JN0-1331 Online Practice Questions and Answers

You are asked to include anti-malware features into an existing network design. Traffic from the infected machines must be moved to a quarantined VLAN.

Which product will provide this segregation?

A. screens

B. Sky ATP

C. unified threat management

D. Software Defined Secure Network

You are designing an Internet security gateway (ISG) for your company and are considering a centralized versus a distributed model for ISGs.

Which two statements are correct in this scenario? (Choose two.)

A. Distributed ISGs typically have less latency compared to centralized ISGs

B. Distributed ISGs reduce bandwidth for end users

C. Distributed ISGs typically require extra bandwidth for management

D. Distributed ISGs are harder to manage compared to centralized ISGs

What is the maximum number of SRX Series devices in a chassis cluster?

A. 2

B. 3

C. 4

D. 5

You are asked to virtualize numerous stateful firewalls in your customer's data center. The customer wants the solution to use the existing Kubernetes-orchestrated architecture.

Which Juniper Networks product would satisfy this requirement?

A. vMX

B. vSRX

C. cSRX

D. CTP Series

You must allow applications to connect to external servers. The session has embedded IP address information to enable the remote system to establish a return session.

In your design, which function should be implemented?

A. source NAT

B. application layer gateway

C. destination NAT

D. HTTP redirect

Your customer needs help designing a single solution to protect their combination of various Junos network devices from unauthorized management access.

Which Junos OS feature will provide this protection?

A. Use a firewall filter applied to the fxp0 interface

B. Use a security policy with the destination of the junos-host zone

C. Use the management zone host-inbound-traffic feature

D. Use a firewall filter applied to the lo0 interface

Your customer is getting ready to deploy a new WAN architecture. It must be simple to set up, address hub scaling concerns, and allow the automatic addition of new sites without requiring changes to the hub site. They want to deploy either AutoVPN or Auto Discovery VPN.

In this scenario, why would you propose Auto Discovery VPN as a solution?

A. Your customer requires direct spoke-to-spoke communication

B. OSPF support is required

C. Only Auto Discovery VPN supports the automatic addition of valid spokes

D. Your customer needs to configure the hub site only once

You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic.

In this scenario, which type of WAN load balancing would you use?

A. BGP

B. OSPF

C. FBF

D. ECMP

You are designing an SDSN security solution for a new campus network. The network will consist of Juniper Networks Policy Enforcer, Juniper Networks switches, third-party switches, and SRX Series devices. The switches and the SRX Series devices will be used as security enforcement points.

Which component supports the SRX Series devices in this scenario?

A. Security Director

B. RADIUS server

C. certificate server

D. DHCP server

You are creating a data center security design. Virtual security functions must be performed on east-west traffic. Security functions must be commissioned and decommissioned frequently, and the least resource-intensive architecture must be used.

In this scenario, what will accomplish this task?

A. all-in-one NFV security devices with device templates

B. service chaining with container-based security functions

C. a security appliance segmented into logical systems

D. filter-based forwarding to direct traffic to the required security devices

Your company has 500 branch sites and the CIO is concerned about minimizing the potential impact of a VPN router being stolen from an enterprise branch site. You want the ability to quickly disable a stolen VPN router while minimizing administrative overhead.

Which solution accomplishes this task?

A. Implement a certificate-based VPN using a public key infrastructure (PKI)

B. Modify your IKE proposals to use Diffie-Hellman group 14 or higher

C. Use firewall filters to block traffic from the stolen VPN router

D. Rotate VPN pre-shared keys every month

You are asked to design a security solution for your client's new two-tier data center. The client has a need for some flows to bypass firewall inspection entirely.

Where should the firewall be deployed in this data center?

A. inline, between the core switches and the access switches

B. inline, between the core switches and the edge routers

C. one-arm configuration, connected to the core switches

D. one-arm configuration, connected to each access switch

You are asked to design a secure enterprise WAN where all payload data is encrypted and branch sites communicate directly without routing all traffic through a central hub.

Which two technologies would accomplish this task? (Choose two.)

A. group VPN

B. AutoVPN

C. MPLS Layer 3 VPN

D. Auto Discovery VPN

You are concerned about users attacking the publicly accessible servers in your data center through encrypted channels. You want to block these attacks using your SRX Series devices.

In this scenario, which two features should you use? (Choose two.)

A. Sky ATP

B. IPS

C. SSL forward proxy

D. SSL reverse proxy

You are asked to provide a design proposal for a campus network. As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network.

Which feature meets this requirement?

A. IPsec

B. 802.1X

C. NAT

D. ALGs