FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Security Design, Specialist (JNCDS-SEC)

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 31

Multiple Choice

Review LaterAdd Note

Review Later

You are designing a new network for your organization with the characteristics shown below. All traffic must pass inspection by a security device. A center-positioned segmentation gateway must provide deep inspection of each packet using 10 Gbps interfaces. Policy enforcement must be centrally managed. Which security model should you choose for your network design?

A) Intrazone Permit
B) trust but verify
C) user-role firewall policies
D) Zero Trust

E) C) and D)
F) All of the above

Correct Answer

verified

Show Answer

Question 32

Multiple Choice

Review LaterAdd Note

Review Later

You are asked to deploy a security solution in your data center that ensures all traffic flows through the SRX Series devices. Which firewall deployment method meets this requirement?

A) one-arm
B) two-arm
C) transparent
D) inline

E) A) and B)
F) All of the above

Correct Answer

verified

Show Answer

Question 33

Multiple Choice

Review LaterAdd Note

You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites. Which feature will secure the traffic?

Which statement is correct about service chaining?

You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic. In this scenario, which type of WAN load balancing would you use?

You are asked to provide a design proposal for a campus network. As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network. Which feature meets this requirement?

You are creating a security design proposal for an enterprise customer. As part of the design, you are implementing 802.1x authentication on your EX Series devices. In this scenario, which two statements are correct? (Choose two.)

In a data center, what are two characteristics of access tier VLAN termination on the aggregation tier? (Choose two.)

You are responding to an RFP for securing a large enterprise. The RFP requires an onsite security solution which can use logs from third-party sources to prevent threats. The solution should also have the capability to detect and stop zero-day attacks. Which Juniper Networks solution satisfies this requirement?

You are deploying Security Director with the logging and reporting functionality for VMs that use SSDs. You expect to have approximately 20,000 events per second of logging in your network. In this scenario, what is the minimum number of logging and reporting devices that should be used?

You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites. Which feature will secure the traffic?

You are working on a network design that will use EX Series devices as Layer 2 access switches in a campus environment. You must include Junos Space in your design. You want to take advantage of security features supported on the devices. Which two security features would satisfy this requirement? (Choose two.)

You are asked to design a secure enterprise WAN where all payload data is encrypted and branch sites communicate directly without routing all traffic through a central hub. Which two technologies would accomplish this task? (Choose two.)

You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below: You must ensure that every packet entering your device is independently inspected against a set of rules. You must provide a way to protect the device from undesired access attempts. You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device. In this scenario, what do you recommend using to accomplish these requirements?

You are asked to provide a design proposal for a campus network. As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network. Which feature meets this requirement?

Your company has 500 branch sites and the CIO is concerned about minimizing the potential impact of a VPN router being stolen from an enterprise branch site. You want the ability to quickly disable a stolen VPN router while minimizing administrative overhead. Which solution accomplishes this task?

What is the maximum number of SRX Series devices in a chassis cluster?

You are deploying a data center Clos architecture and require secure data transfers within the switching fabric. In this scenario, what will accomplish this task?

You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below: You must ensure that every packet entering your device is independently inspected against a set of rules. You must provide a way to protect the device from undesired access attempts. You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device. In this scenario, what do you recommend using to accomplish these requirements?

You are concerned about malicious attachments being transferred to your e-mail server at work through encrypted channels. You want to block these malicious files using your SRX Series device. Which two features should you use in this scenario? (Choose two.)