New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Juniper JN0-636 Security, Professional (JNCIP-SEC) Exam Practice Test

Page: 1 / 12
Total 115 questions

Security, Professional (JNCIP-SEC) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Exhibit:

Referring to the exhibit, your company’s infrastructure team implemented new printers

To make sure that the policy enforcer pushes the updated Ip address list to the SRX.

Which three actions are required to complete the requirement? (Choose three )

Options:

A.

Configure the server feed URL as http://172.25.10.254/myprinters

B.

Create a security policy that uses the dynamic address feed to allow access

C.

Configure Security Director to create a dynamic address feed

D.

Configure Security Director to create a C&C feed.

E.

Configure server feed URL as https://172.25.10.254/myprinters.

Question 2

You want to enable inter-tenant communica?on with tenant system.

In this Scenario, Which two solutions will accomplish this task?

Options:

A.

interconnect EVPN switch

B.

interconnect VPLS switch

C.

external router

D.

logical tunnel interface

Question 3

Click the Exhibit button.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

Options:

A.

Topology 3

B.

Topology 5

C.

Topology 2

D.

Topology 4

E.

Topology 1

Question 4

Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

Options:

A.

Juniper Networks will not investigate false positives generated by this custom feed.

B.

The custom infected hosts feed will not overwrite the Sky ATP infected host’s feed.

C.

The custom infected hosts feed will overwrite the Sky ATP infected host’s feed.

D.

Juniper Networks will investigate false positives generated by this custom feed.

Question 5

Exhibit.

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.

Which two commands will solve this problem? (Choose two.)

Options:

A.

[edit interfaces]

user@srx# delete st0.0 multipoint

B.

[edit security ike gateway advpn-gateway]

user@srx# delete advpn partner

C.

[edit security ike gateway advpn-gateway]

user@srx# set version v1-only

D.

[edit security ike gateway advpn-gateway]

user@srx# set advpn suggester disable

Question 6

Exhibit

You are using trace options to verity NAT session information on your SRX Series device

Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

This packet is part of an existing session.

B.

The SRX device is changing the source address on this packet from

C.

This is the first packet in the session

D.

The SRX device is changing the destination address on this packet 10.0.1 1 to 172 20.101.10.

Question 7

You are asked to control access to network resources based on the identity of an authenticated device

Which three steps will accomplish this goal on the SRX Series firewalls? (Choose three )

Options:

A.

Configure an end-user-profile that characterizes a device or set of devices

B.

Reference the end-user-profile in the security zone

C.

Reference the end-user-profile in the security policy.

D.

Apply the end-user-profile at the interface connecting the devices

E.

Configure the authentication source to be used to authenticate the device

Question 8

Exhibit

An administrator wants to configure an SRX Series device to log binary security events for tenant systems.

Referring to the exhibit, which statement would complete the configuration?

Options:

A.

Configure the tenant as TSYS1 for the pi security profile.

B.

Configure the tenant as root for the pi security profile.

C.

Configure the tenant as master for the pi security profile.

D.

Configure the tenant as local for the pi security profile

Question 9

Exhibit

You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies

Referring to the exhibit, what should you do to solve this problem?

Options:

A.

You must change the global mode to security switching mode.

B.

You must change the global mode to security bridging mode

C.

You must change the global mode to transparent bridge mode.

D.

You must change the global mode to switching mode.

Question 10

Which two features would be used for DNS doctoring on an SRX Series firewall? (Choose two.)

Options:

A.

The DNS ALG must be enabled.

B.

static NAT

C.

The DNS ALG must be disabled.

D.

source NAT

Question 11

Which two log format types are supported by the JATP appliance? (Choose two.)

Options:

A.

YAML

B.

XML

C.

CSV

D.

YANG

Question 12

You are asked to detect domain generation algorithms

Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)

Options:

A.

Define an advanced-anti-malware policy under [edit services].

B.

Attach the security-metadata-streaming policy to a security

C.

Define a security-metadata-streaming policy under [edit

D.

Attach the advanced-anti-malware policy to a security policy.

Question 13

You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses. Which two steps will fulfill this requirement? (Choose two.)

Options:

A.

Enroll the devices with Juniper ATP Appliance.

B.

Enroll the devices with Juniper ATP Cloud.

C.

Enable a third-party Tor feed.

D.

Create a custom feed containing all current known MAC addresses.

Question 14

You are asked to deploy Juniper atp appliance in your network. You must ensure that incidents and

alerts are sent to your SIEM.

In this scenario, which logging output format is supported?

Options:

A.

WELF

B.

JSON

C.

CEF

D.

binay

Question 15

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.

What would be a cause of this problem?

Options:

A.

The collector must have a minimum of two interfaces.

B.

The collector must have a minimum of three interfaces.

C.

The collector must have a minimum of five interfaces.

D.

The collector must have a minimum of four interfaces.

Question 16

you configured a security policy permitting traffic from the trust zone to the untrust zone but your

traffic not hitting the policy.

In this scenario, which cli command allows you to troubleshoot traffic problem using the match criteria?

Options:

A.

show security policy-report

B.

show security application-tracking counters

C.

show security match-policies

D.

request security policies check

Question 17

Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic. How many IKE security associations are required between the IPsec peers in this scenario?

Options:

A.

1

B.

3

C.

4

D.

2

Question 18

Exhibit

Referring to the exhibit, which statement is true?

Options:

A.

This custom block list feed will be used before the Juniper Seclntel

B.

