Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-335

Juniper JN0-335 Exam
Security, Specialist (JNCIS-SEC) (Page 3 )

Updated On: 7-Feb-2026
Page 3 of 21
PDF with 103 Questions

You have deployed an SRX300 Series device and determined that files have stopped being scanned.
In this scenario, what is a reason for this problem?

  1. The software license is a free model and only scans executable type files.
  2. The infected host communicated with a command-and-control server, but it did not download malware.
  3. The file is too small to have a virus.
  4. You have exceeded the maximum files submission for your SRX platform size.

Answer(s): D

Explanation:

You have exceeded the maximum files submission for your SRX platform size: This statement is correct because file scanning on SRX300 Series device has a limit on the number of files that can be submitted per minute based on the platform size. For example, SRX320 has a limit of 10 files per minute.



Which three statements about SRX Series device chassis clusters are true? (Choose three.)

  1. Chassis cluster control links must be configured using RFC 1918 IP addresses.
  2. Chassis cluster member devices synchronize configuration using the control link.
  3. A control link failure causes the secondary cluster node to be disabled.
  4. Recovery from a control link failure requires that the secondary member device be rebooted.
  5. Heartbeat messages verify that the chassis cluster control link is working.

Answer(s): B,C,E

Explanation:

B) Chassis cluster member devices synchronize configuration using the control link: This statement is correct because the control link is used for configuration synchronization among other functions.
C) A control link failure causes the secondary cluster node to be disabled: This statement is correct because a control link failure causes the secondary node to become ineligible for primary role and remain in secondary role until the control link is restored.
E) Heartbeat messages verify that the chassis cluster control link is working: This statement is correct because heartbeat messages are sent periodically over the control link to monitor its status.



Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)

  1. When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained
  2. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.
  3. When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.
  4. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.

Answer(s): C,D

Explanation:

policy rematch is a feature that enables the device to reevaluate an active session when its associated security policy is modified. The session remains open if it still matches the policy that allowed the session initially. The session is closed if its associated policy is renamed, deactivated, or deleted.



You are asked to block malicious applications regardless of the port number being used. In this scenario, which two application security features should be used? (Choose two.)

  1. AppFW
  2. AppQoE
  3. APPID
  4. AppTrack

Answer(s): A,C

Explanation:

you can block applications and users based on network access policies, users and their job roles, time, and application signatures. You can also use Juniper Advanced Threat Prevention (ATP) to find and block commodity and zero-day cyberthreats within files, IP traffic, and DNS requests1



A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?

  1. the command-and-control cloud feed
  2. the allowlist and blocklist feed
  3. the custom cloud feed
  4. the infected host cloud feed

Answer(s): D

Explanation:

Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers. Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level. Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud. You can also configure your SRX Series device to block traffic from these IP addresses using security policies.






Post your Comments and Discuss Juniper JN0-335 exam prep with other Community members:

Join the JN0-335 Discussion