[2025年12月29日]JN0-336試験問題集、JN0-336練習テスト問題
無料で使えるJN0-336学習ガイド試験問題と解答
質問 # 55
Exhibit
You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172 25.11.0/24 subnet to the Internet You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.
Which two actions would correct the error? (Choose two.)
- A. Create a custom application named http at the [edit applications] hierarchy.
- B. Modify the security policy to use the built-in Junos-http applications.
- C. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.
- D. Execute the Junos commit full command to override the error and apply the configuration.
正解:A、B
解説:
The error message indicates that the Junos-http application is not defined, so you need to either create a custom application or modify the security policy to use the built-in Junos-http application. Doing either of these will allow you to successfully commit the configuration.
質問 # 56
Which two statements are true about mixing traditional and unified security policies? (Choose two.)
- A. When a packet matches a traditional security policy, the evaluation process terminates
- B. Traditional security policies must come before unified security policies
- C. Unified security policies must come before traditional security policies
- D. When a packet matches a unified security policy, the evaluation process terminates
正解:A、D
質問 # 57
How does the SSL proxy detect if encryption is being used?
- A. It uses application identity services.
- B. It verifies the length of the packet
- C. It queries the client device.
- D. It looks at the destination port number.
正解:D
解説:
The SSL proxy can detect if encryption is being used by looking at the destination port number of the packet. If the port number is 443, then the proxy can assume that the packet is being sent over an encrypted connection. If the port number is different, then the proxy can assume that the packet is not encrypted. For more information, please refer to the Juniper Networks JNCIS-SEC Study Guide.
質問 # 58
You administer a JSA host and want to include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall.
Which JSA rule type satisfies this requirement?
- A. common
- B. flow
- C. event
- D. offense
正解:D
解説:
An offense rule in JSA is designed to aggregate multiple events or log entries based on specified criteria into a single offense, which can then trigger responses such as notifications or actions like sending an SNMP trap. This type of rule is well-suited for scenarios where you need to monitor for patterns or rates of events, such as excessive firewall denies, and take action when these exceed defined thresholds.
Offense rules can analyze both event and flow data, making them highly versatile for comprehensive security monitoring.
質問 # 59
Which statement defines the function of an Application Layer Gateway (ALG)?
- A. The ALG uses software processes for permitting or disallowing specific IP address ranges.
- B. The ALG uses software processes for managing specific protocols.
- C. The ALG uses software that is used by a single TCP session using the same port numbers as the application.
- D. The ALG contains protocols that use one application session for each TCP session.
正解:B
解説:
The statement that defines the function of an Application Layer Gateway (ALG) is: The ALG uses software processes for managing specific protocols. An ALG is a security component that operates at the application layer (layer 7) of the OSI model and handles data associated with certain application protocols, such as SIP, FTP, RTSP, etc. An ALG acts as a proxy or intermediary between the client and the server applications and performs various functions, such as address and port translation, resource allocation, application response control, and synchronization of data and control traffic. An ALG can also inspect and modify the application payload to enable firewall or NAT traversal, prevent spoofing or DoS attacks, or enforce granular security policies based on application-specific commands. Reference: = Application-level gateway - Wikipedia, What Is an Application Layer Gateway (ALG)? | F5, What is ALG
** Application Layer Gateway | 3CX
質問 # 60
Exhibit
Referring to the exhibit which statement is true?
- A. SSL proxy leverages post-match results.
- B. SSL proxy functions will ignore the session.
- C. SSL proxy must wait for return traffic for the final match to occur.
- D. SSL proxy leverages pre-match result
正解:C
質問 # 61
You are configuring logging for a security policy.
In this scenario, in which two situations would log entries be generated? (Choose two.)
- A. every 10 minutes
- B. at session close
- C. every 60 seconds
- D. at session initialization
正解:B、D
解説:
Log entries would be generated in two situations: at session initialization and at session close. At session initialization, the log entry would include details about the connection, such as the source and destination IP addresses, the service being used, and the action taken by the security policy. At session close, the log entry would include details about the connection, such as the duration of the session, the bytes sent/received, and the action taken by the security policy. For more information, you can refer to the Juniper Security documentation at
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security- log-co
質問 # 62
Which two statements are correct about a policy scheduler? (Choose two.)
- A. A policy scheduler can be defined using a daily schedule.
- B. A policy scheduler can be dynamically activated based on traffic flow volumes.
