Jan-2022 Juniper JN0-1331 Actual Questions and Braindumps
JN0-1331 Dumps To Pass Juniper Exam in 24 Hours - ExamsReviews
NEW QUESTION 25
You have a campus location with multiple WAN links. You want to specify the primary link used for your VoIP traffic.
In this scenario, which type of WAN load balancing would you use?
- A. FBF
- B. ECMP
- C. OSPF
- D. BGP
Answer: A
NEW QUESTION 26
Which statement about IPsec tunnels is true?
- A. They are used to secure and encrypt traffic between tunnel endpoints
- B. They are used to prevent routing loops in a Layer 2 environment
- C. They are used to combine multiple interfaces into a single bundle
- D. They are used to provide in-depth packet inspection for traffic leaving your network
Answer: A
NEW QUESTION 27
Your company has 500 branch sites and the CIO is concerned about minimizing the potential impact of a VPN router being stolen from an enterprise branch site. You want the ability to quickly disable a stolen VPN router while minimizing administrative overhead.
Which solution accomplishes this task?
- A. Implement a certificate-based VPN using a public key infrastructure (PKI)
- B. Rotate VPN pre-shared keys every month
- C. Use firewall filters to block traffic from the stolen VPN router
- D. Modify your IKE proposals to use Diffie-Hellman group 14 or higher
Answer: C
NEW QUESTION 28
You are working on a network design that will use EX Series devices as Layer 2 access switches in a campus environment. You must include Junos Space in your design. You want to take advantage of security features supported on the devices.
Which two security features would satisfy this requirement? (Choose two.)
- A. SDSN
- B. ALG
- C. Access Control
- D. Stateful Firewall
Answer: A,C
NEW QUESTION 29
Your customer needs help designing a single solution to protect their combination of various Junos network devices from unauthorized management access.
Which Junos OS feature will provide this protection?
- A. Use a firewall filter applied to the lo0 interface
- B. Use the management zone host-inbound-traffic feature
- C. Use a firewall filter applied to the fxp0 interface
- D. Use a security policy with the destination of the junos-host zone
Answer: C
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-router- security-supported-features.html
NEW QUESTION 30
You are designing a network management solution that provides automation for Junos devices. Your customer wants to know which solutions would require additional software to be deployed to existing Junos devices.
Which two solutions satisfy this scenario? (Choose two.)
- A. SaltStack
- B. Chef
- C. Puppet
- D. Ansible
Answer: A,B
NEW QUESTION 31
You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?
- A. MACsec encryption
- B. stacked VLAN tagging on the core switches
- C. LAG Layer 2 hashing
- D. IRB VLAN routing between hosts
Answer: D
NEW QUESTION 32
You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below:
* You must ensure that every packet entering your device is independently inspected against a set of rules.
* You must provide a way to protect the device from undesired access attempts.
* You must ensure that you can apply a different set of rules for traffic leaving the device than are in use
* for traffic entering the device.
In this scenario, what do you recommend using to accomplish these requirements?
- A. unified threat management
- B. intrusion prevention system
- C. firewall filters
- D. screens
Answer: C
NEW QUESTION 33
Which two protocols are supported natively by the Junos automation stack? (Choose two.)
- A. PyEZ
- B. CIP
- C. Jenkins
- D. NETCONF
Answer: A,D
NEW QUESTION 34
You work for an ISP that wants to implement remote-triggered black hole (RTBH) filters.
What are three considerations in this scenario? (Choose three.)
- A. BGP FlowSpec improves the RTBH model by implementing dynamic firewall filters
- B. Destination RTBH essentially completes the attack on the victim's IP
- C. Source RTBH can block legitimate traffic on the network
- D. Source RTBH requires uRPF to be implemented on the service provider's network core
- E. Destination RTBH requires uRPF to be implemented on the service provider's network edge
Answer: A,C,D
NEW QUESTION 35
You are using SRX Series devices to secure your network and you require sandboxing for malicious file detonation. However, per company policy, you cannot send potentially malicious files outside your network for sandboxing.
Which feature should you use in this situation?
- A. Sky ATP
- B. IPS
- C. JATP
- D. UTM antivirus
Answer: C
Explanation:
Juniper Advanced Threat Prevention Appliance
NEW QUESTION 36
You are designing a DDoS solution for an ISP using BGP FlowSpec. You want to ensure that BGP FlowSpec does not overwhelm the ISP's edge routers.
Which two requirements should be included in your design? (Choose two.)
