Security Design, Specialist (JNCDS-SEC) 試験
Question No : 1
You are asked to deploy user access to the Internet, and you want to determine which applications are passing through the firewall Which feature accomplishes this Task?
Question No : 2
Click the Exhibit button.
Referring to the network shown in the exhibit, a SYN flood attacks is initiated by an attacker that has a public IP address from ISP B within the 22.214.171.124/24 prefix The attacker Is sending SYN packets to the victim, connected to ISP A, with destination address of 100.100.31.78 using spoofed source addresses at random from the 192 1680.0/16 prefix.
Which two design best practices would prevent this attack from working? (Choose two)
Question No : 3
A client wants to deploy a vSRX chassis cluster across two existing ESXi hosts without changing the external switch configuration Which two actions must you perform to meet this requirement? (Choose two.)
Question No : 4
Which statements about IPsec tunnels is true"?
Question No : 5
Your customer is in the design stage for a new data center They have historically used the SRX5600 To improve the security of the data center, you will be suggesting they deploy vSRXs and hardware-based firewalls.
Question No : 6
Your company must enable high-speed Layer 2 connectivity between two data centers connected by private fiber Your security policy mandates that all company data is encrypted between sites
Which technology would you use to meet these requirements'?
Question No : 7
Which three actions are part of an in-depth network defense strategy1? (Choose three )
Question No : 8
You are asked to provide a design proposal for a campus network As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network.
Question No : 9
Click the Exhibit button.
Given the data center topology shown in the exhibit, what are two designs that enable the SRX Series devices to Inspect all traffic between the web server and database server? (Choose two.)
Question No : 10
Your company is establishing a BYOD policy and you are asked to create the appropriate security infrastructure In the policy, Internet access should only be provided to the BYOD wired and wireless devices.
Question No : 11
What are two design requirements for deploying a chassis cluster across a Layer 2 network? (Choose two)
Question No : 12
You are asked to provide user-based network access through an SRX Series device The implementation must use Active Directory credentials for user account validation
Which two solutions satisfy these requirements? (Choose two )
Question No : 13
Your customer is planning to secure a data center with web servers reachable through two ISP connections terminating on each node of an active/passive SRX Series chassis cluster. ISP-1 Is the preferred connection because it provides higher bandwidth than ISP-2.
Which two must you include in your design proposal to meet this requirement (Choose two)
Question No : 14
Your customer is assessing (heir network incident response plan They need to improve their recovery lime when a networking issue occurs, especially when involves JTAC support. They have limited internal support staff and little automation experience to develop their own tools
Which Juniper solution meets these requirements'?
Question No : 15
What are the three activities in the reconnaissance phase of an attack"? (Choose three)