Skip to content

JN0-635 Security, Professional JNCIP-SEC exam demo

QUESTION 3
Your organization has multiple Active Directory domains to control user access. You must ensure that security
policies are passing traffic based upon the users’ access rights.
What would you use to assist your SRX Series devices to accomplish this task?
A. JATP Appliance
B. JIMS
C. JSA
D. Junos Space
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-authintergrated-
user-firewall-overview.html
QUESTION 4
You are asked to set up notifications if one of your collector traffic feeds drops below 100 kbps.
Which two configuration parameters must be set to accomplish this task? (Choose two.)
A. Set a traffic SNMP trap on the JATP appliance
B. Set a logging notification on the JATP appliance
C. Set a general triggered notification on the JATP appliance
D. Set a traffic system alert on the JATP appliance
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
.

.

.

QUESTION 9
You are asked to merge to corporate network with the network from a recently acquired company. Both
networks use the same private IPv4 address space (172.25.126.0/24). An SRX Series device servers as the
gateway for each network.
Which solution allows you to merge the two networks without modifying the current address assignments?
A. persistent NAT
B. NAT46
C. source NAT
D. double NAT
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
QUESTION 10
You have set up Security Director with Policy Enforcer and have configured 12 third-party feeds and a Sky ATP
feed. You are also injecting 16 feeds using the available open API. You want to add another compatible feed
using the available open API, but Policy Enforcer is not receiving the new feed.
What is the problem in this scenario?
A. You must wait 48 hours for the feed to update
B. You cannot add more than 16 feeds through the available open API
C. You have reached the maximum limit of 29 total feeds
96CE4376707A97CE80D4B1916F054522
D. You cannot add more than 16 feeds with the available open API
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/release-independent/sky-atp/information-products/
pathway-pages/sky-atp-admin-guide.pdf page 110
QUESTION 11
Which three types of peer devices are supported for CoS-based IPsec VPNs? (Choose three.)
A. branch SRX Series device
B. third-party device
C. cSRX
D. high-end SRX Series device
E. vSRX
Correct Answer: ADE
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/secuirty-cos-based-ipsecvpns.
html
QUESTION 12
You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in
forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)
A. Host inbound traffic must not be processed by the flow module
B. Host inbound traffic must be processed by the flow module
C. The SRX Series device can process both MPLS and IPsec with default traffic handling
D. A firewall filter must be configured to enable packet mode forwarding
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-packet-basedforwarding.
html
QUESTION 13
Which three roles or protocols are required when configuring an ADVPN? (Choose three.)
A. OSPF
B. shortcut partner
C. shortcut suggester
D. IKEv1
E. BGP
96CE4376707A97CE80D4B1916F054522
Correct Answer: ABC
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discoveryvpns.
html
QUESTION 14
You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network
consists of SRX340s and SRX5600s.
In this scenario, which two statements are true? (Choose two.)
A. IPsec logs are written to the kmd log file by default
B. IKE logs are written to the messages log file by default
C. You must enable data plane logging on the SRX340 devices to generate security policy logs
D. You must enable data plane logging on the SRX5600 devices to generate security policy logs
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
.

.

.
QUESTION 18
You are asked to secure your network against TOR network traffic.
Which two Juniper products would accomplish this task? (Choose two.)
A. Contrail Edge
B. Contrail Insights
C. Juniper Sky ATP
D. Juniper ATP Appliance
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
You are asked to implement the session cache feature on an SRX5400.
In this scenario, what information does a session cache entry record? (Choose two.)
A. The type of processing to do for ingress traffic
96CE4376707A97CE80D4B1916F054522
B. The type of processing to do for egress traffic
C. To which SPU the traffic of the session should be forwarded
D. To which NPU the traffic of the session should be forwarded
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-packet-basedforwarding.
html
QUESTION 20
Which feature of Sky ATP is deployed with Policy Enforcer?
A. zero-day threat mitigation
B. software image snapshot support
C. device inventory management
D. service redundancy daemon configuration support
Correct Answer: A

BUY full version for whole question set
.

.

.

 

Previous article EX200 Red Hat Certified System Administrator –RHCSA exams demo
Next article 1Y0-312 Citrix Virtual Apps and Desktops 7 Advanced Administration exams demo

Leave a comment

* Required fields