ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Ask QuestionAsk Question

JN0-636: Security, Professional

Security, Professional
Vendor:

Juniper

Security, Professional Exam Questions: 115
Security, Professional   2.370 Learners
Take Practice Tests
Comming soon
PDF | VPLUS

Exam Number: JN0-636

Exam Name: Security, Professional

Length of test: 90 mins

Exam Format: Multiple-choice, Drag and Drop, and HOTSPOT questions.

Exam Language: English

Number of questions in the actual exam: 65 questions

Passing Score: 70%

Topics Covered:

  • Troubleshooting Security Policies and Security Zones: Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones.

  • Logical Systems and Tenant Systems: Describe the concepts, operations, or functionalities of logical systems and tenant systems.

  • Layer 2 Security: Describe the concepts, operations, or functionalities of Layer 2 Security, including transparent mode, mixed mode, secure wire, MACsec, and Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) security.

  • Advanced Network Address Translation (NAT): Describe the concepts, operations, or functionalities of advanced NAT, including persistent NAT, DNS doctoring, and IPv6 NAT.

  • Advanced IPsec VPNs: Describe the concepts, operations, or functionalities of advanced IPsec VPNs, including hub-and-spoke VPNs, Public Key Infrastructure (PKI), auto discovery VPNs (ADVPNs), and IPsec Class of Service (CoS).

  • Advanced Policy-Based Routing (APBR): Describe the concepts, operations, or functionalities of advanced policy-based routing, including profiles, policies, routing instances, and APBR options.

  • Multinode High Availability (HA): Describe the concepts, operations, or functionalities of multinode HA, including chassis cluster versus multinode HA, deployment modes, and services redundancy group (SRG).

This study guide should help you understand what to expect on the JN0-636 exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

Related questions

Question

Report
Export
Collapse

Exhibit

You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit.

What is the correct action to solve the problem on the SRX device?

A.
Create a firewall filter to accept the BGP traffic
A.
Create a firewall filter to accept the BGP traffic
Answers
B.
Configure destination NAT for BGP traffic.
B.
Configure destination NAT for BGP traffic.
Answers
C.
Add BGP to the Allowed host-inbound-traffic for the interface
C.
Add BGP to the Allowed host-inbound-traffic for the interface
Answers
D.
Modify the security policy to allow the BGP traffic.
D.
Modify the security policy to allow the BGP traffic.
Answers
Suggested answer: C

Explanation:

According to the security flow trace in the exhibit, the packets are dropped for self but not interested. This means that the SRX device is receiving packets destined to itself, but it does not have the corresponding service configured in the host-inbound-traffic stanza for the interface1. In this case, the service is BGP, which uses TCP port 179. Therefore, the correct action to solve the problem on the SRX device is to add BGP to the allowed host-inbound-traffic for the interface. This can be done by using the following command:

set security zones security-zone <zone-name> interfaces <interface-name> host-inbound-traffic system-services bgp

This command will allow the SRX device to accept BGP packets on the specified interface and zone. Alternatively, the command can be applied to all interfaces in a zone by using the allinterfaces option2.

Reference: 1: SRX Getting Started - Troubleshoot Security Policy 2: Configuring System Services Allowed for Host Inbound Traffic

asked 18/09/2024
Corey Workman
35 questions

Question

Report
Export
Collapse

Refer to the Exhibit:

which two statements about the configuration shown in the exhibit are correct ?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

Your company uses non-Juniper firewalls and you are asked to provide a Juniper solution for zero-day malware protection. Which solution would work in this scenario?

