JN0-1332 Online Practice Questions and Answers

You are designing a DDoS solution for an ISP using BGP FlowSpec. You want to ensure that BGP FlowSpec does not overwhelm the ISP's edge routers.

Which two requirements should be included in your design? (Choose two.)

A. Specify a maximum number BGP FlowSpec prefixes per neighbor

B. Implement a route policy to limit advertised routes to /24 subnets

C. Implement a route policy to limit advertised routes to any public IP space

D. Specify a maximum number of BGP FlowSpec prefixes per device

A hosting company is migrating to cloud-based solutions. Their customers share a physical firewall cluster, subdivided into individual logical firewalls for each customer. Projection data shows that the cloud service will soon deplete all the resources within the physical firewall. As a consultant, you must propose a scalable solution that continues to protect all the cloud customers while still securing the existing physical network.

In this scenario, which solution would you propose?

A. Deploy a vSRX cluster in front of each customer's servers while keeping the physical firewall cluster

B. Deploy a software-defined networking solution

C. Remove the physical firewall cluster and deploy vSRX clusters dedicated to each customer's servers

D. Replace the physical firewall cluster with a higher-performance firewall

You are creating a security design proposal for an enterprise customer. As part of the design, you are implementing 802.1x authentication on your EX Series devices.

In this scenario, which two statements are correct? (Choose two.)

A. The supplicant is the device that prevents the authenticator's access until it is authenticated

B. The supplicant is the device that is being authenticated

C. The authenticator is the device that is being authenticated

D. The authenticator is the device that prevents the supplicant's access until it is authenticated

You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below:

1.

You must ensure that every packet entering your device is independently inspected against a set of rules.

2.

You must provide a way to protect the device from undesired access attempts.

3.

You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device.

In this scenario, what do you recommend using to accomplish these requirements?

A. firewall filters

B. intrusion prevention system

C. unified threat management

D. screens

You are working on a network design that will use EX Series devices as Layer 2 access switches in a campus environment. You must include Junos Space in your design. You want to take advantage of security features supported on the devices.

Which two security features would satisfy this requirement? (Choose two.)

A. SDSN

B. Stateful Firewall

C. Access Control

D. ALG

You are creating a data center security design. Virtual security functions must be performed on east-west traffic. Security functions must be commissioned and decommissioned frequently, and the least resource-intensive architecture must be used.

In this scenario, what will accomplish this task?

A. all-in-one NFV security devices with device templates

B. service chaining with container-based security functions

C. a security appliance segmented into logical systems

D. filter-based forwarding to direct traffic to the required security devices

Which two steps should be included in your security design process? (Choose two.)

A. Identify external attackers

B. Define safety requirements for the customer's organization

C. Identify the firewall enforcement points

D. Define overall security policies

You are asked to design a VPN solution between 25 branches of a company. The company wants to have the sites talk directly to each other in the event of a hub device failure. The solution should follow industry standards.

Which solution would you choose in this scenario?

A. AutoVPN

B. Auto Discovery VPN

C. Group VPN

D. full mesh VPN

Your company has 500 branch sites and the CIO is concerned about minimizing the potential impact of a VPN router being stolen from an enterprise branch site. You want the ability to quickly disable a stolen VPN router while minimizing administrative overhead.

Which solution accomplishes this task?

A. Implement a certificate-based VPN using a public key infrastructure (PKI)

B. Modify your IKE proposals to use Diffie-Hellman group 14 or higher

C. Use firewall filters to block traffic from the stolen VPN router

D. Rotate VPN pre-shared keys every month

You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites.

Which feature will secure the traffic?

A. BFD

B. OSPF

C. GRE

D. IPsec