JN0-1332 Online Practice Questions and Answers

You are deploying Security Director with the logging and reporting functionality for VMs that use SSDs. You expect to have approximately 20,000 events per second of logging in your network.

In this scenario, what is the minimum number of logging and reporting devices that should be used?

A. 2

B. 4

C. 1

D. 3

Which statement is correct about service chaining?

A. Service chaining uses IPsec to connect together two or more VMs

B. Service chaining evaluates traffic by using multiple security features on the same instance

C. Service chaining redirects traffic back through the same device for additional processing

D. Service chaining combines multiple VNF instances together in the data flow

You want to deploy a VPN that will connect branch locations to the main office. You will eventually add additional branch locations to the topology, and you must avoid additional configuration on the hub when those sites are added.

In this scenario, which VPN solution would you recommend?

A. Site-to-Site VPN

B. Hub-and-Spoke VPN

C. AutoVPN

D. Group VPN

Policy Enforcer provides which benefit?

A. log management

B. command and control protection

C. centralized management of security devices

D. IPsec encryption

What is the maximum number of SRX Series devices in a chassis cluster?

A. 2

B. 3

C. 4

D. 5

You are designing a DDoS solution for an ISP using BGP FlowSpec. You want to ensure that BGP FlowSpec does not overwhelm the ISP's edge routers.

Which two requirements should be included in your design? (Choose two.)

A. Specify a maximum number BGP FlowSpec prefixes per neighbor

B. Implement a route policy to limit advertised routes to /24 subnets

C. Implement a route policy to limit advertised routes to any public IP space

D. Specify a maximum number of BGP FlowSpec prefixes per device

You have multiple SRX chassis clusters on a single broadcast domain. Why must you assign different cluster IDs in this scenario?

A. to avoid MAC address conflicts

B. to avoid control link conflicts

C. to avoid node numbering conflicts

D. to avoid redundancy group conflicts

You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic.

In this scenario, which type of WAN load balancing would you use?

A. BGP

B. OSPF

C. FBF

D. ECMP

You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below:

1.

You must ensure that every packet entering your device is independently inspected against a set of rules.

2.

You must provide a way to protect the device from undesired access attempts.

3.

You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device.

In this scenario, what do you recommend using to accomplish these requirements?

A. firewall filters

B. intrusion prevention system

C. unified threat management

D. screens

You are designing a solution to protect a service provider network against volumetric denial-of-service attacks. Your main concern is to protect the network devices. Which two solutions accomplish this task? (Choose two.)

A. next-generation firewall

B. screens

C. intrusion prevention system

D. BGP FlowSpec

What are two benefits of the vSRX in a virtualized private or public cloud multitenant environment? (Choose two.)

A. full logical systems capabilities

B. stateful firewall protection at the tenant edge

C. 100GbE interface support

D. OSPFv3 capabilities

You are creating a data center security design. Virtual security functions must be performed on east-west traffic. Security functions must be commissioned and decommissioned frequently, and the least resource-intensive architecture must be used.

In this scenario, what will accomplish this task?

A. all-in-one NFV security devices with device templates

B. service chaining with container-based security functions

C. a security appliance segmented into logical systems

D. filter-based forwarding to direct traffic to the required security devices

You are responding to an RFP for securing a large enterprise. The RFP requires an onsite security solution which can use logs from third-party sources to prevent threats. The solution should also have the capability to detect and stop zero- day attacks.

Which Juniper Networks solution satisfies this requirement?

A. IDP

B. Sky ATP

C. JSA

D. JATP

You are designing a corporate WAN using SRX Series devices as a combined firewall and router at each site.

Regarding packet-mode and flow-mode operations in this scenario, which statement is true?

A. Packet-mode on SRX Series devices is required for deep packet inspection

B. Packet-mode is only supported on high-end SRX Series devices

C. An SRX Series device in flow-mode cannot forward packet-mode traffic

D. Flow-mode on SRX Series devices is required for security services

You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites.

Which feature will secure the traffic?

A. BFD

B. OSPF

C. GRE

D. IPsec