FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Security Design, Specialist (JNCDS-SEC)

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

You want to deploy a VPN that will connect branch locations to the main office. You will eventually add additional branch locations to the topology, and you must avoid additional configuration on the hub when those sites are added. In this scenario, which VPN solution would you recommend?

A) Site-to-Site VPN
B) Hub-and-Spoke VPN
C) AutoVPN
D) Group VPN

E) None of the above
F) All of the above

Correct Answer

verified

Show Answer

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

You are asked to virtualize numerous stateful firewalls in your customer's data center. The customer wants the solution to use the existing Kubernetes-orchestrated architecture. Which Juniper Networks product would satisfy this requirement?

A) vMX
B) vSRX
C) cSRX
D) CTP Series

E) None of the above
F) B) and D)

Correct Answer

verified

Show Answer

Question 3

Multiple Choice

Review LaterAdd Note

You are using SRX Series devices to secure your network and you require sandboxing for malicious file detonation. However, per company policy, you cannot send potentially malicious files outside your network for sandboxing. Which feature should you use in this situation?

You are creating a security design proposal for a customer who is connecting their headquarters to a remote branch site over an unsecured Internet connection. As part of your design, you must recommend a solution to connect these sites together and ensure that the communication is secured and encrypted. In this scenario, which solution do you recommend?

You are designing a data center security architecture. The design requires automated scaling of security services according to real-time traffic flows. Which two design components will accomplish this task? (Choose two.)

You are designing a network management solution that provides automation for Junos devices. Your customer wants to know which solutions would require additional software to be deployed to existing Junos devices. Which two solutions satisfy this scenario? (Choose two.)

You are designing a new campus Internet access service that implements dynamic NAT for customer IP addressing. The customer requires services that allow peer-to-peer networking and online gaming. In this scenario, what will accomplish this task?

You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic. In this scenario, which type of WAN load balancing would you use?

A hosting company is migrating to cloud-based solutions. Their customers share a physical firewall cluster, subdivided into individual logical firewalls for each customer. Projection data shows that the cloud service will soon deplete all the resources within the physical firewall. As a consultant, you must propose a scalable solution that continues to protect all the cloud customers while still securing the existing physical network. In this scenario, which solution would you propose?

You are designing a new network for your organization with the characteristics shown below. All traffic must pass inspection by a security device. A center-positioned segmentation gateway must provide deep inspection of each packet using 10 Gbps interfaces. Policy enforcement must be centrally managed. Which security model should you choose for your network design?

What is the maximum number of SRX Series devices in a chassis cluster?

What are two benefits of the vSRX in a virtualized private or public cloud multitenant environment? (Choose two.)

What are two reasons for using cSRX over vSRX? (Choose two.)

You are designing a data center security architecture. The design requires automated scaling of security services according to real-time traffic flows. Which two design components will accomplish this task? (Choose two.)

Your company has outgrown its existing secure enterprise WAN that is configured to use OSPF, AutoVPN, and IKE version 1. You are asked if it is possible to make a design change to improve the WAN performance without purchasing new hardware. Which two design changes satisfy these requirements? (Choose two.)

Your company has 500 branch sites and the CIO is concerned about minimizing the potential impact of a VPN router being stolen from an enterprise branch site. You want the ability to quickly disable a stolen VPN router while minimizing administrative overhead. Which solution accomplishes this task?

You are designing a data center security solution for a customer. The customer asks that you provide a DDoS solution. Several IPsec tunnels will be terminated at the data center gateway. Which type of security is your customer asking you to implement?

Your customer needs help designing a single solution to protect their combination of various Junos network devices from unauthorized management access. Which Junos OS feature will provide this protection?

You are responding to an RFP for securing a large enterprise. The RFP requires an onsite security solution which can use logs from third-party sources to prevent threats. The solution should also have the capability to detect and stop zero-day attacks. Which Juniper Networks solution satisfies this requirement?

You have a site that has two Internet connections but no switch on the outside of the firewall. You want to use ISP-A over ISP-B during normal operations. Which type of chassis cluster design would you propose to satisfy this requirement?