ExamGecko
Search Search Login
Home Home / Juniper / JN0-636

Juniper JN0-636 Practice Test - Questions Answers, Page 12

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
Exhibit Referring to the exhibit, which three statements are true? (Choose three.)

Question 111

Report
Export
Collapse

Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

A.
The c-1 TSYS has a reservation for the security flow resource.
A.
The c-1 TSYS has a reservation for the security flow resource.
Answers
B.
The c-1 TSYS can use security flow resources up to the system maximum.
B.
The c-1 TSYS can use security flow resources up to the system maximum.
Answers
C.
The c-1 TSYS cannot use any security flow resources.
C.
The c-1 TSYS cannot use any security flow resources.
Answers
D.
The c-1 TSYS has no reservation for the security flow resource.
D.
The c-1 TSYS has no reservation for the security flow resource.
Answers
Suggested answer: C, D

Explanation:

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-profile-logicalsystem.html

Question 112

Report
Export
Collapse

You are asked to look at a configuration that is designed to take all traffic with a specific source ip address and forward the traffic to a traffic analysis server for further evaluation. The configuration is no longer working as intended.

Referring to the exhibit which change must be made to correct the configuration?

A.
Apply the filter as in input filter on interface xe-0/2/1.0
A.
Apply the filter as in input filter on interface xe-0/2/1.0
Answers
B.
Apply the filter as in input filter on interface xe-0/0/1.0
B.
Apply the filter as in input filter on interface xe-0/0/1.0
Answers
C.
Create a routing instance named default
C.
Create a routing instance named default
Answers
D.
Apply the filter as in output filter on interface xe-0/1/0.0
D.
Apply the filter as in output filter on interface xe-0/1/0.0
Answers
Suggested answer: B

Question 113

Report
Export
Collapse

You are asked to deploy Juniper atp appliance in your network. You must ensure that incidents and alerts are sent to your SIEM.

In this scenario, which logging output format is supported?

A.
WELF
A.
WELF
Answers
B.
JSON
B.
JSON
Answers
C.
CEF
C.
CEF
Answers
D.
binay
D.
binay
Answers
Suggested answer: C

Explanation:

The Juniper ATP Appliance platform collects, inspects and analyzes advanced and stealthy web, file, and email-based threats that exploit and infiltrate client browsers, operating systems, emails and applications. Juniper ATP Appliance's detection of malicious attacks generates incident and event details that can be sent to connected SIEM platforms in CEF, LEEF or Syslog formats1. CEF (Common Event Format) is an open log management standard that improves the interoperability of securityrelated information from different vendors2. Juniper ATP Appliance supports CEF format for sending events and system audit notifications to SIEM servers. You can configure the CEF format in the Juniper ATP Appliance Central Manager WebUI Config > Notifications > SIEM Settings1. Therefore, the correct answer is C. CEF is a supported logging output format for Juniper ATP Appliance. The other options are incorrect because:

A) WELF (WebTrends Enhanced Log Format) is a proprietary log format developed by WebTrends Corporation for web analytics3. Juniper ATP Appliance does not support WELF format for SIEM integration.

B) JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans and machines to read and write4. Juniper ATP Appliance supports JSON format for HTTP API results, but not for SIEM notifications1.

D) Binary is a numeric system that uses only two digits: 0 and 1. Binary is not a logging output format for Juniper ATP Appliance or any SIEM platform.

Reference:

SIEM Syslog, LEEF and CEF Logging

Common Event Format Configuration Guide

WebTrends Enhanced Log Format

JSON

Question 114

Report
Export
Collapse

Exhibit:

The security trace options configuration shown in the exhibit is committed to your SRX series firewall.

Which two statements are correct in this Scenario? (Choose Two)

A.
The file debugger will be readable by all users.
A.
The file debugger will be readable by all users.
Answers
B.
Once the trace has generated 10 log files, older logs will be overwritten.
B.
Once the trace has generated 10 log files, older logs will be overwritten.
Answers
C.
Once the trace has generated 10 log files, the trace process will halt.
C.
Once the trace has generated 10 log files, the trace process will halt.
Answers
D.
The file debugger will be readable only by the user who committed this configuration
D.
The file debugger will be readable only by the user who committed this configuration
Answers
Suggested answer: B, D

Explanation:

The security trace options configuration shown in the exhibit is committed to your SRX series firewall.

The following statements are correct in this scenario:

B) Once the trace has generated 10 log files, older logs will be overwritten. The files option in the traceoptions statement specifies the maximum number of trace files to keep. When a trace file reaches its maximum size, it is renamed with a numeric suffix, such as kmd.0, kmd.1, and so on, until the maximum number of files is reached. Then the oldest trace file is overwritten by the newest one. In this case, the files option is set to 10, which means that the trace will generate 10 log files and then overwrite the older ones1.

D) The file debugger will be readable only by the user who committed this configuration. The file option in the traceoptions statement specifies the name of the trace file and the permissions for the file. The permissions can be either world-readable or owner-readable. In this case, the file option is set to debugger owner-readable, which means that the trace file will be named debugger and will be readable only by the user who committed the configuration1.

The other statements are incorrect because:

A) The file debugger will not be readable by all users, but only by the user who committed this configuration, as explained above.

C) The trace will not halt after generating 10 log files, but will continue to overwrite the older ones, as explained above.

Reference:

traceoptions (Security)

Question 115

Report
Export
Collapse

Exhibit:

Referring to the exhibit, which two statements are correct?

A.
All of the entries are a threat level 8
A.
All of the entries are a threat level 8
Answers
B.
All of the entries are command and control entries.
B.
All of the entries are command and control entries.
Answers
C.
All of the entries are Dshield entries
C.
All of the entries are Dshield entries
Answers
D.
All of the entries are a threat level 10.
D.
All of the entries are a threat level 10.
Answers
Suggested answer: B, C

Explanation:

Referring to the exhibit, the following statements are correct:

B) All of the entries are command and control entries. Command and control entries are dynamic addresses that represent the IP addresses of servers that are used by malware to communicate with infected hosts. The SRX Series device can block or log the traffic to or from these IP addresses based on the security policies. The exhibit shows that all of the entries have the category DC/1, which stands for command and control1.

C) All of the entries are Dshield entries. Dshield is a feed source that provides a list of IP addresses that are associated with malicious activities, such as scanning, spamming, or attacking. The SRX

Series device can download the Dshield feed and use it to populate the dynamic address entries. The exhibit shows that all of the entries have the feed dshield, which indicates that they are from the Dshield feed source2.

The other statements are incorrect because:

A) All of the entries are not a threat level 8, but a threat level 10. The threat level is a numeric value that indicates the severity of the threat associated with a dynamic address entry. The higher the threat level, the more dangerous the threat. The SRX Series device can use the threat level to prioritize the actions for the dynamic address entries. The exhibit shows that all of the entries have the cc CN, which stands for country code China. According to the Juniper documentation, the country code China has a threat level of 10, which is the highest.

D) All of the entries are not a threat level 10, but they are. See the explanation for option A.

Reference:

Understanding Dynamic Address Categories

Understanding Dynamic Address Feed Sources

[Understanding Dynamic Address Threat Levels]

Total 115 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms