Exhibit Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)

CAK is not used for encryption and decryption of the MACsec session.

SAK is not generated using this key.

CAK is not used for encryption and decryption of the MACsec session.

SAK is successfully generated using this key.

CAK is used for encryption and decryption of the MACsec session.

SAK is not generated using this key.

Exhibit You are using ATP Cloud and notice that there is a host with a high number of ETI and C&C hits sourced from the same investigation and notice that some of the events have not been automatically mitigated.Referring to the exhibit, what is a reason for this behavior?

The infected host score is globally set above a threat level of 5.

The C&C events are false positives.

The infected host score is globally set bellow a threat level of 5.

The infected host score is globally set above a threat level of 5.

The ETI events are false positives.

You configured a chassis cluster for high availability on an SRX Series device and enrolled this HA cluster with the Juniper ATP Cloud. Which two statements are correct in this scenario? (Choose two.)

When enrolling your devices, you only need to enroll one node.

You must use the same license key on both cluster nodes.

You must use different license keys on both cluster nodes.

When enrolling your devices, you only need to enroll one node.

You must set up your HA cluster after enrolling your devices with Juniper ATP Cloud

You must use the same license key on both cluster nodes.

Exhibit You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.In this scenario, which action will solve this problem?

You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.

You must specify that the 172.25.1.1/24 IP address is the primary address on the ge-0/0/1 interface.

You must apply the firewall filter to the lo0 interface when using filter-based forwarding.

You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.

You must create the static default route to neighbor 172.21 0.2 under the ISP-1 routing instance hierarchy.

Exhibit Which statement is true about the output shown in the exhibit?

The SRX Series device is configured with flow-based IPv6 forwarding options.

The SRX Series device is configured with default security forwarding options.

The SRX Series device is configured with packet-based IPv6 forwarding options.

The SRX Series device is configured with flow-based IPv6 forwarding options.

The SRX Series device is configured to disable IPv6 packet forwarding.

The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain.What are two appropriate mitigation actions for the selected incident? (Choose two.)

Immediate response required: Wipe infected endpoint hosts.

The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain.What are two appropriate mitigation actions for the selected incident? (Choose two.)

Immediate response required: Block malware IP addresses (download server or CnC server)

Immediate response required: Wipe infected endpoint hosts.

Immediate response required: Deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected.

Not an urgent action: Use IVP to confirm if machine is infected.

Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?

The number of forwarding classes configured for the VPN.

The number of traffic selectors configured for the VPN.

The number of CoS queues configured for the VPN.

The number of classifiers configured for the VPN.

The number of forwarding classes configured for the VPN.

You are asked to determine if the 203.0.113.5 IP address has been added to the third-party security feed, DS hield, from Juniper Seclnte1. You have an SRX Series device that is using Seclnte1 feeds from Juniper ATP CloudWhich command will return this information?

show security dynamic—address category—name CC | match 203.0.113.5

show security dynamic—address category—name Infected—Hosts | match 203.0.113.5

show security dynamic-address category-name IP Filter I match 203.0.113.5

show Security dynamic-address category-name JWAS | match 203.0.113.5

You want to use selective stateless packet-based forwarding based on the source address.In this scenario, which command will allow traffic to bypass the SRX Series device flow daemon?

set firewall family inet filter bypass__f lowd term t1 then packet—mode

set firewall family inet filter bypaa3_flowd term t1 then skip—services accept

set firewall family inet filter bypass_flowd term t1 then routing-instance stateless

set firewall family inet filter bypas3_flowd term t1 then virtual-channel stateless

set firewall family inet filter bypass__f lowd term t1 then packet—mode

You are requested to enroll an SRX Series device with Juniper ATP Cloud.Which statement is correct in this scenario?

Juniper ATP Cloud uses a Junos OS op script to help you configure your SRX Series device to connect to the Juniper ATP Cloud service.

If a device is already enrolled in a realm and you enroll it in a new realm, the device data or configuration information is propagated to the new realm.

The only way to enroll an SRX Series device is to interact with the Juniper ATP Cloud Web portal.

When the license expires, the SRX Series device is disenrolled from Juniper ATP Cloud without a grace period

Juniper ATP Cloud uses a Junos OS op script to help you configure your SRX Series device to connect to the Juniper ATP Cloud service.

Exhibit Referring to the exhibit, which two statements are true? (Choose two.)

The data that traverses the ge-0/070 interface is secured by a secure association key.

