JN0-332 Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

JN0-332 NCIS-SEC Exam Objectives

Junos Security Overview
Identify concepts, general features and functionality of Junos OS security
Junos security architecture
Branch vs. high-end platforms
Major hardware components of SRX Series services gateways
Packet flow
Packet-based vs. session-based forwarding

Zones
Identify concepts, benefits and operation of zones
Zone types
Dependencies
Host inbound packet behavior
Transit packet behavior
Demonstrate knowledge of how to configure, monitor and troubleshoot zones
Zone configuration steps
Hierarchy priority (Inheritance)
Monitoring and troubleshooting

Security Policies
Identify the concepts, benefits and operation of security policies
Policy types (default policy)
Policy components
Policy ordering
Host inbound traffic examination
Transit traffic examination
Scheduling
Rematching
ALGs
Address books
Applications
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
Policies
ALGs
Address books
Custom applications
Monitoring and troubleshooting

Firewall User Authentication
Describe the concepts, benefits and operation of firewall user authentication
User Firewall
User authentication types
Authentication server support
Client groups

Screens
Identify the concepts, benefits and operation of Screens
Attack types and phases
Screen options
Demonstrate knowledge of how to configure, monitor and troubleshoot Screens
Screen configuration steps
Monitoring and troubleshooting

NAT
Identify the concepts, benefits and operation of NAT
NAT types
NAT/PAT processing
Address persistence
NAT proxy ARP
Configuration guidelines
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
NAT configuration steps
Monitoring and troubleshooting

IPSec VPNs
Identify the concepts, benefits and operation of IPSec VPNs
Secure VPN characteristics and components
IPSec tunnel establishment
IPSec traffic processing
Junos OS IPSec implementation options
Demonstrate knowledge of how to configure, monitor and troubleshoot IPSec VPNs
IPSec VPN configuration steps
Monitoring and troubleshooting

High Availability (HA) Clustering
Identify the concepts, benefits and operation of HA
HA features and characteristics
Deployment requirements and considerations
Chassis cluster characteristics and operation
Cluster modes
Cluster and node IDs
Redundancy groups
Cluster interfaces
Real-time objects
State synchronization
Ethernet switching considerations
IPSec considerations
Manual failover
Demonstrate knowledge of how to configure, monitor and troubleshoot clustering
Cluster preparation
Cluster configuration steps
Monitoring and troubleshooting

Unified Threat Management (UTM)
Identify concepts, general features and functionality of UTM
Packet flow and processing
Design considerations
Policy flow
Platform support
Licensing
Describe the purpose, configuration and operation of antispam filtering
Methods
Whitelists vs. blacklists
Order of operations
Traffic examination
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the purpose, configuration and operation of antivirus protection
Scanning methods
Antivirus flow process
Scanning options and actions
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the concepts, benefits and operation of content and Web filtering
Filtering features and solutions
Configuration steps using the CLI
Monitoring and troubleshooting

QUESTION 1
Which type of Web filtering by default builds a cache of server actions associated with each URL it
has checked?

A. Websense Redirect Web filtering
B. integrated Web filtering
C. local Web filtering
D. enhanced Web filtering

Answer: B

Explanation:


QUESTION 2
Which security or functional zone name has special significance to the Junos OS?

A. self
B. trust
C. untrust
D. junos-global

Answer: D

Explanation:


QUESTION 3
Which command do you use to display the status of an antivirus database update?

A. show security utm anti-virus status
B. show security anti-virus database status
C. show security utm anti-virus database
D. show security utm anti-virus update

Answer: A

Explanation:


QUESTION 4
Which zone is system-defined?

A. security
B. functional
C. junos-global
D. management

Answer: C

Explanation:


QUESTION 5
You want to allow your device to establish OSPF adjacencies with a neighboring device connected
to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under which
configuration hierarchy must you permit OSPF traffic?

A. [edit security policies from-zone HR to-zone HR]
B. [edit security zones functional-zone management protocols]
C. [edit security zones protocol-zone HR host-inbound-traffic]
D. [edit security zones security-zone HR host-inbound-traffic protocols]

Answer: D

Explanation:

Click here to view complete Q&A of JN0-332 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Juniper JN0-332 Training at certkingdom.com