- C. A policy scheduler can only be applied when using the policy-rematch feature.
- D. A policy scheduler determines the time frame that a security policy is actively evaluated.
正解:A、D
解説:
A policy scheduler is a feature that allows a security policy to be activated or deactivated for a specified time period. You can define schedulers for a single or recurrent time slot within which a policy is active.
Two statements that are correct about a policy scheduler are:
A policy scheduler can be defined using a daily schedule: You can configure a scheduler to be active every day for a certain time interval, such as from 8:00 AM to 5:00 PM. You can also exclude specific days from the daily schedule, such as weekends or holidays.
A policy scheduler determines the time frame that a security policy is actively evaluated: When you associate a scheduler with a security policy, the policy is only available for policy lookup during the time frame specified by the scheduler. When the scheduler is off, the policy is inactive and cannot be matched by any traffic.
Reference: = Scheduling Security Policies, Configuring Schedulers for a Daily Schedule Excluding One Day
質問 # 63
Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.)
- A. assets
- B. tests
- C. building blocks
- D. events
正解:B、C
解説:
Building blocks in JSA are reusable components that define specific attributes or behaviors in the network traffic. They can be used to create complex criteria for alerts. By combining multiple building blocks, you can specify detailed conditions under which alerts should be triggered, such as combinations of events or specific sequences of actions within the network.
Tests in JSA are conditions or rules that analyze log or flow data to detect unusual or malicious activity.
You can configure tests to evaluate the data against predefined criteria, which, when met, will trigger alerts. These tests are essential for identifying potential security incidents and ensuring that relevant alerts are issued in a timely manner.
質問 # 64
Which method does the loT Security feature use to identify traffic sourced from IoT devices?
- A. The SRX Series device streams transit traffic received from the IoT device to Juniper ATP Cloud.
- B. The SRX Series device identifies loT devices using their MAC address.
- C. The SRX Series device streams metadata from the loT device transit traffic to Juniper ATP Cloud Juniper ATP Cloud.
- D. The SRX Series device identifies loT devices from metadata extracted from their transit traffic.
正解:D
解説:
The metadata is used to identify the type of device, its associated activities and its threat profile. This information is used to determine the appropriate security policy for the device. For more information on loT Security, please refer to the Juniper Security, Specialist (JNCIS-SEC) study guide.
質問 # 65
Click the Exhibit button.
Which two statements describe the output shown in the exhibit? (Choose two.)
- A. Redundancy group 1 was administratively failed over.
- B. Node 0 is controlling traffic for redundancy group 1.
- C. Redundancy group 1 experienced an operational failure.
- D. Node 1 is controlling traffic for redundancy group 1.
正解:B、D
解説:
The output indicates that node1 has a priority of 200 and is marked as "Primary," which means it is currently the active node controlling traffic for redundancy group 1. The "Primary" status designates that this node is handling the traffic for the specified redundancy group.
According to the exhibit, node0 is listed with a priority of 0 and is marked as "Secondary." This status indicates that node0 is currently not controlling traffic for redundancy group 1, serving instead in a standby role ready to take over should node1 fail or become unavailable.
質問 # 66
What are three capabilities of AppQoS? (Choose three.)
- A. assign a forwarding class
- B. reserve bandwidth
- C. re-write DSCP values
- D. re-write the TTL
- E. rate-limit traffic
正解:A、C、E
解説:
AppQoS can modify the DSCP (Differentiated Services Code Point) values in IP packet headers. This is crucial for defining the level of service for each packet, influencing how network devices prioritize traffic.
It can assign traffic to specific forwarding classes. This feature allows network administrators to group different types of traffic (e.g., VoIP, streaming, bulk data) into categories that are treated differently based on predefined network policies, ensuring that critical applications receive the necessary bandwidth and priority.
AppQoS is capable of rate-limiting traffic, which involves setting a maximum bandwidth limit for certain types of traffic. This ensures that no single application or service consumes more bandwidth than allocated, thus preventing network congestion and ensuring fair bandwidth distribution among all applications.
These features are essential for managing network performance and ensuring that critical applications receive the necessary resources to function effectively. AppQoS does not inherently include capabilities to re-write TTL (Time To Live) values or reserve bandwidth as primary functions, but it manages bandwidth usage through rate limiting and priority settings.
質問 # 67
You want to permit access to an application but block application sub.
Which two security policy features provide this capability? (Choose two.)
