Juniper Certified Security Professional JNCIP-SEC Practice Questions

Juniper Certified Security Professional JNCIP-SEC Practice Questions

How does secure wire mode differ from transparent mode?
You are trying to get a SSH honeypot setup on a Juniper ATP appliance collector. The collector is running with hardware with two physical interfaces and two physical CPU cores. The honeypot feature is not working What would be a cause of this problem?
A user is unable to reach a necessary resource. You discover the path through the srx series device includes several security features. The traffic is not being evaluated by any security policy In this scenario, which two components within the flow module would affect the traffic? (Choose two.)
Your SRX series device does not see the SYN packet
You have set up security director with policy enforcer and have configured 12 third-party feeds and sky atp feed. You are also injecting 16 feeds using the available open api. You want to add another compatible feed using open api, but policy enforcer is not receiving the new feed What is the problem scenario?
An administrator want to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, with the internal resource having previously sent packets to the external host Which configuration setting is used to accomplish this goal?
Which would you use the port-overload-factor 1?
Which Junos security feature is used for signature-based attack prevention?
Which two statement are true about ADVPN members? (Choose two.)
You have noticed a high number of TCP-based attacks directed toward your primary edge device. You are asked to configure the IDP feature on your SRX Series device to block this attack. Which two IDP attack objects would you configure to solve this problem? (Choose two.)
Which two log format types are supported by the JATP appliance? (Choose two.)
You are asked to set up notifications if one of your collector traffic feeds drops below 100 kbps. Which two configuration parameters must be set to accomplish this task? (Choose two.)
You have a remote access VPN where the remote users are using the NCP client. The remote users can access the internal corporate resources as intended; however, traffic that is destined to all other internet sites is going through the remote access VPN. You want to ensure that only traffic that is destined to the internal corporate resources use the remote access VPN. Which two actions should you take to accomplish this task? (choose two.)
Your organization has multiple Active Directory domain to control user access. You must ensure that security polices are passing traffic based upon the user’s access rights. What would you use to assist your SRX series devices to accomplish this task?
Malware that is detonated by the JATP sandbox must be able to communicate with the internet without being able to harm your local network resources. Which statement is correct in this scenario?
. You are asked to secure your network against TOR network traffic. Which two Juniper products would accomplish this task? (Choose two.)
You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers. What will satisfy this requirement?
You opened a support ticket with JTAC for your Juniper ATP appliance. JTAC asks you to set up access to the device using the reverse SSH connection. Which three setting must be configured to satisfy this request? (Choose three.)
Which interface family is required for Layer 2 transparent mode on SRX Series devices?
The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device. In this scenario, which two statements related to the feature are true? (Choose two.)
You are asked to configure an SRX Series device to bypass all security features for IP traffic from the engineering depart. Which firewall filter will accomplish this task
In a Juniper ATP Appliance, what would be a reason for the mitigation rule to be in the failed-remove state?
You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic. Which two statement are true regarding this implementation? (Choose two.)
You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate. Which configuration accomplishes these objectives?
You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to ensure remote users can access the webserver. Which two statements are true in this scenario? (Choose two.)
You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance. What would be a cause of this problem?
You must implement an IPsec VPN on an SRX Series device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority. In this scenario, which statement is correct.
You are asked to merge the corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX Series device serves as the gateway for each network. Which solution allows you to merge the two networks without modifying the current address assignments?
You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the “Policy is out of sync between RE and PFE .” error. Which command would be used to solve the problem?
In which two ways are tenant systems different from logical systems? (Choose two.)
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites. In this scenario, which VPN should be used?
Which three type of peer devices are supported for Cos-Based IPsec VPN?
Which three role or protocol are required when configuring an ADVPN? (choose three)
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
You have configured three logical tunnel interfaces in a tenant system on the SRX series devices…. In this scenario, what would case this problem.
Which two modes are supported Juniper Skey ATP? (Choose two)
You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network consists of SRX340s and SRX5600s. In this scenario, which two statements are true? (Choose two.)
Which feature of Sky ATP is deployed with Policy Enforcer?
You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed. You specific traceoption flag will help you troubleshoot this problem.
You configured a security policy permitting traffic from the trust zone to the DMZ zone, inserted the new policy at the top of the list, and successfully committed it to the SRX series device, Upon monitoring you notice that the hit count does not increase on the newly configured policy. In this scenario, which two commands would help you to identify the problem? (Choose two.)
Your company has purchased a competitor and now must connect the new network to the existing one. The competitors gateway device is receiving its ISP address using DHCP. Communication between the two sites must be secured; however, obtaining a static public IP address for the new site gateway is not an option at this time. The company has several requirements for this solution.  A site-to-site IPsec VPN must be used to secure traffic between the two sites.  The IKE identity on the new site gateway device must use the hostname option; and  Internet traffic from each site should exit through its local internet connection. The configuration shown in the exhibit has been applied to the new sites SRX, but the secure tunnel is not working. In this scenario, what configuration change is needed for the tunnel to come up?
You are asked to implement the session cache feature on an SRX5400 In th scenario, what information does a session cache entry record (choose two)
Which two VPN features are supported with cos-based ipsec vpns? (choose two)
You have configured static nat for webserver in your dmz. Both internal and external users can reach the webserver using the IP address. However only internal users can reach the webserver using DNS name when external users attempt to reach using DNS name an error message received. Which action would solve this problem
You have download and initiated the installation of the application package for the JATP applicance on an SRX1500. You must confirm that the installation of the application package has completed successfully In this scenario which command would you use to accomplish this task?

Leave a Reply

Your email address will not be published. Required fields are marked *