JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

SRX Series device chassis clusters are created by physically connecting two identical cluster-supported SRX Series devices using a pair of the same type of Ethernet connections. The connection is made for both a control link and a fabric (data) link between the two devices. The chassis cluster data plane is connected with revenue ports, which are the ports that carry user traffic. The chassis cluster can contain a maximum of two devices, as only two nodes can form a cluster. The chassis cluster data plane is not connected with SPC ports, which are the ports that provide services processing. The chassis cluster cannot contain more than two devices, as this would violate the cluster design. References: Chassis Cluster Overview, Connecting SRX Series Firewalls to Create a Chassis Cluster

SSL proxy uses application identification services to dynamically detect if a particular session is SSL encrypted.

Policy Enforcer is a Junos Space Security Director component that allows updated security policies to be deployed across Juniper SRX Series firewalls, MX Series 5G Universal Routing Platforms, EX Series Ethernet Switches, QFX Series Switches, and third-party network devices1. Policy Enforcer can leverage the DDoS protection feature of Juniper devices to detect and mitigate DDoS attacks on the network. The DDoS protection feature is based on two main components: the classification of host-bound control plane traffic and a hierarchical set of individual- and aggregate-level policers that cap the volume of control plane traffic that each protocol type is able to send to the Routing Engine (RE) for processing2. The DDoS protection feature is supported on MX Series routers and QFX Series switches, among other devices3. Therefore, the correct devices to use for DDoS protection with Policy Enforcer are MX and QFX.

The other options are not correct for the following reasons:

• vQFX is a virtual switch that emulates the QFX Series switches for testing and development purposes. It does not support the DDoS protection feature4.
• vMX is a virtual router that emulates the MX Series routers for testing and development purposes. It does not support the DDoS protection feature.

References: Policy Enforcer DDoS Protection Case Study Protection against distributed denial of service (DDoS) attacks vQFX10000 Overview [vMX Overview]