ExamGecko
Search Search Login
Home Home / Juniper / JN0-636

Juniper JN0-636 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output: What is the problem in this scenario?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).

Question 81

Report
Export
Collapse

You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to ensure remote users can access the webserver.Which two statements are true in this scenario?

(Choose two.)

A.
The DNS doctoring ALG is not enabled by default.
A.
The DNS doctoring ALG is not enabled by default.
Answers
B.
The Proxy ARP feature must be configured.
B.
The Proxy ARP feature must be configured.
Answers
C.
The DNS doctoring ALG is enabled by default.
C.
The DNS doctoring ALG is enabled by default.
Answers
D.
The DNS CNAME record is translated.
D.
The DNS CNAME record is translated.
Answers
Suggested answer: B, C

Question 82

Report
Export
Collapse

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.

What would be a cause of this problem?

A.
The collector must have a minimum of two interfaces.
A.
The collector must have a minimum of two interfaces.
Answers
B.
The collector must have a minimum of three interfaces.
B.
The collector must have a minimum of three interfaces.
Answers
C.
The collector must have a minimum of five interfaces.
C.
The collector must have a minimum of five interfaces.
Answers
D.
The collector must have a minimum of four interfaces.
D.
The collector must have a minimum of four interfaces.
Answers
Suggested answer: D

Explanation:

https://www.juniper.net/documentation/en_US/releaseindependent/jatp/topics/task/configuration/jatp-traffic-collectorsetting-ssh-honeypotdetection.html

Question 83

Report
Export
Collapse

You must implement an IPsec VPN on an SRX Series device using PKI certificates for authentication.

As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority.

In this scenario, which statement is correct.

A.
You can use CRL to accomplish this behavior.
A.
You can use CRL to accomplish this behavior.
Answers
B.
You can use SCEP to accomplish this behavior.
B.
You can use SCEP to accomplish this behavior.
Answers
C.
You can use OCSP to accomplish this behavior.
C.
You can use OCSP to accomplish this behavior.
Answers
D.
You can use SPKI to accomplish this behavior.
D.
You can use SPKI to accomplish this behavior.
Answers
Suggested answer: B

Explanation:

Certificate Renewal

The renewal of certificates is much the same as initial certificate enrollment except you are just replacing an old certificate (about to expire) on the VPN device with a new certificate. As with the initial certificate request, only manual renewal is supported. SCEP can be used to re-enroll local certificates automatically before they expire. Refer to Appendix D for more details.

Question 84

Report
Export
Collapse

Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

A.
Juniper Networks will not investigate false positives generated by this custom feed.
A.
Juniper Networks will not investigate false positives generated by this custom feed.
Answers
B.
The custom infected hosts feed will not overwrite the Sky ATP infected host's feed.
B.
The custom infected hosts feed will not overwrite the Sky ATP infected host's feed.
Answers
C.
The custom infected hosts feed will overwrite the Sky ATP infected host's feed.
C.
The custom infected hosts feed will overwrite the Sky ATP infected host's feed.
Answers
D.
Juniper Networks will investigate false positives generated by this custom feed.
D.
Juniper Networks will investigate false positives generated by this custom feed.
Answers
Suggested answer: A, C

Explanation:

https://www.juniper.net/documentation/en_US/junos-space18.1/policyenforcer/topics/task/configuration/junos-space-policyenforcer-custom-feeds-infected-hostconfigure.html

Question 85

Report
Export
Collapse

You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU-name(s)>." error.

Which command would be used to solve the problem?

A.
request security polices resync
A.
request security polices resync
Answers
B.
request service-deployment
B.
request service-deployment
Answers
C.
request security polices check
C.
request security polices check
Answers
D.
restart security-intelligence
D.
restart security-intelligence
Answers
Suggested answer: A

Explanation:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30443&cat=SRX_SERIES&actp=LIST

Question 86

Report
Export
Collapse

Exhibit.

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.

Which two commands will solve this problem? (Choose two.)

A.
[edit interfaces]user@srx# delete st0.0 multipoint
A.
[edit interfaces]user@srx# delete st0.0 multipoint
Answers
B.
[edit security ike gateway advpn-gateway]user@srx# delete advpn partner
B.
[edit security ike gateway advpn-gateway]user@srx# delete advpn partner
Answers
C.
[edit security ike gateway advpn-gateway]user@srx# set version v1-only
C.
[edit security ike gateway advpn-gateway]user@srx# set version v1-only
Answers
D.
[edit security ike gateway advpn-gateway]user@srx# set advpn suggester disable
D.
[edit security ike gateway advpn-gateway]user@srx# set advpn suggester disable
Answers
Suggested answer: B, D

Explanation:

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discoveryvpns.html

Question 87

Report
Export
Collapse

You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.

In this scenario, which VPN should be used?

A.
An IPsec group VPN with the corporate firewall acting as the hub device.
A.
An IPsec group VPN with the corporate firewall acting as the hub device.
Answers
B.
Full mesh IPsec VPNs with tunnels between all sites.
B.
Full mesh IPsec VPNs with tunnels between all sites.
Answers
C.
A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
C.
A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
Answers
D.
A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
D.
A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
Answers
Suggested answer: A

Explanation:

https://www.juniper.net/us/en/local/pdf/app-notes/3500202-en.pdf

Question 88

Report
Export
Collapse

You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in this scenario?