The data that traverses the ge-070/0 interface cannot be intercepted and read by anyone.

The data that traverses the ge-0/070 interface is secured by a secure association key.

The data that traverses the ge-070/0 interface can be intercepted and read by anyone.

The data that traverses the ge-070/0 interface cannot be intercepted and read by anyone.

The data that traverses the ge-O/0/0 interface is secured by a connectivity association key.

While troubleshooting security policies, you added the count action. Where do you see the result of this action?

In the show security policies detail command output.

In the show security policies hit-count command output.

In the show security flow statistics command output.

In the show security policies detail command output.

In the show firewall log command output.

Exhibit Referring to the exhibit, which two statements are true? (Choose two.)

The 3uspiciou3_Endpoint3 feed is usable by any SRX Series device that is a part of the same realm as SRX-1

Juniper ATP Cloud automatically creates the 3uopi'cioua_Endpoints feed after you commit the security policy.

The 3uspicious_Endpoint3 feed is only usable by the SRX-1 device.

You must manually create the suspicious_Endpoint3 feed in the Juniper ATP Cloud interface.

The 3uspiciou3_Endpoint3 feed is usable by any SRX Series device that is a part of the same realm as SRX-1

Juniper ATP Cloud automatically creates the 3uopi'cioua_Endpoints feed after you commit the security policy.

You are asked to download and install the IPS signature database to a device operating in chassis cluster mode. Which statement is correct in this scenario?

You must download and install the IPS signature package on the primary node.

The first synchronization of the backup node and the primary node must be performed manually.

The first time you synchronize the IPS signature package from the primary node to the backup node, the primary node must be rebooted.

The IPS signature package must be downloaded and installed on the primary and backup nodes.

Click the Exhibit button. When attempting to enroll an SRX Series device to JATP, you receive the error shown in the exhibit.What is the cause of the error?

The SRX Series device does not have an IP address assigned to the interface that accesses JATP

The fxp0 IP address is not routable

The SRX Series device certificate does not match the JATP certificate

The SRX Series device does not have an IP address assigned to the interface that accesses JATP

A firewall is blocking HTTPS on fxp0

Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)

You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.

You must apply the dynamic address entry in a security policy.

You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.

You must create a dynamic address entry with the C&C category and the cc_offic365 value.

You must apply the dynamic address entry in a security policy.

You must apply the dynamic address entry in a security intelligence policy.

You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic.Which two statement are true in this scenario? (Choose two.)

Applying the filter will not achieve the desired result.

The filter should be applied as an input filter on the loopback interface.

The filter should be applied as an output filter on the loopback interface.

Applying the filter will achieve the desired result.

Applying the filter will not achieve the desired result.

The filter should be applied as an input filter on the loopback interface.

Exhibit. A hub member of an ADVPN is not functioning correctly.Referring the exhibit, which action should you take to solve the problem?

[edit interfaces]user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

[edit interfaces]root@vSRX-1# delete st0.0 multipoint

[edit interfaces]user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

[edit security]user@hub-1# set ike gateway advpn-gateway advpn suggester disable

[edit security]user@hub-1# delete ike gateway advpn-gateway advpn partner

Exhibit. Referring to the exhibit, which two statements are true? (Choose two.)

The configured solution allows IPv6 to IPv4 translation.

The configured solution allows IPv4 to IPv6 translation.

External hosts cannot initiate contact.

You opened a support ticket with JTAC for your Juniper ATP appliance. JTAC asks you to set up access to the device using the reverse SSH connection.Which three setting must be configured to satisfy this request?(Choose three.)

Create a temporary admin account.

Create a temporary root account.

Create a temporary admin account.

The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device.In this scenario, which two statements related to the feature are true? (Choose two.)

This feature does not capture transit traffic.

This feature is supported on both branch and high-end SRX Series devices.

This feature does not capture transit traffic.

This feature captures ICMP traffic to and from the SRX Series device.

This feature is supported on high-end SRX Series devices only.

This feature is supported on both branch and high-end SRX Series devices.

Juniper JN0-636 Practice Test 2 - Free Online Exam Prep & Questions

You want to enforce I DP policies on HTTP traffic.

In this scenario, which two actions must be performed on your SRX Series device? (Choose two )

Become a Premium Member for full access

Unlock Premium Member

Juniper JN0-636 Practice Test 2

Question

Juniper JN0-636 Practice Tests

Practice Tests