JNCDS-SEC Exam Objectives (Exam: JN0-1330)

Fundamental Security Concepts
Describe the various tenets of common security features
Access control lists
Stateful security policies
ALG’s
IPS
UTM
NAT
IPsec
Next-generation firewall
Screen

Advanced Security Concepts
Describe advanced security features
Security intelligence
Advanced anti-malware
Defense in-depth

Securing the Campus and Branch
Describe the security design considerations within a campus or branch network
Network segmentation
Network access
Wireless
802.1X
Remote access VPN’s
NAT
End-to-end security
BYOD

Securing the Enterprise WAN
Describe the security design considerations for an enterprise WAN
Internet edge security design principles
WAN aggregation
Private WAN
VPNs

Securing the Service Provider WAN
Describe the security design considerations for a service provider WAN
DoS/DDos attacks
Securing the control plane
Internet security
CG-NAT

Securing the Data Center

Describe the security design considerations in a data center
Securing data center interconnects
Securing North-South flows
Securing East-West flows
Virtual routers

Security Automation and Management
Describe the design considerations for security management
Securing the individual devices
Centralized security
Junos Space management platform
Junos Space Security Director and Log Director
Juniper Secure Analytics

Security Virtualization
Describe the security design considerations for a virtualized environment
NFV
Service chaining
Micro-segmentation
vSRX

High Availability
Describe the design considerations of high availability in a secure networks
Physical high availability
Virtual high availability
Asymmetrical traffic handling
Chassis clustering


QUESTION: No: 1
You are asked to implement port-based authentication on your access switches. Security and ease of
access are the two primary requirements. Which authentication solution satisfies these requirements?

A. MAC RADIUS
B. network access control
C. firewall authentication
D. IPsec tunnel

Answer: A


QUESTION: No: 2
What is one way to increase the security ofa site-to-site IPsec VPN tunnel?

A. Implement a stronger Diffie-Hellman group.
B. Change IKE Phase 1 from main mode to aggressive mode.
C. Implement traffic selectors.
D. Implement a policy-based VPN.

Answer: C


QUESTION: No: 3
Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support
dual stack They have decided against using a dynamic routing protocol. They are concerned about the
difficulty of managing configurations and operations at the hub location as they deploy branch routers
In this scenario, what ate three reasons for selecting route-based VPNs with traffic selectors’? (Choose
three)

A. Traffic selectors support IPv4 and IPv6.
B. Traffic selectors reduce the number of Phase 2 IPsec security associations.
C. Traffic selectors reduce latency because they bypass UTIVI.
D. Traffic selectors support auto route insertion
E. You can define mutliple traffic selectors within a single route-based VPN

Answer: A,D,E

Click here to view complete Q&A of JN0-1330 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-1330 Certification, Cisco JN0-1330 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]

Leave a Reply

Your email address will not be published. Required fields are marked *