This custom block list feed cannot be saved if the Juniper Seclntel block list feed is configured.

C.

This custom block list feed will be used instead of the Juniper Seclntel block list feed

D.

This custom block list feed will be used after the Juniper Seclntel block list feed.

Question 19

The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device.

In this scenario, which two statements related to the feature are true? (Choose two.)

Options:

A.

This feature does not capture transit traffic.

B.

This feature captures ICMP traffic to and from the SRX Series device.

C.

This feature is supported on high-end SRX Series devices only.

D.

This feature is supported on both branch and high-end SRX Series devices.

Question 20

Exhibit:

Referring to the exhibit, the operator user is unable to save configuration files to a usb stick the is

plugged into SRX. What should you do to solve this problem?

Options:

A.

Add the floppy permission flag to the operations class

B.

Add the system-control permission flag to the operation class

C.

Add the interface-control permission flag to the operation class

D.

Add the system permission flag to the operation class

Question 21

You want to enroll an SRX Series device with Juniper ATP Appliance. There is a firewall device in the path between the devices. In this scenario, which port should be opened in the firewall device?

Options:

A.

8080

B.

443

C.

80

D.

22

Question 22

A company wants to par??on their physical SRX series firewall into multiple logical units and assign

each unit (tenant) to a department within the organization. You are the primary administrator of firewall

and a colleague is the administrator for one of the departments.

Which two statements are correct about your colleague? (Choose two)

Options:

A.

The colleague can configure the resources allocated and routing protocols

B.

The colleague can access and view the resources of the tenant system.

C.

The colleague can create and assign logical interfaces to the tenant system

D.

The colleague can modify the number of allocated resources for the tenant system

Question 23

Exhibit

You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit.

What is the correct action to solve the problem on the SRX device?

Options:

A.

Create a firewall filter to accept the BGP traffic

B.

Configure destination NAT for BGP traffic.

C.

Add BGP to the Allowed host-inbound-traffic for the interface

D.

Modify the security policy to allow the BGP traffic.

Question 24

You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the “Policy is out of sync between RE and PFE .” error.

Which command would be used to solve the problem?

Options:

A.

request security polices resync

B.

request service-deployment

C.

request security polices check

D.

restart security-intelligence

Question 25

Exhibit

You configure Source NAT using a pool of addresses that are in the same subnet range as the external ge-0/0/0 interface on your vSRX device. Traffic that is exiting the internal network can reach external destinations, but the return traffic is being dropped by the service provider router.

Referring to the exhibit, what must be enabled on the vSRX device to solve this problem?

Options:

A.

STUN

B.

Proxy ARP

C.

Persistent NAT

D.

DNS Doctoring

Question 26

You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate.

Which configuration accomplishes these objectives?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 27

Exhibit

Referring to the exhibit, which type of NAT is being performed?

Options:

A.

Static NAT

B.

Destination NAT

C.

Persistent NAT

D.

Source NAT

Question 28

Exhibit

You are using traceoptions to verify NAT session information on your SRX Series device. Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

This is the last packet in the session.

B.

The SRX Series device is performing both source and destination NAT on this session.

C.

This is the first packet in the session.

D.

The SRX Series device is performing only source NAT on this session.

Question 29

which security feature bypasses routing or switching lookup?

Options:

A.

transparent mode

B.

secure wire

C.

mixed mode

D.

MACsec

Question 30

You are asked to provide single sign-on (SSO) to Juniper ATP Cloud. Which two steps accomplish this goal? (Choose two.)

Options:

A.

Configure Microsoft Azure as the service provider (SP).

B.

Configure Microsoft Azure as the identity provider (IdP).

C.

Configure Juniper ATP Cloud as the service provider (SP).

D.

Configure Juniper ATP Cloud as the identity provider (IdP).

Question 31

You must setup a Ddos solution for your ISP. The solution must be agile and not block legitimate traffic.

Which two products will accomplish this task? (Choose two.)

Options:

A.

Contrail Insights

B.

MX Series device

C.

Corero Smartwall TDD

D.

SRX Series device

Question 32

Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

Options:

A.

The c-1 TSYS has a reservation for the security flow resource.

B.

The c-1 TSYS can use security flow resources up to the system maximum.

C.

The c-1 TSYS cannot use any security flow resources.

D.

The c-1 TSYS has no reservation for the security flow resource.

Question 33

You are asked to determine if the 203.0.113.5 IP address has been added to the third-party security feed, DS hield, from Juniper Seclnte1. You have an SRX Series device that is using Seclnte1 feeds from Juniper ATP Cloud

Which command will return this information?

Options:

A.

show security dynamic—address category—name CC | match 203.0.113.5

B.

show security dynamic—address category—name Infected—Hosts | match 203.0.113.5

C.

show security dynamic-address category-name IP Filter I match 203.0.113.5

D.

show Security dynamic-address category-name JWAS | match 203.0.113.5

Question 34

Exhibit

You have recently configured Adaptive Threat Profiling and notice 20 IP address entries in the monitoring section of the Juniper ATP Cloud portal that do not match the number of entries locally on the SRX Series device, as shown in the exhibit.

What is the correct action to solve this problem on the SRX device?

Options:

A.

You must configure the DAE in a security policy on the SRX device.

B.

Refresh the feed in ATP Cloud.

C.

Force a manual download of the Proxy__Nodes feed.

D.

Flush the DNS cache on the SRX device.

Page: 1 / 12
Total 115 questions