A.
The NAT rule with translate the source and destination addresses.
A.
The NAT rule with translate the source and destination addresses.
Answers
B.
The NAT rule will only translate two addresses at a time.
B.
The NAT rule will only translate two addresses at a time.
Answers
C.
The NAT rule in applied to the N/A routing instance.
C.
The NAT rule in applied to the N/A routing instance.
Answers
D.
10 packets have been processed by the NAT rule.
D.
10 packets have been processed by the NAT rule.
Answers
Suggested answer: A

Question 89

Report
Export
Collapse

You are asked to share threat intelligence from your environment with third party tools so that those tools can be identify and block lateral threat propagation from compromised hosts.

Which two steps accomplish this goal? (Choose Two)

A.
Configure application tokens in the SRX Series firewalls to limit who has access
A.
Configure application tokens in the SRX Series firewalls to limit who has access
Answers
B.
Enable Juniper ATP Cloud to share threat intelligence
B.
Enable Juniper ATP Cloud to share threat intelligence
Answers
C.
Configure application tokens in the Juniper ATP Cloud to limit who has access
C.
Configure application tokens in the Juniper ATP Cloud to limit who has access
Answers
D.
Enable SRX Series firewalls to share Threat intelligence with third party tool.
D.
Enable SRX Series firewalls to share Threat intelligence with third party tool.
Answers
Suggested answer: B, C

Explanation:

To share threat intelligence from your environment with third party tools, you need to enable Juniper

ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. The other options are incorrect because:

A) Configuring application tokens in the SRX Series firewalls is not necessary or sufficient to share threat intelligence with third party tools. Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API, which can be used to perform various operations such as submitting files, querying C&C feeds, and managing allowlists and blocklists1. However, to share threat intelligence with third party tools, you need to enable the TAXII service in the Juniper ATP Cloud, which is a different protocol for exchanging threat information2.

D) Enabling SRX Series firewalls to share threat intelligence with third party tools is not possible or supported. SRX Series firewalls can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic3. However, SRX Series firewalls cannot directly share threat intelligence with third party tools.

You need to use the Juniper ATP Cloud as the intermediary for threat intelligence sharing.

Therefore, the correct answer is B and C. You need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. To do so, you need to perform the following steps:

Enable and configure the TAXII service in the Juniper ATP Cloud. TAXII (Trusted Automated eXchange of Indicator Information) is a protocol for communication over HTTPS of threat information between parties. STIX (Structured Threat Information eXpression) is a language used for reporting and sharing threat information using TAXII. Juniper ATP Cloud can contribute to STIX reports by sharing the threat intelligence it gathers from file scanning. Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention2. To enable and configure the TAXII service, you need to select Configure > Threat Intelligence Sharing in the Juniper ATP Cloud WebUI, move the knob to the right to Enable TAXII, and move the slidebar to designate a file sharing threshold2.

Configure application tokens in the Juniper ATP Cloud. Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API and the TAXII service. You can create and manage application tokens in the Juniper ATP Cloud WebUI by selecting Configure > Application Tokens. You can specify the name, description, expiration date, and permissions of each token. You can also revoke or delete tokens as needed. You can use the application tokens to limit who has access to your shared threat intelligence by granting or denying permissions to the TAXII service1.

Reference:

Threat Intelligence Open API Setup Guide

Configure Threat Intelligence Sharing

About Juniper Advanced Threat Prevention Cloud

Question 90

Report
Export
Collapse

You want to enable inter-tenant communica on with tenant system.

In this Scenario, Which two solutions will accomplish this task?

A.
interconnect EVPN switch
A.
interconnect EVPN switch
Answers
B.
interconnect VPLS switch
B.
interconnect VPLS switch
Answers
C.
external router
C.
external router
Answers
D.
logical tunnel interface
D.
logical tunnel interface
Answers
Suggested answer: C, D

Explanation:

To enable inter-tenant communication with tenant system, you need to use an external router or a logical tunnel interface. The other options are incorrect because:

A) Interconnecting EVPN switch is not a valid solution for inter-tenant communication with tenant system. EVPN (Ethernet VPN) is a technology that provides layer 2 connectivity over an IP network. It can be used to connect different logical systems on the same device, but not tenant systems. Tenant systems are isolated from each other and do not share the same layer 2 domain1.

B) Interconnecting VPLS switch is also not a valid solution for inter-tenant communication with tenant system. VPLS (Virtual Private LAN Service) is another technology that provides layer 2 connectivity over an IP network. It can also be used to connect different logical systems on the same device, but not tenant systems. Tenant systems are isolated from each other and do not share the same layer 2 domain1.

Therefore, the correct answer is C and D. You need to use an external router or a logical tunnel interface to enable inter-tenant communication with tenant system. To do so, you need to perform the following steps:

For external router, you need to connect the external router to the interfaces of the tenant systems that you want to communicate with. You also need to configure the routing protocols and policies on the external router and the tenant systems to exchange routes and traffic. The external router acts as a gateway between the tenant systems and provides layer 3 connectivity2.

For logical tunnel interface, you need to create a logical tunnel interface on the device and assign it to a tenant system. You also need to configure the IP address and routing protocols on the logical tunnel interface and the tenant systems that you want to communicate with. The logical tunnel interface acts as a virtual link between the tenant systems and provides layer 3 connectivity3.

Reference:

Tenant Systems Overview

Example: Configuring Inter-Tenant Communication Using External Router

Example: Configuring Inter-Tenant Communication Using Logical Tunnel Interface

Total 115 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms