JN0-1332 Exam - Security Design. Specialist (JNCDS-SEC)

NEW QUESTION 1
You are asked to design an automated vulnerability scanner that can actively check to see which ports are open and report on the findings. Which Junker Networks product would you use in this scenario7

• A. Security Director
• B. Log Director
• C. Policy Enforcer
• D. JSA

Answer: C

NEW QUESTION 2
You are a security architect for a small managed service provider. The marketing team has proposed providing firewall services to the customers.
The requirements for the solution are shown below
-- The customer must be able 10 manage their own security device.
-- You must provide segmentation using Layer 2 and Layer 3.
-- You need to implement dynamic routing
-- You need to provide UTM services
in this scenario. which product would you select to provide the firewall services?

• A. cSRX
• B. vSRX
• C. vMX
• D. vQFX

Answer: D

NEW QUESTION 3
When two security services process a packet whether it is being processed in the first-packet path or the fast path? (Choose two.)

• A. screen options
• B. ALG
• C. route lookup
• D. policy lookup

Answer: CD

NEW QUESTION 4
Your network design requires that you ensure privacy between WAN endpoints. Which transport technology requires an IPsec overlay to satisfy this requirement?

• A. L3VPN
• B. leased line
• C. internet
• D. L2VPN

Answer: A

NEW QUESTION 5
When designing the security for a service provider core router, you are asked to add a firewall fitter on the to0 interface in this scenario, which two protocols would you want to allow through the filter? (Choose two.)

• A. LLDP
• B. SSH
• C. BGP
• D. STP

Answer: AC

NEW QUESTION 6
You must implement a security solution that uses a central database to authenticate devices without EAP-M05 based on their network interface address. Which solution will accomplish this task'?

• A. static MAC bypass
• B. MAC RADIUS
• C. 802.1X single secure
• D. 802.1X multiple

Answer: C

NEW QUESTION 7
When using Contra! networking, security policies are distributed as access control list to which component?

• A. vSwith
• B. vSRX
• C. vMX
• D. vRouter

Answer: D

NEW QUESTION 8
Which two statements are true about WAN security considerations? (Choose two.)

• A. MACsec increases protection on alt WAN types
• B. Provider VPN circuit require iPsec
• C. internal connections are susceptible to fragmentation
• D. IPsec increases protection on all WAN types

Answer: C

NEW QUESTION 9
A new virus is sheading across the Internet, with the potential to affect your customer's network
Which two statements describe how Policy Enforcer interacts with other devices to ensure that the network is protected in this scenario? (Choose two.)

• A. Policy Enforcer pulls security intelligence feeds from Juniper ATP Cloud to apply to SRX Series devices
• B. Policy Enforcer pulls security policies from Juniper ATP cloud and apples them to SRX Series devices
• C. Policy Enforcer automates the enrollment of SRX Series devices with Jumper ATP Cloud
• D. Security Director pulls security intelligence feeds from Juniper ATP Cloud and applies them to Policy Enforcer

Answer: B

NEW QUESTION 10
You arc asked to proud a design proposal to secure a service provider's network against IP spoofing As part of your design, you must ensure that only traffic sourced from the same subnet is followed on the
customer-facing interfaces. Which solution will satisfy this requirement?

• A. BGP with source of origin community
• B. unicast RPF with strict mode
• C. unicast RPF with loose mode
• D. BGP labeled-unicast using the resolve-vpn option

Answer: B

NEW QUESTION 11
You are designing a central management solution Your customer wants a togging solution that will support the collection of up to 10.000 events per second from many SRX Series devices that will be deployed m their network. In this scenario. which solution should you include in your design proposal?

• A. Log Oi rector
• B. Network Director
• C. Contrail Insights
• D. Contrail Server Orchestration

Answer: A

NEW QUESTION 12
You are designing an IP camera solution for your warehouse You must block command and control servers from communicating with the cameras. In this scenario. which two products would you need to include in your design? (Choose two)

• A. SRX Series device
• B. Security Director
• C. Juniper ATP Cloud
• D. IPS

Answer: CD

NEW QUESTION 13
What are two characteristics of an overlay network design? (Choose two.)

• A. The overlay network contains per-tenant state
• B. The overlay network uses tunnels to transfer traffic.
• C. The physical network contains per-tenant state.
• D. The physical network uses tunnels to transfer traffic

Answer: A

NEW QUESTION 14
Which type of SDN implementation docs Contrail use?

• A. SDN using API
• B. Overlay SDN
• C. OpenFlow
• D. open SDN

Answer: D

NEW QUESTION 15
Which firewall service is used as a first line of defense and often used by a security device to protect itself?

• A. intrusion prevention system
• B. unified Threat management
• C. network address translation
• D. stateless firewall filter

Answer: A

NEW QUESTION 16
......