A.
Juniper ATP Cloud
A.
Juniper ATP Cloud
Answers
B.
Juniper Secure Analytics
B.
Juniper Secure Analytics
Answers
C.
Juniper ATP Appliance
C.
Juniper ATP Appliance
Answers
D.
Juniper Security Director
D.
Juniper Security Director
Answers
Suggested answer: A

Explanation:

Juniper ATP Cloud provides zero-day malware protection for non-Juniper firewalls. It's a cloud-based service that analyzes files and network traffic to detect and prevent known and unknown (zero-day) threats. It uses a combination of static and dynamic analysis techniques, as well as machine learning, to detect and block malicious files, even if they are not known to traditional anti-virus software. It also provides real-time visibility and detailed forensics for incident response and remediation.

asked 18/09/2024
Alper Atar
43 questions

Question

Report
Export
Collapse

Which three type of peer devices are supported for Cos-Based IPsec VPN?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

A.
The SRX-1 device can use the Proxy__Nodes feed in another security policy.
A.
The SRX-1 device can use the Proxy__Nodes feed in another security policy.
Answers
B.
You can use the Proxy_Nodes feed as the source-address and destination-address match criteria of another security policy on a different SRX Series device.
B.
You can use the Proxy_Nodes feed as the source-address and destination-address match criteria of another security policy on a different SRX Series device.
Answers
C.
The SRX-1 device creates the Proxy_wodes feed, so it cannot use it in another security policy.
C.
The SRX-1 device creates the Proxy_wodes feed, so it cannot use it in another security policy.
Answers
D.
You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device.
D.
You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device.
Answers
Suggested answer: C, D

Explanation:

The exhibit shows the output of the show security intelligence category summary command on the SRX-1 device. This command displays the status of the security intelligence categories configured on the device. In the output, we can see that there are two categories configured - Proxy_Nodes and Proxy_Node3. The Proxy_Nodes category is a custom category that is created by the SRX-1 device using the adaptive threat profiling feature. The Proxy_Node3 category is a third-party category that is downloaded from the Juniper ATP Cloud service. The Proxy_Nodes category contains the IP addresses that match the security policy named Proxy-ATP on the SRX-1 device. The Proxy_Node3 category contains the IP addresses that are associated with the Tor network.

The two statements that are true based on the exhibit are:

The SRX-1 device creates the Proxy_Nodes feed, so it cannot use it in another security policy. This is because the adaptive threat profiling feature does not allow the device that creates the feed to use it in another security policy. The feed is intended to be shared with other devices in the same realm through the Juniper ATP Cloud service. The SRX-1 device can only use the feeds that are created by other devices or downloaded from third-party sources.

You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device. This is because the Proxy_Node3 feed is a third-party feed that is downloaded from the Juniper ATP Cloud service. The SRX-1 device can use this feed as a dynamic address object in its security policies. However, the feed is configured with the destinationonly option, which means that it can only be used as the destination-address match criteria of a security policy. The source-address match criteria of a security policy cannot use this feed.

Reference: Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/showsecurity-intelligence-category-summary.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-intelligence-thirdparty-feed-configuring.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-adaptive-threatprofiling-overview.html

asked 18/09/2024
Bartosz Szewczyk
37 questions

Question

Report
Export
Collapse

Exhibit

You are trying to configure an IPsec tunnel between SRX Series devices in the corporate office and branch1. You have committed the configuration shown in the exhibit, but the IPsec tunnel is not establishing.

In this scenario, what would solve this problem.

A.
Add multipoint to the st0.0 interface configuration on the branch1 device.
A.
Add multipoint to the st0.0 interface configuration on the branch1 device.
Answers
B.
Change the IKE proposal-set to compatible on the branch1 and corporate devices.
B.
Change the IKE proposal-set to compatible on the branch1 and corporate devices.
Answers
C.
Change the local identity to inet advpn on the branch1 device.
C.
Change the local identity to inet advpn on the branch1 device.
Answers
D.
Change the IKE mode to aggressive on the branch1 and corporate devices.
D.
Change the IKE mode to aggressive on the branch1 and corporate devices.
Answers
Suggested answer: C

Explanation:

