CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-335

Free JN0-335 Exam Braindumps (page: 5)

Page 4 of 25
PDF with 99 Questions

How does the SSL proxy detect if encryption is being used?

  1. It uses application identity services.
  2. It verifies the length of the packet
  3. It queries the client device.
  4. It looks at the destination port number.

Answer(s): D

Explanation:

The SSL proxy can detect if encryption is being used by looking at the destination port number of the packet. If the port number is 443, then the proxy can assume that the packet is being sent over an encrypted connection. If the port number is different, then the proxy can assume that the packet is not encrypted. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.


Reference:

Juniper Networks Security, Specialist (JNCIS-SEC) Study Guide, Chapter 6: SSL Proxy, page 6-9.
The SSL proxy is a security feature that provides visibility and control over SSL/TLS encrypted traffic.
When SSL proxy is enabled, it intercepts SSL/TLS traffic and decrypts it to allow visibility into the content of the encrypted traffic. However, before decrypting the traffic, the SSL proxy must first determine if the traffic is encrypted.
To detect if encryption is being used, the SSL proxy looks at the destination port number. If the destination port number is a known SSL/TLS port (e.g., TCP port 443), the SSL proxy assumes that encryption is being used and intercepts the traffic. If the destination port is not a known SSL/TLS port, the SSL proxy does not intercept the traffic and allows it to pass through the device unmodified.



Which two statements are correct when considering IPS rule base evaluation? (Choose two.)

  1. IPS evaluates rules concurrently.
  2. IPS applies the most severe action to traffic matching multiple rules,
  3. IPS evaluates rules sequentially
  4. IPS applies the least severe action to traffic matching multiple rules.

Answer(s): A,B


Reference:

Juniper Networks Security, Specialist (JNCIS-SEC) Study Guide, Chapter 7: Intrusion Prevention System, page 7-5.
The Intrusion Prevention System (IPS) is a feature that provides protection against network-based threats. The IPS uses a rule base to evaluate network traffic and apply actions based on the rules that match the traffic.
When evaluating the rule base, the IPS evaluates the rules concurrently (option A). This means that the IPS can apply multiple rules to the same traffic simultaneously. If multiple rules match the same traffic, the IPS applies the most severe action (option B). This means that if there are conflicting actions specified in different rules, the IPS will apply the action that has the highest severity. For example, if one rule specifies a "drop" action and another rule specifies a "log" action for the same traffic, the IPS will drop the traffic because dropping has a higher severity than logging.



You have implemented a vSRX in your VMware environment. You want to implement a second vSRX Series device and enable chassis clustering.
Which two statements are correct in this scenario about the control-link settings? (Choose two.)

  1. In the vSwitch security settings, accept promiscuous mode.
  2. In the vSwitch properties settings, set the VLAN ID to None.
  3. In the vSwitch security settings, reject forged transmits.
  4. In the vSwitch security settings, reject MAC address changes.

Answer(s): C,D



Which two statements are true about the vSRX? (Choose two.)

  1. It does not have VMXNET3 vNIC support.
  2. It has VMXNET3 vNIC support.
  3. UNIX is the base OS.
  4. Linux is the base OS.

Answer(s): B,D


Reference:

Juniper Networks Security, Specialist (JNCIS-SEC) Study Guide, Chapter 1: Introduction to Junos Security, page 1-8.
The vSRX is a virtual security appliance that runs on a virtual machine. It provides firewall, VPN, and other security services in a virtualized environment.
The vSRX is based on a version of Junos OS that is optimized for virtualization. It runs on a Linux kernel and uses a KVM hypervisor. It supports VMware ESXi and KVM hypervisors. The vSRX has support for VMXNET3 vNICs, which are high-performance virtual network interfaces provided by VMware. These interfaces can provide higher throughput and lower CPU utilization than other virtual NIC types.






Post your Comments and Discuss Juniper JN0-335 exam with other Community members:

JN0-335 Discussions & Posts