- A. content filtering
- B. micro application detection
- C. URL filtering
- D. APPID
正解:B、D
解説:
Micro application detection is a feature that enables more granular control over applications by identifying and taking action on sub-features or specific behaviors within an application. For example, allowing access to Facebook while blocking Facebook Chat.
Application Identification (APPID) is a feature that identifies and controls applications based on their traffic patterns and characteristics. APPID can be configured to recognize not only the main application but also its various subcomponents, allowing for precise control over what is allowed or blocked.
質問 # 68
How does Juniper ATP Cloud protect a network from zero-day threats?
- A. It uses a cache lookup.
- B. It uses known virus signatures.
- C. It uses dynamic analysis.
- D. It uses antivirus software.
正解:C
解説:
Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Juniper ATP Cloud protects a network from zero-day threats by using dynamic analysis, which is a method of executing files in a sandbox environment and observing their behavior and network interactions. Dynamic analysis can uncover unknown malware that may evade static analysis or signature-based detection methods.
Reference: = Juniper Advanced Threat Prevention - Juniper Networks, Juniper Advanced Threat Prevention Datasheet, Juniper Advanced Threat Prevention | NetworkScreen.com
質問 # 69
A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold.
Which feed will the clients IP address be automatically added to in this situation?
- A. the custom cloud feed
- B. the command-and-control cloud feed
- C. the infected host cloud feed
- D. the allowlist and blocklist feed
正解:C
解説:
Infected hosts are internal hosts that have been compromised by malware and are communicating with external C&C servers3. Juniper ATP Cloud provides infected host feeds that list internal IP addresses or subnets of infected hosts along with a threat level3. Once the Juniper ATP Cloud global threshold for an infected host is met, that host is added to the infected host feed and assigned a threat level of 10 by the cloud4. You can also configure your SRX Series device to block traffic from these IP addresses using security policies4.
質問 # 70
You set up the Juniper ATP Appliance solution on your network and notice that the macOS files are not being analyzed......... malware.
In this scenario, what must you do?
- A. Create a macOS virtual machine on the JATP Appliance and install the secondary core software.
- B. You must obtain a Apple Mac Mini device and install the secondary core software.
- C. Under Config -> System Profiles→≥Secondary Cores workspace, create a macOS profile
- D. Under Config > System Profiles≥Secondary Cores workspace, enable macOs Detection.
正解:C
質問 # 71
When a security policy is deleted, which statement is correct about the default behavior of active sessions allowed by that policy?
- A. The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded.
- B. The active sessions allowed by the policy will be reevaluated by the cached
- C. The active sessions allowed by the policy will continue
- D. The active sessions allowed by the policy will be dropped.
正解:A
解説:
When a security policy is deleted, the existing sessions that were previously allowed by that policy are not immediately dropped; instead, they are typically treated as legacy flows. This means they are allowed to continue until they naturally end or until the session timeout is reached. This behavior ensures that deleting a policy does not abruptly disrupt ongoing traffic flows that were previously authorized by that policy. This approach helps in avoiding unintended service disruptions, especially in production environments where active connections may be critical to operations.
質問 # 72
You want to use IPS signatures to monitor traffic.
Which module in the AppSecure suite will help in this task?
- A. AppTrack
- B. AppQoS
- C. APPID
- D. AppFW
正解:D
解説:
The AppFW module in the AppSecure suite provides IPS signatures that can be used to monitor traffic and detect malicious activities. AppFW also provides other security controls such as Web application firewall, URL filtering, and application-level visibility.
質問 # 73
Which two statements about SRX Series device chassis clusters are true? (Choose two.)
- A. Chassis cluster member devices must be the same model.
- B. Each chassis cluster member requires a unique cluster ID value.
- C. Redundancy group 0 is only active on the cluster backup node.
- D. Each chassis cluster member device can host active redundancy groups
正解:A、D
解説:
In a chassis cluster, both nodes can host active redundancy groups. The active redundancy groups can be distributed between the two nodes, depending on the configuration and failover status, allowing each node to handle traffic for different sets of services or interfaces.
For the chassis clustering to function correctly, both nodes in the cluster must be of the same model.
This requirement ensures that the hardware capabilities, such as processing power and interface compatibility, are identical, which is crucial for maintaining consistent performance and behavior between cluster nodes.
質問 # 74
Which two sources are used by Juniper Identity Management Service (JIMS) for collecting username and device IP addresses? (Choose two.)
