• Home
  • Articles
  • [Nov 27, 2021] JN0-1331 Exam Dumps, JN0-1331 Practice Test Questions [Q24-Q47]

[Nov 27, 2021] JN0-1331 Exam Dumps, JN0-1331 Practice Test Questions [Q24-Q47]

Share

[Nov 27, 2021] JN0-1331 Exam Dumps, JN0-1331 Practice Test Questions

Free JN0-1331 Study Guides Exam Questions & Answer

NEW QUESTION 24
You are asked to include anti-malware features into an existing network design. Traffic from the infected machines must be moved to a quarantined VLAN.
Which product will provide this segregation?

  • A. Sky ATP
  • B. Software Defined Secure Network
  • C. unified threat management
  • D. screens

Answer: B

 

NEW QUESTION 25
What are two reasons for using cSRX over vSRX? (Choose two.)

  • A. cSRX supports the BGP protocol
  • B. cSRX supports IPsec
  • C. cSRX uses less memory
  • D. cSRX loads faster

Answer: C,D

Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/csrx/information-products/pathway-pages/ security-csrx-linux-bm-guide-pwp.pdf

 

NEW QUESTION 26
What are two benefits of the vSRX in a virtualized private or public cloud multitenant environment? (Choose two.)

  • A. full logical systems capabilities
  • B. 100GbE interface support
  • C. stateful firewall protection at the tenant edge
  • D. OSPFv3 capabilities

Answer: A,C

 

NEW QUESTION 27
You are designing a DDoS solution for an ISP using BGP FlowSpec. You want to ensure that BGP FlowSpec does not overwhelm the ISP's edge routers.
Which two requirements should be included in your design? (Choose two.)

  • A. Specify a maximum number BGP FlowSpec prefixes per neighbor
  • B. Implement a route policy to limit advertised routes to any public IP space
  • C. Implement a route policy to limit advertised routes to /24 subnets
  • D. Specify a maximum number of BGP FlowSpec prefixes per device

Answer: B,D

Explanation:
Explanation
Explanation/Reference: https://www.juniper.net/documentation/en_US/day-one-books/DO_BGP_FLowspec.pdf

 

NEW QUESTION 28
You are designing a data center security solution for a customer. The customer asks that you provide a DDoS solution. Several IPsec tunnels will be terminated at the data center gateway.
Which type of security is your customer asking you to implement?

  • A. perimeter protection
  • B. segmentation
  • C. compliance
  • D. intra-data center policy enforcement

Answer: A

 

NEW QUESTION 29
You have a site that has two Internet connections but no switch on the outside of the firewall. You want to use ISP-A over ISP-B during normal operations.
Which type of chassis cluster design would you propose to satisfy this requirement?

  • A. Propose active/passive cluster deployment without separate redundancy groups
  • B. Propose active/active cluster deployment without separate redundancy groups
  • C. Propose active/active cluster deployment with separate redundancy groups
  • D. Propose active/passive cluster deployment with separate redundancy groups

Answer: A

 

NEW QUESTION 30
You are designing a corporate WAN using SRX Series devices as a combined firewall and router at each site.
Regarding packet-mode and flow-mode operations in this scenario, which statement is true?

  • A. Flow-mode on SRX Series devices is required for security services
  • B. An SRX Series device in flow-mode cannot forward packet-mode traffic
  • C. Packet-mode on SRX Series devices is required for deep packet inspection
  • D. Packet-mode is only supported on high-end SRX Series devices

Answer: A

 

NEW QUESTION 31
You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?

  • A. MACsec encryption
  • B. stacked VLAN tagging on the core switches
  • C. LAG Layer 2 hashing
  • D. IRB VLAN routing between hosts

Answer: D

Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/example/private-vlans-irb- interfaces-mx-series-l2ng-configuring.html

 

NEW QUESTION 32
You are designing a network management solution that provides automation for Junos devices. Your customer wants to know which solutions would require additional software to be deployed to existing Junos devices.
Which two solutions satisfy this scenario? (Choose two.)

  • A. SaltStack
  • B. Chef
  • C. Puppet
  • D. Ansible

Answer: A,B

 

NEW QUESTION 33
You are designing a new network for your organization with the characteristics shown below.
All traffic must pass inspection by a security device.
A center-positioned segmentation gateway must provide deep inspection of each packet using 10 Gbps interfaces.
Policy enforcement must be centrally managed.
Which security model should you choose for your network design?

  • A. Zero Trust
  • B. trust but verify
  • C. user-role firewall policies
  • D. Intrazone Permit

Answer: A

 

NEW QUESTION 34
You will be managing 1000 SRX Series devices. Each SRX Series device requires basic source NAT to access the Internet.
Which product should you use to manage these NAT rules on the SRX Series devices?

  • A. JSA
  • B. Security Director
  • C. Contrail
  • D. CSO

Answer: B

 

NEW QUESTION 35
You work for an ISP that wants to implement remote-triggered black hole (RTBH) filters.
What are three considerations in this scenario? (Choose three.)

