Juniper JN0-636 Real Exam Questions
The questions for JN0-636 were last updated at Dec 09,2024.
- Exam Code: JN0-636
- Exam Name: Security,Professional (JNCIP-SEC)
- Certification Provider: Juniper
- Latest update: Dec 09,2024
Exhibit
You are not able to ping the default gateway of 192.168 100 1 (or your network that is located on your SRX Series firewall.
Referring to the exhibit, which two commands would correct the configuration of your SRX Series device? (Choose two.)
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
All interfaces involved in transparent mode are configured with which protocol family?
- A . mpls
- B . bridge
- C . inet
- D . ethernet ― switching
Exhibit
The exhibit shows a snippet of a security flow trace.
In this scenario, which two statements are correct? (Choose two.)
- A . This packet arrived on interface ge-0/0/4.0.
- B . Destination NAT occurs.
- C . The capture is a packet from the source address 172.20.101.10 destined to 10.0.1.129.
- D . An existing session is found in the table.
Exhibit
You configure a traceoptions file called radius on your returns the output shown in the exhibit
What is the source of the problem?
- A . An incorrect password is being used.
- B . The authentication order is misconfigured.
- C . The RADIUS server IP address is unreachable.
- D . The RADIUS server suffered a hardware failure.
You want to enroll an SRX Series device with Juniper ATP Appliance. There is a firewall device in the path between the devices.
In this scenario, which port should be opened in the firewall device?
- A . 8080
- B . 443
- C . 80
- D . 22
Which two types of source NAT translations are supported in this scenario? (Choose two.)
- A . translation of IPv4 hosts to IPv6 hosts with or without port address translation
- B . translation of one IPv4 subnet to one IPv6 subnet with port address translation
- C . translation of one IPv6 subnet to another IPv6 subnet without port address translation
- D . translation of one IPv6 subnet to another IPv6 subnet with port address translation
You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents.
Which security feature achieves this objective?
- A . infected host feeds
- B . encrypted traffic insights
- C . DNS security
- D . Secure Web Proxy
Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?
- A . The number of traffic selectors configured for the VPN.
- B . The number of CoS queues configured for the VPN.
- C . The number of classifiers configured for the VPN.
- D . The number of forwarding classes configured for the VPN.
Exhibit
You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.
In this scenario, which action will solve this problem?
- A . You must specify that the 172.25.1.1/24 IP address is the primary address on the ge-0/0/1 interface.
- B . You must apply the firewall filter to the lo0 interface when using filter-based forwarding.
- C . You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.
- D . You must create the static default route to neighbor 172.21 0.2 under the ISP-1 routing instance hierarchy.
Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic.
How many IKE security associations are required between the IPsec peers in this scenario?
- A . 1
- B . 3
- C . 4
- D . 2