- A. Microsoft Exchange Server event logs
- B. OpenLDAP service ports
- C. DNS
- D. Active Directory domain controller event logs
正解:C、D
解説:
Juniper Identity Management Service (JIMS) collects username and device IP addresses from both DNS and Active Directory domain controller event logs. DNS is used to resolve hostnames to IP addresses, while Active Directory domain controller event logs are used to get information about user accounts, such as when they last logged in.
質問 # 75
You are troubleshooting unexpected issues on your JIMS server due to out of order event log timestamps.
Which action should you take to solve this issue?
- A. Enable time synchronization on the SRX Series devices.
- B. Enable time synchronization on the domain controllers.
- C. Enable time synchronization on the JIMS server.
- D. Enable time synchronization on the client devices.
正解:B
解説:
To solve the issue of out of order event log timestamps on your JIMS server, you should enable time synchronization on the domain controllers. JIMS (Juniper Identity Management Service) is a Windows service that collects user, device, and group information from Active Directory domains or syslog sources and provides it to SRX Series devices and CSO for identity-based security policies. JIMS relies on the timestamps of the event logs generated by the domain controllers to track user logins, logouts, and IP address changes. If the domain controllers have different or inaccurate clocks, the event logs may have out of order or incorrect timestamps, which can cause JIMS to miss or misinterpret some events and affect its accuracy and performance. Therefore, you should ensure that all the domain controllers in your network are synchronized with a reliable time source, such as an NTP server or a Windows Time service. Reference: = Juniper Identity Management Service User Guide, Juniper Identity Management Service Feature Guide, Configure JIMS Collector to Get Microsoft Event Logs, Considerations for timestamps in centralized logging platforms
質問 # 76
Which two statements are true about the vSRX? (Choose two.)
- A. UNIX is the base OS.
- B. It has VMXNET3 vNIC support.
- C. Linux is the base OS.
- D. It does not have VMXNET3 vNIC support.
正解:B、C
質問 # 77
You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device.
In this scenario, what is the correct order for rebooting the devices?
- A. Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.
- B. Reboot the primary device, then the secondary device.
- C. Reboot only the secondary device since the primary will assign itself the correct cluster and node ID.
- D. Reboot the secondary device, then the primary device.
正解:D
解説:
When chassis clustering is enabled and IDs are assigned, it is typically recommended to first reboot the secondary device. This allows the secondary device to fully integrate and recognize its role and settings within the cluster without affecting the ongoing traffic that the primary device might be handling.
Once the secondary device has successfully rebooted and is operational within the cluster, the primary device can then be rebooted. This ensures that the primary device's reboot does not cause any network downtime, as the secondary device, now fully operational, can take over the traffic and roles as needed.
質問 # 78
Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.)
- A. QFX
- B. MX
- C. vMX
- D. vQFX
正解:B、C
解説:
The MX and vMX devices can be used for DDoS protection with Policy Enforcer. Policy Enforcer is a Juniper Networks solution that provides real-time protection from DDoS attacks. It can be used to detect and block malicious traffic, and also provides granular control over user access and policy enforcement.
The MX and vMX devices are well-suited for use with Policy Enforcer due to their high-performance hardware and advanced security features.
質問 # 79
Which two statements are true about the vSRX? (Choose two.)
- A. UNIX is the base OS.
- B. It has VMXNET3 vNIC support.
- C. Linux is the base OS.
- D. It does not have VMXNET3 vNIC support.
正解:B、C
解説:
Reference: Juniper Networks Security, Specialist (JNCIS-SEC) Study Guide, Chapter 1: Introduction to Junos Security, page 1-8.
The vSRX is a virtual security appliance that runs on a virtual machine. It provides firewall, VPN, and other security services in a virtualized environment.
The vSRX is based on a version of Junos OS that is optimized for virtualization. It runs on a Linux kernel and uses a KVM hypervisor. It supports VMware ESXi and KVM hypervisors.
The vSRX has support for VMXNET3 vNICs, which are high-performance virtual network interfaces provided by VMware. These interfaces can provide higher throughput and lower CPU utilization than other virtual NIC types.
質問 # 80
......
JN0-336試験問題集、JN0-336練習テスト問題:https://www.jpntest.com/shiken/JN0-336-mondaishu
検証済みJN0-336問題集PDF資料 [2025年更新]:https://drive.google.com/open?id=1a338cTGJXjWQeKsaokwLPQXUka0CImfJ