Exam Code JN0-335
Prerequisite Certification : JNCIA-SEC
Exam Length : 90 minutes
Exam Type : 65 multiple-choice questions
Software Versions : Junos OS 22.3
Recommended Training : Juniper Security
Exam Resources : Industry/product knowledge
Juniper : TechLibrary
Additional Preparation : Juniper Learning Portal
The Security track enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIS-SEC, the specialist-level certification in this track, is designed for networking professionals with intermediate knowledge of the Juniper Networks Junos OS for SRX Series devices. The written exam verifies your understanding of security technologies and related platform configuration and troubleshooting skills.
Examkingdom Juniper JN0-335 Exam pdf,
Best Juniper JN0-335 Free downloads , Juniper JN0-335 Dumps at Certkingdom.com
This track contains four certifications:
JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
JNCIS-SEC: Security, Specialist. For details, see the sections below.
JNCIP-SEC: Security, Professional. For details, see JNCIP-SEC.
JNCIE-SEC: Security, Expert. For details, see JNCIE-SEC.
Exam Preparation
We recommend the following resources to help you prepare for your exam. However, these resources aren’t required, and using them doesn’t guarantee you’ll pass the exam.
Exam Objectives
Here’s a high-level view of the skillset required to successfully complete the JNCIS-Sec certification exam.
Exam Objective
Application Security
Identify application security concepts:
Application firewall
Application quality of service (QoS)
Application ID
Advanced policy-based routing (APBR)
Demonstrate knowledge of how to configure, monitor, or troubleshoot application security.
Identify application intrusion detection and prevention (IDP) and intrusion prevention system (IPS) concepts:
IPS database management
IPS policy
Demonstrate knowledge of how to configure, monitor, or troubleshoot IDP/IPS.
Security Policies (Advanced)
Identify the concepts, benefits, or operation of security policies:
Application Layer Gateways (ALGs)
Logging
Session management
Scheduling
Unified security policies
Demonstrate knowledge of how to configure, monitor, or troubleshoot security policies.
Advanced Threat Prevension (ATP)
Identify the concepts, benefits, or operation of Juniper Advanced Threat Prevention Cloud or Juniper Advanced Threat Prevention on-premise appliances:
Supported files
Components
Security feeds
Traffic remediation
Workflow
Encrypted Traffic Insights (ETIs)
Domain Name System (DNS) and Internet of Things (IOT) security
Adaptive threat profiling
Demonstrate knowledge of how to configure, monitor, or troubleshoot Juniper Advanced Threat Prevention.
High Availability (HA) Clustering
Identify the concepts, benefits, or operation of HA:
HA features and characteristics
Deployment requirements and considerations
Chassis cluster characteristics and operation
Real-time objects and state synchronization
Demonstrate knowledge of how to configure, monitor, or troubleshoot clustering.
Juniper Networks vSRX Virtual Firewall or cSRX Container Firewall
Describe concepts, general features, or functionality of virtualized security using vSRX or cSRX:
Installation
Deployment scenarios
Troubleshooting
Juniper Identity Management Service (JIMS)
Identify concepts, general features, or functionality of JIMS:
Ports and protocols
Data flow
Demonstrate knowledge of how to configure, monitor, or troubleshoot JIMS.
SSL Proxy
Identify concepts, general features, or functionality of SSL proxy:
Certificates
Client and server protection
Demonstrate knowledge of how to configure, monitor, or troubleshoot SSL proxy.
Juniper Networks JSA Series Secure Analytics Portfolio
Describe concepts, general features, or functionality of JSA Series Secure Analytics:
Logging
Analytics
Exam Details
Exam questions are derived from the recommended training and the exam resources listed above. Pass/fail status is available immediately after taking the exam. The exam is only provided in English.
QUESTION 1
Regarding static attack object groups, which two statements are true? (Choose two.)
A. Matching attack objects are automatically added to a custom group.
B. Group membership automatically changes when Juniper updates the IPS signature database.
C. Group membership does not automatically change when Juniper updates the IPS signature database.
D. You must manually add matching attack objects to a custom group.
Explanation:
Answer: BC
static attack object groups are predefined groups of attack objects that are included in Juniper’s IPS
signature database. These groups do not change automatically when Juniper updates the database2.
QUESTION 2
You are deploying a new SRX Series device and you need to log denied traffic.
In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)
A. session-init
B. session-close
C. deny
D. count
Answer: BC
QUESTION 3
You are asked to reduce the load that the JIMS server places on your Which action should you take in this situation?
A. Connect JIMS to the RADIUS server
B. Connect JIMS to the domain Exchange server
C. Connect JIMS to the domain SQL server.
D. Connect JIMS to another SRX Series device.
Answer: D
JIMS server is a Juniper Identity Management Service that collects user identity information from
different authentication sources for SRX Series devices12. It can connect to SRX Series devices and
CSO platform in your network1.
JIMS server is a service that protects corporate resources by authenticating and restricting user
access based on roles2. It connects to SRX Series devices and CSO platform to provide identity
information for firewall policies1. To reduce the load that JIMS server places on your network, you
should connect JIMS to another SRX Series device1. This way, you can distribute the identity
information among multiple SRX Series devices and reduce network traffic.
QUESTION 4
Which two statements about unified security policies are correct? (Choose two.)
A. Unified security policies require an advanced feature license.
B. Unified security policies are evaluated after global security policies.
C. Traffic can initially match multiple unified security policies.
D. APPID results are used to determine the final security policy
Answer: CD
unified security policies are security policies that enable you to use dynamic applications as match
conditions along with existing 5-tuple or 6-tuple matching conditions12. They simplify applicationbased
security policy management at Layer 7 and provide greater control and extensibility to
manage dynamic applications traffic3
QUESTION 5
Exhibit
Referring to the exhibit, which two statements describe the type of proxy used? (Choose two.)
A. forward proxy
B. client protection proxy
C. server protection proxy
D. reverse proxy
Answer: BC
1. Client protection proxy: This statement is correct because a forward proxy can also be called a
client protection proxy since it protects the user’s identity and computer information from the web server4.
2. Server protection proxy: This statement is correct because a reverse proxy can also be called a
server protection proxy since it protects the web server’s identity and location from the user4.