Updated Juniper JN0-636 Exam Dumps (V10.03) – Top Choice to Prepare for Juniper Security, Professional (JNCIP-SEC) Exam

1. SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following commandshow configuration services security―intelligence url

https://cloudfeeds.argon.juniperaecurity.net/api/manifeat.xml

and receives the following output:

What is the problem in this scenario?

2. You are asked to deploy filter-based forwarding on your SRX Series device for incoming traffic sourced from the 10.10 100 0/24 network in this scenario, which three statements are correct? (Choose three.)

3. You are asked to provide single sign-on (SSO) to Juniper ATP Cloud.

Which two steps accomplish this goal? (Choose two.)

4. You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents.

Which security feature achieves this objective?

5. Exhibit

You are using ATP Cloud and notice that there is a host with a high number of ETI and C&C hits sourced from the same investigation and notice that some of the events have not been automatically mitigated.

Referring to the exhibit, what is a reason for this behavior?

6. Exhibit

Which statement is true about the output shown in the exhibit?

7. Exhibit

You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.

In this scenario, which action will solve this problem?

8. Exhibit

You configure a traceoptions file called radius on your returns the output shown in the exhibit

What is the source of the problem?

9. Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts

What will solve this problem?

10. What is the purpose of the Switch Microservice of Policy Enforcer?

11. Exhibit

Referring to the exhibit, which statement is true?

12. Exhibit

The exhibit shows a snippet of a security flow trace.

In this scenario, which two statements are correct? (Choose two.)

13. Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?

14. Exhibit

You are trying to configure an IPsec tunnel between SRX Series devices in the corporate office and branch1. You have committed the configuration shown in the exhibit, but the IPsec tunnel is not establishing.

In this scenario, what would solve this problem.

15. You want to configure a threat prevention policy.

Which three profiles are configurable in this scenario? (Choose three.)

16. You are asked to detect domain generation algorithms

Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)

17. You are deploying a virtualization solution with the security devices in your network Each SRX Series device must support at least 100 virtualized instances and each virtualized instance must have its own discrete administrative domain.

In this scenario, which solution would you choose?

18. Exhibit

You configure Source NAT using a pool of addresses that are in the same subnet range as the external ge-0/0/0 interface on your vSRX device. Traffic that is exiting the internal network can reach external destinations, but the return traffic is being dropped by the service provider router.

Referring to the exhibit, what must be enabled on the vSRX device to solve this problem?

19. Exhibit

An administrator wants to configure an SRX Series device to log binary security events for tenant systems.

Referring to the exhibit, which statement would complete the configuration?

20. Your company wants to use the Juniper Seclntel feeds to block access to known command and control servers, but they do not want to use Security Director to manage the feeds.

Which two Juniper devices work in this situation? (Choose two)

21. Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic.

How many IKE security associations are required between the IPsec peers in this scenario?

22. Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

23. You are connecting two remote sites to your corporate headquarters site.You must ensure that all traffic is secured and sent directly between sites In this scenario, which VPN should be used?

24. All interfaces involved in transparent mode are configured with which protocol family?

25. Exhibit

You are using traceoptions to verify NAT session information on your SRX Series device.

Referring to the exhibit, which two statements are correct? (Choose two.)

26. You are asked to determine if the 203.0.113.5 IP address has been added to the third-party security feed, DS hield, from Juniper Seclnte1. You have an SRX Series device that is using Seclnte1 feeds from Juniper ATP Cloud

Which command will return this information?

27. You want to enroll an SRX Series device with Juniper ATP Appliance. There is a firewall device in the path between the devices.

In this scenario, which port should be opened in the firewall device?

28. Exhibit

Which two statements are correct about the output shown in the exhibit. (Choose two.)

29. Which two types of source NAT translations are supported in this scenario? (Choose two.)

30. Which statement is true about persistent NAT types?

31. Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

32. Exhibit

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.

Which two commands will solve this problem? (Choose two.)

A)

B)

C)

D)

33. In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)

34. You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses.

Which two steps will fulfill this requirement? (Choose two.)

35. Exhibit

Which two statements are correct about the output shown in the exhibit? (Choose two.)

36. Exhibit

You are not able to ping the default gateway of 192.168 100 1 (or your network that is located on your SRX Series firewall.

Referring to the exhibit, which two commands would correct the configuration of your SRX Series device? (Choose two.)

A)

B)

C)

D)

37. Exhibit

You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies

Referring to the exhibit, what should you do to solve this problem?

38. You are asked to download and install the IPS signature database to a device operating in chassis cluster mode.

Which statement is correct in this scenario?

39. Exhibit

Your company recently acquired a competitor. You want to use using the same IPv4 address space as your company.

Referring to the exhibit, which two actions solve this problem? (Choose two)

40. What are two valid modes for the Juniper ATP Appliance? (Choose two.)