Before you write the Juniper JNCIS Security (JN0-335) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Juniper Networks Certified Specialist Security (JNCIS-SEC) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
The best approach to pass your Juniper JN0-335 exam is to challenge and improve your knowledge. To test your learning and identify improvement areas with actual exam format, we suggest you practice with Premium Juniper JN0-335 Certification Practice Exam. The practice test is one of the most important elements of your Juniper Security Specialist (JNCIS-SEC) exam study strategy to discover your strengths and weaknesses, to improve your time management skills and to get an idea of the score you can expect.
Juniper JN0-335 (JNCIS-SEC) Sample Questions:
01. At which step in the packet flow are Junos Screen checks applied?
a) prior to the route lookup
b) prior to security policy processing
c) after ALG services are applied
d) after source NAT services are applied
02. You need to implement Junos Screen options to protect traffic coming through the ge-0/0/0 and ge-0/0/1 interfaces which are located in the trust and DMZ zones, respectively. Where would you enable the Junos Screen options?
a) in the trust and DMZ zone settings
b) on the ge-0/0/0 and ge-0/0/1 interfaces
c) in a security policy
d) in the global security zone settings
03. What are three valid actions for a then statement in a security policy?
04. Which two statements are correct regarding reth interfaces?
a) Child interfaces must be in the same slot on both nodes
b) Child interfaces do not need to be in the same slot on both nodes.
c) Child interfaces must be the same Ethernet interface type.
d) Child interfaces can be a mixture of Ethernet interface types.
05. You are asked to establish an IPsec VPN between two sites. You are also required to establish an OSPFv2 adjacency across this VPN.
a) policy-based VPN
b) protocol-based VPN
c) destination-based VPN
d) route-based VPN
06. You are building a VPN tunnel between two SRX Series devices. You want the tunnel to always be established, even if there is no traffic to send. Which action would be used to achieve this goal?
a) Configure an RPM probe to constantly ping across the links.
b) Configure vpn-monitor with the optimized parameter on the tunnel.
c) Configure establish-tunnels with the immediately parameter.
d) Configure the OSPF demand-circuit feature on the tunnel interface.
07. What is the default timeout for a TCP session on an SRX Series device?
a) 1 minute
b) 1 hour
c) 30 seconds
d) 30 minutes
08. Which two are negotiated during Phase 2 of an IPsec VPN tunnel establishment?
a) security protocol
b) VPN monitor interval
c) UDP port number
d) proxy IDs
09. You want to show interface-specific zone information and statistics. Which operational command would be used to accomplish this?
a) show security zones detail
b) show interfaces ge-0/0/3.0
c) show interfaces terse
d) show interfaces ge-0/0/3.0 extensive
10. You have just configured source NAT with a pool of addresses within the same subnet as the egress interface. What else must be configured to make the addresses in the pool usable?
a) static NAT
b) destination NAT
c) address persistence
d) proxy ARP
Answer: a, d, e
Answer: b, c
Answer: a, d
Note: If you find any error in these Juniper Security Specialist (JNCIS-SEC) sample questions, you can update us by write an email on firstname.lastname@example.org.