Download Security Design, Specialist (JNCDS-SEC).JN0-1330.PracticeTest.2018-04-09.36q.vcex
| Vendor: | Juniper |
| Exam Code: | JN0-1330 |
| Exam Name: | Security Design, Specialist (JNCDS-SEC) |
| Date: | Apr 09, 2018 |
| File Size: | 1 MB |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
You must implement access control lists to protect the control plane of a service provider’s core devices.
What are two ways to accomplish this task? (Choose two.)
- Implement access control lists to filter RFC 1918 IP addresses from reaching the control plane.
- Implement access control lists to permit only internal management networks to reach the control plane.
- Implement access control lists to drop all IP packets that are fragments.
- Implement access control lists to protect the control plane against unauthorized user credentials.
Correct answer: BC
Question 2
What is the maximum number of SRX Series devices in a chassis cluster?
- 2
- 3
- 4
- 5
Correct answer: A
Question 3
Due to changes in security requirements you must place a firewall between an existing Web server farm and a database server farm residing in the same subnet.
In this scenario, why would you choose transparent mode as your operating mode?
- Transparent mode does not require zones to be configured.
- Transparent mode can be implemented with no changes to the current IP addresses.
- Transparent mode policies can be enforced based on MAC address ranges.
- Transparent mode allows only IP packets to pass through the security policies.
Correct answer: B
Question 4
Spotlight Secure provides which benefit?
- log management
- botnet protection
- centralized management of security devices
- IPsec encryption
Correct answer: C
Question 5
What are three characteristics of the integrated user firewall feature? (Choose three.)
- RADIUS user authentication is performed.
- Enforcement is performed at access.
- Best-effort user authentication is performed.
- Passive authentication is performed.
- Enforcement is performed at the firewall.
Correct answer: CDE
Explanation:
Reference: http://www.juniper.net/documentation/en_US/junos15.1x49/topics/concept/security-user-firewall-3-tier-understanding.html Reference: http://www.juniper.net/documentation/en_US/junos15.1x49/topics/concept/security-user-firewall-3-tier-understanding.html
Question 6
You must design a solution to collect logs from a group of SRX Series devices using Junos Space Log Director. You will deploy this solution on virtual machines that will support traffic peaks up to 7,500 events per second.
How would you accomplish this task?
- Implement one centralized log collector and continue the SRX Series clusters to forward logs to it.
- Implement one centralized log concentrator and configure the SRX Series clusters to forward logs to it.
- Implement one log concentrator, two log collectors, and a load balancer in front of them, configuring SRX Series devices to forward the logs to the Load Balancer VIP interface.
- Implement one log concentrator, three log collectors, and configure the SRX Series clusters to distribute the logs among the log collectors.
Correct answer: D
Explanation:
Reference: http://www.juniper.net/techpubs/en_US/junos-space14.1/logging-reporting/information-products/topic-collections/junos-space-security-director-logging-reporting-getting-started-guide.pdf Reference: http://www.juniper.net/techpubs/en_US/junos-space14.1/logging-reporting/information-products/topic-collections/junos-space-security-director-logging-reporting-getting-started-guide.pdf
Question 7
You are asked to implement port-based authentication on your access switches. Security and ease of access are the two primary requirements.
Which authentication solution satisfies these requirements?
- MAC RADIUS
- network access control
- firewall authentication
- IPsec tunnel
Correct answer: A
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos12.1x46/topics/concept/layer-2-8021x-port-network-authentication-security-understanding.html Reference: https://www.juniper.net/documentation/en_US/junos12.1x46/topics/concept/layer-2-8021x-port-network-authentication-security-understanding.html
Question 8
What is one way to increase the security of a site-to-site IPsec VPN tunnel?
- Implement a stronger Diffie-Hellman group.
- Change IKE Phase 1 from main mode to aggressive mode.
- Implement traffic selectors.
- Implement a policy-based VPN.
Correct answer: C
Question 9
Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support dual stack. They have decided against using a dynamic routing protocol. They are concerned about the difficulty of managing configurations and operations at the hub location as they deploy branch routers.
In this scenario, what are three reasons for selecting route-based VPNs with traffic selectors? (Choose three.)
- Traffic selectors support IPv4 and IPv6.
- Traffic selectors reduce the number of Phase 2 IPsec security associations.
- Traffic selectors reduce latency because they bypass UTM.
- Traffic selectors support auto route insertion.
- You can define multiple traffic selectors within a single route-based VPN.
Correct answer: ADE
Explanation:
Reference: http://www.juniper.net/documentation/en_US/junos15.1x49/topics/concept/ipsec-vpn-traffic-selector-understanding.html Reference: http://www.juniper.net/documentation/en_US/junos15.1x49/topics/concept/ipsec-vpn-traffic-selector-understanding.html
Question 10
What are the three activities in the reconnaissance phase of an attack? (Choose three.)
- Determine the device OS.
- Scan for devices and ports to exploit.
- Install malware.
- Propagate the virus to servers and workstations.
- Map the network.
Correct answer: ABE
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!