According to the Juniper documentation, the local identity for an IPsec VPN tunnel must match the remote identity of the peer device. The local identity can be configured as an IP address, a hostname, a distinguished name, or an advpn identifier. The advpn identifier is used for dynamic VPNs that support multiple remote endpoints. In the exhibit, the corporate device has the local identity configured as inet advpn, which means it expects the branch1 device to have the same remote identity. However, the branch1 device has the local identity configured as inet, which does not match the corporate device's remote identity. Therefore, the IKE negotiation fails and the IPsec tunnel is not established. To solve this problem, the local identity on the branch1 device should be changed to inet advpn, so that it matches the corporate device's remote identity. Reference: [Configuring an IKE Gateway] 1, [Configuring Local and Remote Identities] 2

1: https://www.juniper.net/documentation/us/en/software/junos/vpnipsec/topics/task/configuration/security-ike-gateway-configuring.html 2:

https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topicmap/security-ipsec-vpn-identities.html

asked 18/09/2024
Dylan Johnson
42 questions

Question

Report
Export
Collapse

To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)

A.
cache lookup: to see if the file is seen already and known to be malicious
A.
cache lookup: to see if the file is seen already and known to be malicious
Answers
B.
antivirus scan: with a single vendor solution to see if the file contains any potential threats
B.
antivirus scan: with a single vendor solution to see if the file contains any potential threats
Answers
C.
dynamic analysis: to see what happens if you execute the file in a real environment
C.
dynamic analysis: to see what happens if you execute the file in a real environment
Answers
D.
static analysis: to see what happens if you execute the file in a real environment
D.
static analysis: to see what happens if you execute the file in a real environment
Answers
Suggested answer: A, C

Explanation:

Juniper ATP Cloud performs cache lookup to see if the file is seen already and known to be malicious and dynamic analysis to see what happens if you execute the file in a real environment.

Cache lookup is one of the functions that Juniper ATP Cloud performs to analyze and detect malware.

Cache lookup is the first step in the pipeline approach that Juniper ATP Cloud uses to examine files.

Cache lookup checks whether the file has been seen before and whether it has a stored verdict in the database. If the file is known to be malicious, the verdict is returned to the SRX Series Firewall and the file is dropped. If the file is not found in the cache, the analysis continues with the other techniques1.

Dynamic analysis is another function that Juniper ATP Cloud performs to analyze and detect malware. Dynamic analysis runs the file in a sandbox environment and observes its behavior and actions. Dynamic analysis can reveal the hidden or obfuscated functionality of malware, such as network connections, file modifications, registry changes, and process injections. Dynamic analysis can also detect zero-day threats and evasive malware that try to avoid static analysis1.

Reference:

How is Malware Analyzed and Detected? | ATP Cloud | Juniper Networks

asked 18/09/2024
Saikhantsetseg Donnelly
38 questions

Question

Report
Export
Collapse

You must setup a Ddos solution for your ISP. The solution must be agile and not block legitimate traffic.

Which two products will accomplish this task? (Choose two.)

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.

What would be a cause of this problem?

Become a Premium Member for full access
Unlock Premium Member  Unlock Premium Member

Question

Report
Export
Collapse

While troubleshooting security policies, you added the count action. Where do you see the result of this action?

A.
In the show security policies hit-count command output.
A.
In the show security policies hit-count command output.
Answers
B.
In the show security flow statistics command output.
B.
In the show security flow statistics command output.
Answers
C.
In the show security policies detail command output.
C.
In the show security policies detail command output.
Answers
D.
In the show firewall log command output.
D.
In the show firewall log command output.
Answers
Suggested answer: C

Explanation:

The result of adding the count action to a security policy can be seen in the show security policies detail command output. The count action is a feature that allows you to enable statistics collection for sessions that enter the device for a given policy, and for the number of packets and bytes that pass through the device in both directions for a given policy. The count action can help you to monitor the traffic that matches a security policy and to troubleshoot security policy issues. The show security policies detail command displays the detailed information about the security policies configured on the device, including the count statistics. The output shows the number of packets and bytes that have been processed by the policy in both directions, as well as the number of sessions that have been created by the policy. You can use this command to verify that the count action is working as expected and to see the traffic volume and session count for each policy. Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/showsecurity-policies-detail.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-policy-countoverview.html

asked 18/09/2024
Jim Balkwill
44 questions
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium