Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Jncia Sec

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8
At a glance
Powered by AI
The document discusses several Juniper networking and security concepts and technologies including SRX devices, security policies, NAT, VPNs, and Sky ATP.

Security components and concepts discussed include zones, policies, address objects, applications, unified policies, and proxy IDs. Networking technologies include NAT, VPNs, and hypervisors supporting vSRX.

Hashing functions provide data integrity by ensuring the original data cannot be determined from the hash value and weaker hashes minimize collisions in hash comparisons.

JNCIA-SEC DUMB----------

Question.Which of the following are supported Mini-Physical Interface Modules (Mini-PIMs) on an SRX Series Ser
vices Gateways? (Choose three.)
Answers
1-Port Gigabit Ethernet Small Form-Factor Pluggable (SFP)
DOCSIS
Serial

Questions-Which two SRX Series devices support PoE? (Choose two.)


Answers
SRX650
SRX320

Which two of the following does a default configuration on an SRX300 include? (Choose two.)
an untrust security zone
a DHCP client on ge-0/0/0

What match criteria does an SRX Series device’s network processing unit (NPU) use to determine if a flow already
exists for a packet? (Choose three.)
source port
unique session token number for a given zone and virtual router
protocol

The vSRX is available for which two of the following hypervisors? (Choose two.)
Hyper-V
KVM

When traffic has met match criteria, what options are available to be performed on the traffic? (Choose three.)
deny
permit
reject

After a packet is not able to be matched to an existing session, what is the next service to inspect the packet?
screens

In the context of SRX Series devices, what services does fast-path processing skip? (Choose two.)
policy
zones

Which is the correct syntax representation of a wildcard address for an address book entry?
192.168.0.7/255.255.0.255

What security component is a collection of one of more network segments sharing identical security requirements?
zone
What are two security policy components? (Choose two.)
user-defined address object
application

Which two statements are true regarding unified security policies? (Choose two.)
A unified policy can be a global-based policy.
A unified policy can be a zone-based policy.

What is a set of rules that tells a Junos security device how to treat transit traffic?
policy

Which order do Junos security devices examine policies for transit traffic?
zone policies, global policies, default policy

Which two criteria are correct when considering security policy rule ordering? (Choose two.
By default, new rules go to the end of the list.
Rules with more specific match criteria should be listed higher.

Which two statements describe the GeoIP feature of Sky ATP? (Choose two.)
The SRX Series device needs connectivity with the Sky ATP cloud for GeoIP to function properly.
GeoIP uses dynamic address entries.

Which two statements describe the C&C threat prevention feature of Sky ATP? (Choose two.)
C&C threat prevention can stop hosts in your network from unwillingly participating in a DDoS attack.
C&C threat prevention stops compromised hosts in your network from communicating with known C&C servers.

Which two statements are true about Sky ATP e-mail protection? (Choose two.)
Sky ATP e-mail protection inspects SMTP traffic.
Sky ATP e-mail protection inspects IMAP traffic.

If you need to protect against malicious files that might be download through Web-based e-mail, which Sky ATP pr
otection mechanism should you use?
HTTP file inspection

Which statement is correct about interface-based NAT?


Interface-based NAT uses the outbound interface IP address to translate the source address of outgoing packets.

When does a Junos security device implement NAT?


both first path and fast path processing

Bidirectional initiation of translation is classified as which type of NAT?


static
What are two types of source NAT? (Choose two.)
pool-based
interface-based

In the J-Web user interface, which feature is used to facilitate building IPsec VPN tunnels?
the VPN Wizard

You are configuring an SRX Series device to inter-operate with a third-party IPsec VPN endpoint that uses policies t
o create the VPN. In this scenario, what must be configured for the VPN to work?
proxy IDs

When considering secure VPNs, what are three major security concerns? (Choose three.)
integrity
confidentiality
source authentication

Hashed Message Authentication Code (HMAC) is a source authentication method based on which three procedures?
(Choose three.)
pre-shared key must be known by both sides
adds a pre-shared key (PSK) to the hashing process
validates data integrity and verifies that the data came from the proper source

What is the correct order for processing UTM traffic within the Junos flow module services
interface I/O, security policy, TCP proxy, application proxy

A security administrator wants to deploy application control policies to allow or deny traffic based on dynamic appli
cations in the organization's Amazon Web Services (AWS) deployment. Which action would accomplish this task?
Deploy a vSRX with the AppSecure suite in AWS and configure the AppFW.

Which statement is correct about the antivirus feature on SRX Series devices?
The Sophos antivirus feature is less CPU intensive than the full file-based antivirus feature.

Which three features are does Unified Threat Management (UTM) include? (Choose three.)
antivirus
content filtering
antispam

You are installing a Junos Space Log Collector VM for a large-scale deployment. What are two valid node types for
this deployment? (Choose two.)
Log Receiver node
Log Storage node
You have downloaded the package “junos-srxme-19.1R1.6-domestic.tgz”. Based on the naming convention, which t
wo things are true about this release? (Choose two.)
It is a standard release.
It supports strong encryption

.
Prior to creating reports by the routing engines, what must be enabled on an SRX Series device?
security logging

On an SRX Series device, which two troubleshooting utilities are available within the J-Web interface? (Choose two
.)
Traceroute
Ping Host
Retake

===================================================================================
======
What are two distinctions of a Junos control plane? (Choose two.)
implemented on the PFE
responsible for kernel processes

===================================================================================
======

What are two distinctions of a Junos data plane? (Choose two.)


clustering control
implemented on the PFE

===================================================================================
======

What are two examples of exception traffic? (Choose two.)


packets with IP options
ICMP

===================================================================================
======

Which two items are true of J-Web? (Choose two.)


configuration commits are required
real-time monitoring

===================================================================================
======

What are two requirements of a functional zone? (Choose two.)


It must be named management.
It cannot pass transit traffic.
Which statement is true about a Junos security device?
By default, a Junos security device does not allow traffic destined to itself.

Which zone is a system defined zone?


junos-host

Which security component would help identify application type of all allowed traffic traversing port 80?
application firewall

Security policy components require which three of the following? (Choose three.)
log
match criteria
a user-defined name

What is the default policy’s action for any traffic not matching a configured zone security policy or global policy?
silent discard

Which two statements are correct regarding Sky ATP file inspection profiles? (Choose two.)
They are used to determine which action to take for malicious files found in SMTP traffic.
They are used to determine which action to take for malicious files found in HTTP traffic.

If you are using the free version of Sky ATP, which file type can you scan?
EXE files

What is the next step after creating a threat prevention policy?


Reference the threat prevention policy in a security policy.

When is the default action of an advanced anti-malware policy applied to a file?


When the verdict number of the file is less than the verdict threshold.

What does a Junos OS security device do to existing sessions upon commit, when a change is made to a NAT rule p
ool that is currently in use?
It destroys the existing session and creates a new session for matched traffic.

You have enabled a NAT pool on an SRX Series device; however, you are not receiving any return traffic. What con
figuration item will solve this?
enabling proxy ARP

In the first layer of a two-layer matching condition for a NAT rule, what are three matching options for the traffic dir
ection matching from a “from” clause? (Choose three.)
interface
TCP/IP port
MAC address

Which operational command allows users to observe NAT translations


show security flow session

What are two methods by which hashing functions provide data integrity in VPNs? (Choose two.)
original data cannot be determined from the hash value
weaker hashes minimize collisions in hash comparisons

In the IKE Phase 1 configuration, what are the two choices for “Mode”? (Choose two.)
aggressive
main

How do traffic selectors distinguish interesting transit traffic over a VPN tunnel?
by specifying accepted networks

When setting up a VPN to a remote gateway, what would selecting the “Optimized” check box do when selecting “E
nable VPN monitor”?
consider transit traffic as the tunnel verification

When does a Junos security device perform UTM inspection?


both first path and fast path processing

Which list order does the antispam filter process e-mail for spam?

blacklist, whitelist, external spam block list server

What two whitelist types are supported for the SRX antivirus module? (Choose two.)
URL
MIME

Which two methods are used to notify a user they’ve had content blocked an SRX Series device? (Choose two.)
embedded message in the protocol
an e-mail message can be sent

Using the J-Web interface on an SRX Series device, what information is available when displaying the Monitor -> R
outing -> Route Information?
next-hop type
Using J-Web on an SRX Series device, what are two required fields for the initial setup? (Choose two.)
Host Name
Root Password

Which three Juniper devices are supported by Juniper Sky Enterprise? (Choose three.)

SRX Series
NFX Series
EX Series

Which three reports does Juniper Sky Enterprise offer in real-time on Junos EX Series devices? (Choose three.)

ARP tables
PoE monitoring
live packet capture

Which two hypervisors support vSRX Series devices? (Choose two.)

VMware ESX
KVM

Click the Exhibit button. Users are restricted from accessing Facebook, however, a recent examination of the securit
y logs show that users are accessing Facebook. Referring to the exhibit, what should you do to solve the problem?

Change the Block-Facebook-Access rule dynamic application to "any".

What are two security policy components? (Choose two.)


application
user-defined address object

A security administrator wants to deploy application control policies to allow or deny traffic based on dynamic appli
cations in the organization's Amazon Web Services (AWS) deployment. Which action would accomplish this task?
Deploy a vSRX in AWS and configure a new security policy with the respective IP address and port numbers.

Which two statements are true regarding unified security policies? (Choose two.)
A unified policy cannot be a zone-based policy.
A unified policy can be a global-based policy.

Which statement is correct about interface-based NAT?


Interface-based NAT uses the outbound interface IP address to translate the source address of outgoing packets.

In the J-Web user interface, which feature is used to facilitate building IPsec VPN tunnels?
the VPN Wizard

You are configuring an SRX Series device to inter-operate with a third-party IPsec VPN endpoint that uses policies t
o create the VPN. In this scenario, what must be configured for the VPN to work?
proxy IDs

Which statement is correct about the antivirus feature on SRX Series devices?
The Sophos antivirus feature is less CPU intensive than the full file-based antivirus feature.

You are installing a Junos Space Log Collector VM for a large scale deployment. What are two valid node types for
this deployment? (Choose two.)
Log Indexer node
Log Receiver node

You might also like