  • A. BGP FlowSpec improves the RTBH model by implementing dynamic firewall filters
  • B. Destination RTBH essentially completes the attack on the victim's IP
  • C. Source RTBH can block legitimate traffic on the network
  • D. Source RTBH requires uRPF to be implemented on the service provider's network core
  • E. Destination RTBH requires uRPF to be implemented on the service provider's network edge

Answer: A,C,D

 

NEW QUESTION 36
You are required to design a university network to meet the conditions shown below.
* Users connected to the university network should be able to access the Internet and the research department lab network.
* The research department lab network should not be able to reach the Internet.
Which three actions satisfy the design requirements? (Choose three.)

  • A. Use the default deny security policy for the research lab
  • B. Use separate security zones for each department
  • C. Use a global permit policy for Internet traffic
  • D. Use a global deny security policy for the research lab
  • E. Use a static NAT rule between the internal zones for the research lab

Answer: A,B,C

Explanation:
Explanation/Reference:

 

NEW QUESTION 37
You are responding to an RFP for securing a large enterprise. The RFP requires an onsite security solution which can use logs from third-party sources to prevent threats. The solution should also have the capability to detect and stop zero-day attacks.
Which Juniper Networks solution satisfies this requirement?

  • A. Sky ATP
  • B. IDP
  • C. JSA
  • D. JATP

Answer: D

Explanation:
Explanation/Reference: https://www.juniper.net/uk/en/products-services/security/advanced-threat-prevention/

 

NEW QUESTION 38
Click the Exhibit button.

Which type of security solution is shown in this exhibit?

  • A. service chain model
  • B. de-centralized model
  • C. centralized model
  • D. inline security model

Answer: A

 

NEW QUESTION 39
You are working on a network design that will use EX Series devices as Layer 2 access switches in a campus environment. You must include Junos Space in your design. You want to take advantage of security features supported on the devices.
Which two security features would satisfy this requirement? (Choose two.)

  • A. Stateful Firewall
  • B. ALG
  • C. Access Control
  • D. SDSN

Answer: A,C

 

NEW QUESTION 40
Click the Exhibit button.

Which type of security solution is shown in this exhibit?

  • A. service chain model
  • B. de-centralized model
  • C. centralized model
  • D. inline security model

Answer: A

 

NEW QUESTION 41
Click the Exhibit button.

You are designing the virtualized server deployment shown in the exhibit in your data center. The vSRX device is acting as a Layer 2 firewall and the two VMs must communicate through the vSRX device.
Which two actions must you perform to accomplish this task? (Choose two.)

  • A. Place both VMs in different vSwitches
  • B. Place both VMs in the same vSwitch
  • C. Place both VMs in different VLANs
  • D. Place both VMs in the same VLAN

Answer: A,D

 

NEW QUESTION 42
You are asked to design a VPN solution between 25 branches of a company. The company wants to have the sites talk directly to each other in the event of a hub device failure. The solution should follow industry standards.
Which solution would you choose in this scenario?

  • A. full mesh VPN
  • B. Group VPN
  • C. Auto Discovery VPN
  • D. AutoVPN

Answer: C

Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery- vpns.html

 

NEW QUESTION 43
You are asked to design a VPN solution between 25 branches of a company. The company wants to have the sites talk directly to each other in the event of a hub device failure. The solution should follow industry standards.
Which solution would you choose in this scenario?

  • A. full mesh VPN
  • B. Group VPN
  • C. Auto Discovery VPN
  • D. AutoVPN

Answer: C

 

NEW QUESTION 44
You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic.
In this scenario, which type of WAN load balancing would you use?

  • A. FBF
  • B. ECMP
  • C. OSPF
  • D. BGP

Answer: A

Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application- advanced-policy-based-routing.html

 

NEW QUESTION 45
You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?

  • A. MACsec encryption
  • B. stacked VLAN tagging on the core switches
  • C. LAG Layer 2 hashing
  • D. IRB VLAN routing between hosts

Answer: D

 

NEW QUESTION 46
You are deploying Security Director with the logging and reporting functionality for VMs that use SSDs. You expect to have approximately 20,000 events per second of logging in your network.
In this scenario, what is the minimum number of logging and reporting devices that should be used?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 47
......


Juniper JN0-1331 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Describe the security design considerations for an enterprise WAN
  • Describe advanced security features
Topic 2
  • Describe the design considerations for automating security
  • Describe the security design considerations within a campus or branch network
Topic 3
  • Security Automation and Management
  • Securing data center interconnects
Topic 4
  • Describe the design considerations for security management
  • Describe the security design considerations for a service provider WAN
Topic 5
  • Describe the security design considerations in a data center
  • Securing the Service Provider WAN
Topic 6
  • Advance Security Concepts
  • Fundamental Security Concepts
Topic 7
  • Internet edge security design principles
  • Asymmetrical traffic handling
Topic 8
  • Junos Space management platform
  • Securing the Enterprise WAN
  • Securing the individual devices
Topic 9
  • Describe the design considerations of high availability in a secure networks
  • Stateful security policies
Topic 10
  • Junos Space Security Director and Log Director
  • Describe the various tenets of common security features

 

JN0-1331 Exam Dumps, JN0-1331 Practice Test Questions: https://www.updatedumps.com/Juniper/JN0-1331-updated-exam-dumps.html

Related Articles

more
Juniper JN0-1331 Certification Practice Exam