- A. Specify a maximum number BGP FlowSpec prefixes per neighbor
- B. Implement a route policy to limit advertised routes to any public IP space
- C. Implement a route policy to limit advertised routes to /24 subnets
- D. Specify a maximum number of BGP FlowSpec prefixes per device
Answer: B,D
Explanation:
Explanation
Explanation/Reference: https://www.juniper.net/documentation/en_US/day-one-books/DO_BGP_FLowspec.pdf
NEW QUESTION 37
You are asked to install a mechanism to protect an ISP network from denial-of-service attacks from a small number of sources.
Which mechanism will satisfy this requirement?
- A. Sky ATP
- B. GeoIP
- C. UTM
- D. RTBH
Answer: D
NEW QUESTION 38
Your company has outgrown its existing secure enterprise WAN that is configured to use OSPF, AutoVPN, and IKE version 1. You are asked if it is possible to make a design change to improve the WAN performance without purchasing new hardware.
Which two design changes satisfy these requirements? (Choose two.)
- A. Modify the IPsec proposal from AES-128 to AES-256
- B. Change the IGP from OSPF to IS-IS
- C. Migrate to IKE version 2
- D. Implement Auto Discovery VPN
Answer: B,D
NEW QUESTION 39
You are designing a data center security architecture. The design requires automated scaling of security services according to real-time traffic flows.
Which two design components will accomplish this task? (Choose two.)
- A. VRF segmentation on high-capacity physical security appliances
- B. VNF security devices deployed on x86 servers
- C. JFlow traffic monitoring with event scripts
- D. telemetry with an SDN controller
Answer: B,C
NEW QUESTION 40
You are designing a solution to protect a service provider network against volumetric denial-of-service attacks. Your main concern is to protect the network devices.
Which two solutions accomplish this task? (Choose two.)
- A. next-generation firewall
- B. BGP FlowSpec
- C. screens
- D. intrusion prevention system
Answer: B,D
Explanation:
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/day-one-books/DO_BGP_FLowspec.pdf
NEW QUESTION 41
You want to deploy a VPN that will connect branch locations to the main office. You will eventually add additional branch locations to the topology, and you must avoid additional configuration on the hub when those sites are added.
In this scenario, which VPN solution would you recommend?
- A. Hub-and-Spoke VPN
- B. Group VPN
- C. AutoVPN
- D. Site-to-Site VPN
Answer: C
Explanation:
Explanation/Reference: https://www.juniper.net/assets/us/en/local/pdf/solutionbriefs/3510477-en.pdf
NEW QUESTION 42
You want to deploy a VPN that will connect branch locations to the main office. You will eventually add additional branch locations to the topology, and you must avoid additional configuration on the hub when those sites are added.
In this scenario, which VPN solution would you recommend?
- A. Hub-and-Spoke VPN
- B. Group VPN
- C. AutoVPN
- D. Site-to-Site VPN
Answer: C
NEW QUESTION 43
You are designing a new campus Internet access service that implements dynamic NAT for customer IP addressing. The customer requires services that allow peer-to-peer networking and online gaming.
In this scenario, what will accomplish this task?
- A. EVPN over IPsec
- B. one-to-one NAT
- C. stacked VLAN tagging
- D. endpoint independent mapping
Answer: C
NEW QUESTION 44
Which two features are used to stop IP spoofing in and out of your network? (Choose two.)
- A. GeoIP
- B. unicast reverse path forwarding
- C. IPS
- D. firewall filters
Answer: B,C
NEW QUESTION 45
You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?
- A. MACsec encryption
- B. stacked VLAN tagging on the core switches
- C. LAG Layer 2 hashing
- D. IRB VLAN routing between hosts
Answer: D
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/example/private-vlans-irb- interfaces-mx-series-l2ng-configuring.html
NEW QUESTION 46
You are designing an SDSN security solution for a new campus network. The network will consist of Juniper Networks Policy Enforcer, Juniper Networks switches, third-party switches, and SRX Series devices. The switches and the SRX Series devices will be used as security enforcement points.
Which component supports the SRX Series devices in this scenario?
- A. RADIUS server
- B. certificate server
- C. Security Director
- D. DHCP server
Answer: C
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/release-independent/solutions/topics/concept/sg-
006a-sdsn-product-components.html
NEW QUESTION 47
......
Juniper JN0-1331 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
Download the Latest JN0-1331 Dump - 2022 JN0-1331 Exam Question Bank: https://www.examsreviews.com/JN0-1331-pass4sure-exam-review.html