JN0-636: Security, Professional
Exam Number: JN0-636
Exam Name: Security, Professional
Length of test: 90 mins
Exam Format: Multiple-choice, Drag and Drop, and HOTSPOT questions.
Exam Language: English
Number of questions in the actual exam: 65 questions
Passing Score: 70%
Topics Covered:
-
Troubleshooting Security Policies and Security Zones: Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones.
-
Logical Systems and Tenant Systems: Describe the concepts, operations, or functionalities of logical systems and tenant systems.
-
Layer 2 Security: Describe the concepts, operations, or functionalities of Layer 2 Security, including transparent mode, mixed mode, secure wire, MACsec, and Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) security.
-
Advanced Network Address Translation (NAT): Describe the concepts, operations, or functionalities of advanced NAT, including persistent NAT, DNS doctoring, and IPv6 NAT.
-
Advanced IPsec VPNs: Describe the concepts, operations, or functionalities of advanced IPsec VPNs, including hub-and-spoke VPNs, Public Key Infrastructure (PKI), auto discovery VPNs (ADVPNs), and IPsec Class of Service (CoS).
-
Advanced Policy-Based Routing (APBR): Describe the concepts, operations, or functionalities of advanced policy-based routing, including profiles, policies, routing instances, and APBR options.
-
Multinode High Availability (HA): Describe the concepts, operations, or functionalities of multinode HA, including chassis cluster versus multinode HA, deployment modes, and services redundancy group (SRG).
This study guide should help you understand what to expect on the JN0-636 exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
Related questions
Exhibit
You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit.
What is the correct action to solve the problem on the SRX device?
According to the security flow trace in the exhibit, the packets are dropped for self but not interested. This means that the SRX device is receiving packets destined to itself, but it does not have the corresponding service configured in the host-inbound-traffic stanza for the interface1. In this case, the service is BGP, which uses TCP port 179. Therefore, the correct action to solve the problem on the SRX device is to add BGP to the allowed host-inbound-traffic for the interface. This can be done by using the following command:
set security zones security-zone <zone-name> interfaces <interface-name> host-inbound-traffic system-services bgp
This command will allow the SRX device to accept BGP packets on the specified interface and zone. Alternatively, the command can be applied to all interfaces in a zone by using the allinterfaces option2.
Reference: 1: SRX Getting Started - Troubleshoot Security Policy 2: Configuring System Services Allowed for Host Inbound Traffic
Refer to the Exhibit:
which two statements about the configuration shown in the exhibit are correct ?
Your company uses non-Juniper firewalls and you are asked to provide a Juniper solution for zero-day malware protection. Which solution would work in this scenario?
Which three type of peer devices are supported for Cos-Based IPsec VPN?
Exhibit
Referring to the exhibit, which two statements are true? (Choose two.)
Exhibit
You are trying to configure an IPsec tunnel between SRX Series devices in the corporate office and branch1. You have committed the configuration shown in the exhibit, but the IPsec tunnel is not establishing.
In this scenario, what would solve this problem.
To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)
Juniper ATP Cloud performs cache lookup to see if the file is seen already and known to be malicious and dynamic analysis to see what happens if you execute the file in a real environment.
Cache lookup is one of the functions that Juniper ATP Cloud performs to analyze and detect malware.
Cache lookup is the first step in the pipeline approach that Juniper ATP Cloud uses to examine files.
Cache lookup checks whether the file has been seen before and whether it has a stored verdict in the database. If the file is known to be malicious, the verdict is returned to the SRX Series Firewall and the file is dropped. If the file is not found in the cache, the analysis continues with the other techniques1.
Dynamic analysis is another function that Juniper ATP Cloud performs to analyze and detect malware. Dynamic analysis runs the file in a sandbox environment and observes its behavior and actions. Dynamic analysis can reveal the hidden or obfuscated functionality of malware, such as network connections, file modifications, registry changes, and process injections. Dynamic analysis can also detect zero-day threats and evasive malware that try to avoid static analysis1.
Reference:
How is Malware Analyzed and Detected? | ATP Cloud | Juniper Networks
You must setup a Ddos solution for your ISP. The solution must be agile and not block legitimate traffic.
Which two products will accomplish this task? (Choose two.)
You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.
What would be a cause of this problem?
While troubleshooting security policies, you added the count action. Where do you see the result of this action?
Question