Want to pass your Security Design - Specialist (JNCDS-SEC) JN0-1331 exam in the very first attempt? Try Pass2lead! It is equally effective for both starters and IT professionals.
VCE
Policy Enforcer provides which benefit?
A. log management
B. command and control protection
C. centralized management of security devices
D. IPsec encryption
You are designing a DDoS solution for an ISP using BGP FlowSpec. You want to ensure that BGP FlowSpec does not overwhelm the ISP's edge routers.
Which two requirements should be included in your design? (Choose two.)
A. Specify a maximum number BGP FlowSpec prefixes per neighbor
B. Implement a route policy to limit advertised routes to /24 subnets
C. Implement a route policy to limit advertised routes to any public IP space
D. Specify a maximum number of BGP FlowSpec prefixes per device
You are designing a corporate WAN using SRX Series devices as a combined firewall and router at each site.
Regarding packet-mode and flow-mode operations in this scenario, which statement is true?
A. Packet-mode on SRX Series devices is required for deep packet inspection
B. Packet-mode is only supported on high-end SRX Series devices
C. An SRX Series device in flow-mode cannot forward packet-mode traffic
D. Flow-mode on SRX Series devices is required for security services