds. After you commit the configuration, the feeds are downloaded automatically from the Juniper ATP Cloud server. This may take a few minutes, depending on the network latency and the size of the feeds. Therefore, no action is required from the user, and the feeds will have non-zero objects once the download is complete. You can verify the status of the feeds by using the show services security intelligence category summary command, as shown in the exhibit. References:
Introduction to Juniper ATP Cloud
security-intelligence (services)
Juniper ATP Cloud CLI Reference Guide


NEW QUESTION # 47
What are two elements of a custom IDP/IPS attack object? (Choose two.)

  • A. the exempt rulebase
  • B. the destination zone
  • C. the attack signature
  • D. the severity of the attack

Answer: C,D


NEW QUESTION # 48
Which two solutions provide a sandboxing feature for finding zero-day malware threats? (Choose two.)

  • A. IPS
  • B. Sky ATP
  • C. UTM
  • D. JATP

Answer: B,D


NEW QUESTION # 49
Which two statements are correct about AppTrack? (Choose two.)

  • A. AppTrack can only be configured in the main logical system on an SRX Series device.
  • B. AppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used.
  • C. AppTrack can be configured for any defined logical system on an SRX Series device.
  • D. AppTrack collects traffic flow information including byte, packet, and duration statistics.

Answer: C,D

Explanation:
AppTrack is a feature that allows you to monitor and analyze the application traffic on your SRX Series device. It can be configured for any defined logical system, which is a virtual router or switch within a physical device. AppTrack collects statistics such as bytes, packets, and duration for each application flow and displays them in reports or logs. AppTrack does not identify or block malicious traffic, that is the function of AppSecure or IDP/IPS. Reference := JNCIS-SEC Certification, Open Learning - Security, Specialist (JNCIS-SEC), Application Security Theory


NEW QUESTION # 50
You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection.
Which Juniper Networks solution will accomplish this task?

  • A. Adaptive Threat Profiling
  • B. JIMS
  • C. UTM
  • D. Encrypted Traffic Insights

Answer: A

Explanation:
Adaptive Threat Profiling (ATP) is a Juniper Networks solution that enables organizations to detect malicious activity on their networks and process it through IPS and Juniper ATP Cloud for malware and virus protection. ATP is powered by Juniper's advanced Machine Learning and Artificial Intelligence (AI) capabilities, allowing it to detect and block malicious activity in real-time.
ATP is integrated with Juniper's Unified Threat Management (UTM) and Encrypted Traffic Insights (ETI) solutions, providing an end-to-end network protection solution.


NEW QUESTION # 51
How does Juniper ATP Cloud protect a network from zero-day threats?

  • A. It uses a cache lookup.
  • B. It uses known virus signatures.
  • C. It uses dynamic analysis.
  • D. It uses antivirus software.

Answer: C


NEW QUESTION # 52
Referring to the exhibit, what do you determine about the status of the cluster?

  • A. There are no issues with the cluster.
  • B. Node 2 is down.
  • C. Node 1 is down
  • D. Both nodes determine that they are in a primary state.

Answer: B


NEW QUESTION # 53
Which two statements are correct about JSA data collection? (Choose two.)

  • A. The Event Collector collects information using BGP FlowSpec.
  • B. The Event Collector parses logs
  • C. The Flow Collector parses logs.
  • D. The Flow Collector can use statistical sampling

Answer: B,D

Explanation:
The Flow Collector can use statistical sampling to collect and store network flow data in the JSA database. The Event Collector collects information from various sources including syslog, SNMP, NetFlow, and BGP FlowSpec. Both the Flow Collector and the Event Collector parse logs to extract useful information from the logs.


NEW QUESTION # 54
You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device.
In this scenario, what is the correct order for rebooting the devices?

  • A. Reboot the primary device, then the secondary device.
  • B. Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.
  • C. Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
  • D. Reboot the secondary device, then the primary device.

Answer: A

Explanation:
when enabling chassis clustering on two devices, the correct order for rebooting them is to reboot the primary device first, followed by the secondary device. It is not possible for either device to assign itself the correct cluster and node ID, so both devices must be rebooted to ensure the proper configuration is applied.


NEW QUESTION # 55
......

Juniper JN0-335 Actual Questions and Braindumps: https://certmagic.surepassexams.com/JN0-335-exam-bootcamp.html