Security Professional (JNCIP-SEC)
Last Update Apr 30, 2024
Total Questions : 115
We are offering FREE JN0-636 Juniper exam questions. All you do is to just go and sign up. Give your details, prepare JN0-636 free exam questions and then go for complete pool of Security Professional (JNCIP-SEC) test questions that will help you more.
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and
only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?
Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic. How many IKE security associations are required between the IPsec peers in this scenario?
You are asked to allocate security profile resources to the interconnect logical system for it to work properly.
In this scenario, which statement is correct?
Exhibit
You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.
In this scenario, which action will solve this problem?
According to the log shown in the exhibit, you notice the IPsec session is not establishing.
What is the reason for this behavior?
You want traffic to avoid the flow daemon for administrative task.
In this scenario which two stateless service are available with selective stateless packet based service. (Choose Two)
You are asked to look at a configuration that is designed to take all traffic with a specific source ip address and forward the
traffic to a traffic analysis server for further evaluation. The configuration is no longer working as intended.
Referring to the exhibit which change must be made to correct the configuration?
Exhibit
You are trying to configure an IPsec tunnel between SRX Series devices in the corporate office and branch1. You have committed the configuration shown in the exhibit, but the IPsec tunnel is not establishing.
In this scenario, what would solve this problem.
To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)
which two statements about the configuration shown in the exhibit are correct ?
Exhibit:
You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for
the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to
ensure remote users can access the webserver.Which two statements are true in this scenario? (Choose two.)
you are connecting two remote sites to your corporate headquarters site. You must ensure that traffic
passes corporate headquarter.
In this scenario, which VPN should be used?
Exhibit
Referring to the exhibit, which two statements are true? (Choose two.)
Exhibit:
You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block
only inbound telnet traffic on interface ge-0/0/3.
How should you modify the configuration to fulfill the requirements?
You are asked to control access to network resources based on the identity of an authenticated device
Which three steps will accomplish this goal on the SRX Series firewalls? (Choose three )
Exhibit
Referring to the exhibit, which three protocols will be allowed on the ge-0/0/5.0 interface? (Choose three.)
Which two statements are correct regarding tenant systems on SRX Series devices? (Choose two.)
Exhibit
You are using trace options to verity NAT session information on your SRX Series device
Referring to the exhibit, which two statements are correct? (Choose two.)
Exhibit:
The security trace options configuration shown in the exhibit is committed to your SRX series firewall. Which two statements are correct in this Scenario? (Choose Two)
Exhibit
The show network-access aaa radius-servers command has been issued to solve authentication issues.
Referring to the exhibit, to which two authentication servers will the SRX Series device continue to send requests? (Choose TWO)
You must setup a Ddos solution for your ISP. The solution must be agile and not block legitimate traffic.
Which two products will accomplish this task? (Choose two.)
Which two log format types are supported by the JATP appliance? (Choose two.)
You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the “Policy is out of sync between RE and PFE
Which command would be used to solve the problem?
Exhibit
An administrator wants to configure an SRX Series device to log binary security events for tenant systems.
Referring to the exhibit, which statement would complete the configuration?
Exhibit.
A hub member of an ADVPN is not functioning correctly.
Referring the exhibit, which action should you take to solve the problem?
You configured a chassis cluster for high availability on an SRX Series device and enrolled this HA cluster with the Juniper ATP Cloud. Which two statements are correct in this scenario? (Choose two.)
Exhibit
Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)
Exhibit
You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit.
What is the correct action to solve the problem on the SRX device?
You are connecting two remote sites to your corporate headquarters site. You must ensure that all traffic is secured and sent directly between sites In this scenario, which VPN should be used?
Exhibit
Referring to the exhibit, which three statements are true? (Choose three.)
Exhibit.
Referring to the exhibit, which two statements are true? (Choose two.)
Which method does an SRX Series device in transparent mode use to learn about unknown devices in a network?