Security,Professional (JNCIP-SEC) JN0-636 exam training questions

test2022-12-22T05:36:12+00:00

The JNCIP-SEC (JN0-636) exam is a professional-level certification for network security specialists. It is designed to test a candidate’s knowledge and skills in designing, implementing, and troubleshooting secure networks. It is also important to have practical experience working with network security technologies, such as firewalls, VPNs, and intrusion prevention systems. Studying Security,Professional (JNCIP-SEC) JN0-636 exam training questions can help you gain the knowledge and skills needed to succeed on the Juniper JNCIP-SEC JN0-636 exam.

Try online free JN0-636 practice exam.

Page 1 of 2

1. Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?

The number of traffic selectors configured for the VP

The number of CoS queues configured for the VP

The number of classifiers configured for the VP

The number of forwarding classes configured for the VP

2. You are asked to provide single sign-on (SSO) to Juniper ATP Cloud.

Which two steps accomplish this goal? (Choose two.)

Configure Microsoft Azure as the service provider (SP).

Configure Microsoft Azure as the identity provider (IdP).

Configure Juniper ATP Cloud as the service provider (SP).

Configure Juniper ATP Cloud as the identity provider (IdP).

3. All interfaces involved in transparent mode are configured with which protocol family?

mpls

bridge

inet

ethernet ― switching

4. Exhibit

You configure Source NAT using a pool of addresses that are in the same subnet range as the external ge-0/0/0 interface on your vSRX device. Traffic that is exiting the internal network can reach external destinations, but the return traffic is being dropped by the service provider router.

Referring to the exhibit, what must be enabled on the vSRX device to solve this problem?

STUN

Proxy ARP

Persistent NAT

DNS Doctoring

5. Exhibit

You are trying to configure an IPsec tunnel between SRX Series devices in the corporate office and branch1. You have committed the configuration shown in the exhibit, but the IPsec tunnel is not establishing.

In this scenario, what would solve this problem.

Add multipoint to the st0.0 interface configuration on the branch1 device.

Change the IKE proposal-set to compatible on the branch1 and corporate devices.

Change the local identity to inet advpn on the branch1 device.

Change the IKE mode to aggressive on the branch1 and corporate devices.

6. While troubleshooting security policies, you added the count action.

Where do you see the result of this action?

In the show security policies hit-count command output.

In the show security flow statistics command output.

In the show security policies detail command output.

In the show firewall log command output.

7. Exhibit

You are using ATP Cloud and notice that there is a host with a high number of ETI and C&C hits sourced from the same investigation and notice that some of the events have not been automatically mitigated.

Referring to the exhibit, what is a reason for this behavior?

The C&C events are false positives.

The infected host score is globally set bellow a threat level of 5.

The infected host score is globally set above a threat level of 5.

The ETI events are false positives.

8. Exhibit

Referring to the exhibit, which three statements are true? (Choose three.)

The packet's destination is to an interface on the SRX Series device.

The packet's destination is to a server in the DMZ zone.

The packet originated within the Trust zone.

The packet is dropped before making an SSH connection.

The packet is allowed to make an SSH connection.

9. You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses.

Which two steps will fulfill this requirement? (Choose two.)

Enroll the devices with Juniper ATP Appliance.

Enroll the devices with Juniper ATP Cloud.

Enable a third-party Tor feed.

Create a custom feed containing all current known MAC addresses.

10. Exhibit

You are validating bidirectional traffic flows through your IPsec tunnel. The 4546 session represents traffic being sourced from the remote end of the IPsec tunnel. The 4547 session represents traffic that is sourced from the local network destined to the remote network.

Which statement is correct regarding the output shown in the exhibit?

The remote gateway address for the IPsec tunnel is 10.20.20.2

The session information indicates that the IPsec tunnel has not been established

The local gateway address for the IPsec tunnel is 10.20.20.2

NAT is being used to change the source address of outgoing packets

Page 2 of 2

11. Exhibit

You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies

Referring to the exhibit, what should you do to solve this problem?

You must change the global mode to security switching mode.

You must change the global mode to security bridging mode

You must change the global mode to transparent bridge mode.

You must change the global mode to switching mode.

12. Exhibit

You are using traceoptions to verify NAT session information on your SRX Series device.

Referring to the exhibit, which two statements are correct? (Choose two.)

This is the last packet in the session.

The SRX Series device is performing both source and destination NAT on this session.

This is the first packet in the session.

The SRX Series device is performing only source NAT on this session.

13. In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)

Send a custom message

Close the connection.

Drop the connection silently.

Quarantine the host.

14. You configured a chassis cluster for high availability on an SRX Series device and enrolled this HA cluster with the Juniper ATP Cloud.

Which two statements are correct in this scenario? (Choose two.)

You must use different license keys on both cluster nodes.

When enrolling your devices, you only need to enroll one node.

You must set up your HA cluster after enrolling your devices with Juniper ATP Cloud

You must use the same license key on both cluster nodes.

15. You want to use selective stateless packet-based forwarding based on the source address.

In this scenario, which command will allow traffic to bypass the SRX Series device flow daemon?

set firewall family inet filter bypaa3_flowd term t1 then skip―services accept

set firewall family inet filter bypass_flowd term t1 then routing-instance stateless

set firewall family inet filter bypas3_flowd term t1 then virtual-channel stateless

set firewall family inet filter bypass__f lowd term t1 then packet―mode

16. Exhibit

Which two statements are correct about the output shown in the exhibit? (Choose two.)

The packet is silently discarded.

The packet is part of an existing session.

The packet is part of a new session.

The packet is explicitly rejected.

17. Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts

What will solve this problem?

Disable PA

Enable destination NA

Enable persistent NAT

Enable address persistence.