JNCDS-SEC Exam Objectives (Exam: JN0-1330)
Fundamental Security Concepts
Describe the various tenets of common security features
Access control lists
Stateful security policies
ALG’s
IPS
UTM
NAT
IPsec
Next-generation firewall
Screen
Advanced Security Concepts
Describe advanced security features
Security intelligence
Advanced anti-malware
Defense in-depth
Securing the Campus and Branch
Describe the security design considerations within a campus or branch network
Network segmentation
Network access
Wireless
802.1X
Remote access VPN’s
NAT
End-to-end security
BYOD
Securing the Enterprise WAN
Describe the security design considerations for an enterprise WAN
Internet edge security design principles
WAN aggregation
Private WAN
VPNs
Securing the Service Provider WAN
Describe the security design considerations for a service provider WAN
DoS/DDos attacks
Securing the control plane
Internet security
CG-NAT
Securing the Data Center
Describe the security design considerations in a data center
Securing data center interconnects
Securing North-South flows
Securing East-West flows
Virtual routers
Security Automation and Management
Describe the design considerations for security management
Securing the individual devices
Centralized security
Junos Space management platform
Junos Space Security Director and Log Director
Juniper Secure Analytics
Security Virtualization
Describe the security design considerations for a virtualized environment
NFV
Service chaining
Micro-segmentation
vSRX
High Availability
Describe the design considerations of high availability in a secure networks
Physical high availability
Virtual high availability
Asymmetrical traffic handling
Chassis clustering
QUESTION: No: 1
You are asked to implement port-based authentication on your access switches. Security and ease of
access are the two primary requirements. Which authentication solution satisfies these requirements?
A. MAC RADIUS
B. network access control
C. firewall authentication
D. IPsec tunnel
Answer: A
QUESTION: No: 2
What is one way to increase the security ofa site-to-site IPsec VPN tunnel?
A. Implement a stronger Diffie-Hellman group.
B. Change IKE Phase 1 from main mode to aggressive mode.
C. Implement traffic selectors.
D. Implement a policy-based VPN.
Answer: C
QUESTION: No: 3
Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support
dual stack They have decided against using a dynamic routing protocol. They are concerned about the
difficulty of managing configurations and operations at the hub location as they deploy branch routers
In this scenario, what ate three reasons for selecting route-based VPNs with traffic selectors’? (Choose
three)
A. Traffic selectors support IPv4 and IPv6.
B. Traffic selectors reduce the number of Phase 2 IPsec security associations.
C. Traffic selectors reduce latency because they bypass UTIVI.
D. Traffic selectors support auto route insertion
E. You can define mutliple traffic selectors within a single route-based VPN
Answer: A,D,E
Click here to view complete Q&A of JN0-1330 exam
Certkingdom Review
Best Cisco JN0-1330 Certification, Cisco JN0-1330 Training at certkingdom.com