Download Security Design Specialist.JN0-1331.VCEplus.2020-12-08.65q.vcex

Vendor: Juniper
Exam Code: JN0-1331
Exam Name: Security Design Specialist
Date: Dec 08, 2020
File Size: 246 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
You are deploying Security Director with the logging and reporting functionality for VMs that use SSDs. You expect to have approximately 20,000 events per second of logging in your network.
In this scenario, what is the minimum number of logging and reporting devices that should be used?
  1. 1
  2. 3
Correct answer: C
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos-space17.1/topics/task/multi-task/junos-space-sd-log-collector-installing.html
Reference: https://www.juniper.net/documentation/en_US/junos-space17.1/topics/task/multi-task/junos-space-sd-log-collector-installing.html
Question 2
You are concerned about users attacking the publicly accessible servers in your data center through encrypted channels. You want to block these attacks using your SRX Series devices. In this scenario, which two features should you use? (Choose two.)
  1. Sky ATP
  2. IPS
  3. SSL forward proxy
  4. SSL reverse proxy
Correct answer: BC
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-ssl-tls.html
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-ssl-tls.html
Question 3
Your customer needs help designing a single solution to protect their combination of various Junos network devices from unauthorized management access.
Which Junos OS feature will provide this protection?
  1. Use a firewall filter applied to the fxp0 interface
  2. Use a security policy with the destination of the junos-host zone
  3. Use the management zone host-inbound-traffic feature
  4. Use a firewall filter applied to the lo0 interface
Correct answer: A
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-router-security-supported-features.html
Reference: https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-router-security-supported-features.html
Question 4
You must allow applications to connect to external servers. The session has embedded IP address information to enable the remote system to establish a return session.
In your design, which function should be implemented?
  1. source NAT
  2. application layer gateway 
  3. destination NAT
  4. HTTP redirect
Correct answer: A
Question 5
You are using SRX Series devices to secure your network and you require sandboxing for malicious file detonation. However, per company policy, you cannot send potentially malicious files outside your network for sandboxing.
Which feature should you use in this situation?
  1. Sky ATP
  2. UTM antivirus
  3. IPS
  4. JATP
Correct answer: D
Explanation:
Juniper Advanced Threat Prevention ApplianceReference: https://www.juniper.net/us/en/products-services/security/srx-series/datasheets/1000654.page
Juniper Advanced Threat Prevention Appliance
Reference: https://www.juniper.net/us/en/products-services/security/srx-series/datasheets/1000654.page
Question 6
You are creating a security design proposal for an enterprise customer. As part of the design, you are implementing 802.1x authentication on your EX Series devices.
In this scenario, which two statements are correct? (Choose two.)
  1. The supplicant is the device that prevents the authenticator's access until it is authenticated
  2. The supplicant is the device that is being authenticated
  3. The authenticator is the device that is being authenticated
  4. The authenticator is the device that prevents the supplicant's access until it is authenticated
Correct answer: BD
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/802-1x-authentication-switching-devices.html
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/802-1x-authentication-switching-devices.html
Question 7
You are asked to install a mechanism to protect an ISP network from denial-of-service attacks from a small number of sources.
Which mechanism will satisfy this requirement?
  1. RTBH
  2. UTM
  3. Sky ATP
  4. GeoIP
Correct answer: A
Explanation:
Reference: https://www.juniper.net/documentation/en_US/day-one-books/DO_BGP_FLowspec.pdf
Reference: https://www.juniper.net/documentation/en_US/day-one-books/DO_BGP_FLowspec.pdf
Question 8
You are responding to an RFP for securing a large enterprise. The RFP requires an onsite security solution which can use logs from third-party sources to prevent threats. The solution should also have the capability to detect and stop zeroday attacks.
Which Juniper Networks solution satisfies this requirement?
  1. IDP
  2. Sky ATP
  3. JSA
  4. JATP
Correct answer: D
Explanation:
Reference: https://www.juniper.net/uk/en/products-services/security/advanced-threat-prevention/
Reference: https://www.juniper.net/uk/en/products-services/security/advanced-threat-prevention/
Question 9
You are designing an SDSN security solution for a new campus network. The network will consist of Juniper Networks Policy Enforcer, Juniper Networks switches, third-party switches, and SRX Series devices. The switches and the SRX Series devices will be used as security enforcement points.
Which component supports the SRX Series devices in this scenario?
  1. Security Director 
  2. RADIUS server
  3. certificate server
  4. DHCP server
Correct answer: A
Explanation:
Reference: https://www.juniper.net/documentation/en_US/release-independent/solutions/topics/concept/sg-006a-sdsn-product-components.html
Reference: https://www.juniper.net/documentation/en_US/release-independent/solutions/topics/concept/sg-006a-sdsn-product-components.html
Question 10
Your company has outgrown its existing secure enterprise WAN that is configured to use OSPF, AutoVPN, and IKE version 1. You are asked if it is possible to make a design change to improve the WAN performance without purchasing new hardware.
Which two design changes satisfy these requirements? (Choose two.)
  1. Modify the IPsec proposal from AES-128 to AES-256
  2. Change the IGP from OSPF to IS-IS
  3. Migrate to IKE version 2
  4. Implement Auto Discovery VPN
Correct answer: BD
Explanation:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!