Question No. 1

Regarding static attack object groups, which two statements are true? (Choose two.)

AMatching attack objects are automatically added to a custom group.

BGroup membership automatically changes when Juniper updates the IPS signature database.

CGroup membership does not automatically change when Juniper updates the IPS signature database.

DYou must manually add matching attack objects to a custom group.

Show Answer

Correct Answer: B, C

static attack object groups are predefined groups of attack objects that are included in Juniper's IPS signature database.These groups do not change automatically when Juniper updates the database2.

Question No. 2

You are deploying a new SRX Series device and you need to log denied traffic.

In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)

Asession-init

Bsession-close

Cdeny

Dcount

Show Answer

Correct Answer: B, C

you need to create a global firewall rulebase that matches RT_FLOW_SESSION_DENY events2.To do this, you need to specify two policy parameters:denyandsession-close3.

Question No. 3

You are asked to reduce the load that the JIMS server places on your Which action should you take in this situation?

AConnect JIMS to the RADIUS server

BConnect JIMS to the domain Exchange server

CConnect JIMS to the domain SQL server.

DConnect JIMS to another SRX Series device.

Show Answer

Correct Answer: D

JIMS serveris aJuniper Identity Management Servicethat collects user identity information from different authentication sources for SRX Series devices12.It can connect to SRX Series devices and CSO platform in your network1.

JIMS server is a service that protects corporate resources by authenticating and restricting user access based on roles2.It connects to SRX Series devices and CSO platform to provide identity information for firewall policies1.To reduce the load that JIMS server places on your network, you should connect JIMS to another SRX Series device1. This way, you can distribute the identity information among multiple SRX Series devices and reduce network traffic.

Question No. 4

Which two statements about unified security policies are correct? (Choose two.)

AUnified security policies require an advanced feature license.

BUnified security policies are evaluated after global security policies.

CTraffic can initially match multiple unified security policies.

DAPPID results are used to determine the final security policy

Show Answer

Correct Answer: C, D

unified security policies are security policies that enable you to use dynamic applications as match conditions along with existing 5-tuple or 6-tuple matching conditions12.They simplify application-based security policy management at Layer 7 and provide greater control and extensibility to manage dynamic applications traffic3

Question No. 5

Exhibit

Referring to the exhibit, which two statements describe the type of proxy used? (Choose two.)

Aforward proxy

Bclient protection proxy

Cserver protection proxy

Dreverse proxy

Show Answer

Correct Answer: B, C

B)Client protection proxy: This statement iscorrectbecause a forward proxy can also be called a client protection proxy since it protects the user's identity and computer information from the web server4.

C)Server protection proxy: This statement iscorrectbecause a reverse proxy can also be called a server protection proxy since it protects the web server's identity and location from the user4.

Free Juniper JN0-335 Exam Actual Questions

The questions for JN0-335 were last updated On Apr 30, 2024