Juniper JN0-335 Exam

Certification Provider: Juniper

Exam Name: Security, Specialist

Number of questions in our database: 65

Exam Version: May. 23, 2023

JN0-335 Exam Official Topics:

Topic 1: Single Topic

Free Juniper JN0-335 Exam Actual Questions

The questions for JN0-335 were last updated On May. 23, 2023

Question #1

You are configuring logging for a security policy.

In this scenario, in which two situations would log entries be generated? (Choose two.)

Aevery 10 minutes

Bat session initialization

Cevery 60 seconds

Dat session close

Reveal Solution

Correct Answer: B, D

Log entries would be generated in two situations: at session initialization and at session close. At session initialization, the log entry would include details about the connection, such as the source and destination IP addresses, the service being used, and the action taken by the security policy. At session close, the log entry would include details about the connection, such as the duration of the session, the bytes sent/received, and the action taken by the security policy. For more information, you can refer to the Juniper Security documentation athttps://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-log-configuration.html.

Question #2

Exhibit

You are asked to ensure that servers running the Ubuntu OS will not be able to update automatically by blocking their access at the SRX firewall. You have configured a unified security policy named Blockuburrtu, but it is not blocking the updates to the OS.

Referring to the exhibit which statement will block the Ubuntu OS updates?

AMove the Blockubuntu policy after the Allowweb policy.

BConfigure the Blockubuntu policy with the junos-https application parameter.

CChange the default policy to permit-all.

DConfigure the Allowweb policy to have a dynamic application of any.

Reveal Solution

Correct Answer: B

Question #3

Exhibit

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

AIssue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.

BExecute the Junos commit full command to override the error and apply the configuration.

CCreate a custom application named http at the [edit applications] hierarchy.

DModify the security policy to use the built-in Junos-http applications.

Reveal Solution

Correct Answer: C, D

The error message indicates that the Junos-http application is not defined, so you need to either create a custom application or modify the security policy to use the built-in Junos-http application. Doing either of these will allow you to successfully commit the configuration.

Question #4

Exhibit

When trying to set up a server protection SSL proxy, you receive the error shown. What are two reasons for this error? (Choose two.)

AThe SSL proxy certificate ID is part of a blocklist.

BThe SSL proxy certificate ID does not have the correct renegotiation option set.

CThe SSL proxy certificate ID is for a forwarding proxy.

DThe SSL proxy certificate ID does not exist.

Reveal Solution

Correct Answer: A, D

Two possible reasons for this error are that the SSL proxy certificate ID does not exist, or the SSL proxy certificate ID is part of a blocklist. If the SSL proxy certificate ID does not exist, you will need to generate a new certificate. If the SSL proxy certificate ID is part of a blocklist, you will need to contact the source of the blocklist to remove it. Additionally, you may need to check that the SSL proxy certificate ID has the correct renegotiation option set, as this is necessary for proper server protection. For more information, you can refer to the Juniper Security documentation athttps://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-ssl-proxy-configuration.html.

Question #5

What information does encrypted traffic insights (ETI) use to notify SRX Series devices about known malware sites?

Acertificates

Bdynamic address groups

CMAC addresses

Ddomain names

Reveal Solution

Correct Answer: D

Encrypted traffic insights (ETI) uses domain names to notify SRX Series devices about known malware sites. ETI is a feature of the SRX Series firewall that can detect and block malware that is hidden in encrypted traffic. It works by analyzing the domain names of the websites that the encrypted traffic is attempting to access. If the domain name matches a known malware site, ETI will send an alert to the SRX Series device, which can then take appropriate action to block the traffic. ETI is a useful tool for protecting against threats that attempt to evade detection by hiding in encrypted traffic.

Unlock all JN0-335 Exam Questions with Advanced Practice Test Features:

Select Question Types you want
Set your Desired Pass Percentage
Allocate Time (Hours : Minutes)
Create Multiple Practice tests with Limited Questions
Customer Support

Get Full Access Now

Disscuss Juniper JN0-335 Topics, Questions or Ask Anything Related

Submit Cancel