JN0-322 Dumps

JN0-322 Braindumps JN0-322 Real Questions JN0-322 Practice Test

JN0-322 Actual Questions

Juniper

JN0-322

Security Specialist (JNCIS-SEC)

https://killexams.com/pass4sure/exam-detail/JN0-322

Reference:

QUESTION 117

For IKE phase Question 1 negotiations, when is aggressive mode typically used?

1. when one of the tunnel peers has a dynamic IP address

2. when one of the tunnel peers wants to force main mode to be used

3. when fragmentation of the IKE packet is required between the two peers

4. when one of the tunnels peers wants to specify a different phase Question 1 proposal

Correct Answer: A

Reference: QUESTION 118

For a route-based VPN, which statement is true?

1. host-inbound-traffic system services ike must be enabled on the st0.x interface

2. host-inbound-traffic system services ike must be enabled on both the st0.x interface and the logical interface on which ike terminates

3. host-inbound-traffic system services ike must be enabled on the logical interface on which ike terminates.

4. host-inbound-traffic system services ike is not mandatory for route based VPNs.

Correct Answer: C

Reference: QUESTION 119

What are three benefits of using chassis clustering? (Choose three.)

1. Provides stateful session failover for sessions

2. Increases security capabilities for IPsec sessions.

3. Provides active-passive control and data plane redundancy

4. Enables automated fast-reroute capabilities

5. Synchronizes configuration files and session state.

Correct Answer: ACE

Reference: QUESTION 120

You have been tasked with installing two SRX5600 platforms in a high- availability cluster. Which requirement must be met for a successful installation?

Correct Answer: C

Reference: QUESTION 121

Which three components can be downloaded and installed directly from Juniper Networks update server to an SRX Series device? (Choose three.)

1. signature package

2. PCRE package

3. detector engine

4. policy templates

5. dynamic attack detection package

Correct Answer: ACD

Reference: QUESTION 122

Which two statements are true regarding firewall user authentication? (Choose two.)

1. Firewall user authentication is performed only for traffic that is accepted by a security policy.

2. Firewall user authentication is performed only for traffic that is denied by a security policy.

3. Firewall user authentication provides an additional method of controlling user access to the Junos security device itself.

4. Firewall user authentication provides an additional method of controlling user access to remote networks.

Correct Answer: AD

Reference: QUESTION 123

Which type of logging is supported for UTM logging to an external syslog server on branch SRX Series devices?

1. Binary syslog

2. CHARGEN

3. WELF (structured) syslog

4. standard (unstructured) syslog

Correct Answer: C

Reference: QUESTION 124

To which depth of compressed (Zip) files can the Junos full antivirus feature scan?

1. 1 layer of compression

2. 2 layer of compression

3. 3 layer of compression

4. 4 layer of compression

Correct Answer: D

Reference: QUESTION 125

Which two statements describe full file-based antivirus protection? (Choose two.)

1. By default, the signature database is updated every 60 minutes.

2. By default, the signature database is updated once daily.

3. The signature database targets only critical viruses and malware.

4. The signature database can detect polymorphic virus types.

Correct Answer: AD

Reference: QUESTION 126

If the policy server becomes unreachable, which two actions are available for connections that should be inspected by Web filtering when using integrated or redirect Web filtering? (Choose two.)

1. Permit connections with logging.

2. Drop connections

3. Redirect connections to a different policy server

4. Use the existing Web cache.

Correct Answer: AB

Reference: