CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-335

Free JN0-335 Exam Braindumps (page: 9)

Page 2 of 25
PDF with 103 Questions

Regarding static attack object groups, which two statements are true? (Choose two.)

  1. Matching attack objects are automatically added to a custom group.
  2. Group membership automatically changes when Juniper updates the IPS signature database.
  3. Group membership does not automatically change when Juniper updates the IPS signature database.
  4. You must manually add matching attack objects to a custom group.

Answer(s): B,C

Explanation:

static attack object groups are predefined groups of attack objects that are included in Juniper's IPS signature database. These groups do not change automatically when Juniper updates the database.



You are deploying a new SRX Series device and you need to log denied traffic. In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)

  1. session-init
  2. session-close
  3. deny
  4. count

Answer(s): B,C

Explanation:

you need to create a global firewall rulebase that matches RT_FLOW_SESSION_DENY events. To do this, you need to specify two policy parameters: deny and session-close.



You are asked to reduce the load that the JIMS server places on your Which action should you take in this situation?

  1. Connect JIMS to the RADIUS server
  2. Connect JIMS to the domain Exchange server
  3. Connect JIMS to the domain SQL server.
  4. Connect JIMS to another SRX Series device.

Answer(s): D

Explanation:

JIMS server is a Juniper Identity Management Service that collects user identity information from different authentication sources for SRX Series devices. It can connect to SRX Series devices and CSO platform in your network.

JIMS server is a service that protects corporate resources by authenticating and restricting user access based on roles. It connects to SRX Series devices and CSO platform to provide identity information for firewall policies. To reduce the load that JIMS server places on your network, you should connect JIMS to another SRX Series device. This way, you can distribute the identity information among multiple SRX Series devices and reduce network traffic.



Which two statements about unified security policies are correct? (Choose two.)

  1. Unified security policies require an advanced feature license.
  2. Unified security policies are evaluated after global security policies.
  3. Traffic can initially match multiple unified security policies.
  4. APPID results are used to determine the final security policy

Answer(s): C,D

Explanation:

unified security policies are security policies that enable you to use dynamic applications as match conditions along with existing 5-tuple or 6-tuple matching conditions. They simplify application- based security policy management at Layer 7 and provide greater control and extensibility to manage dynamic applications traffic3






Post your Comments and Discuss Juniper JN0-335 exam with other Community members: