Juniper JN0-637 Practice Test - Questions Answers, Page 10
Question list
List of questions
Related questions
You need to generate a certificate for a PKI-based site-to-site VPN. The peer is expecting to
user your domain name vpn.juniper.net.
Which two configuration elements are required when you generate your certificate request? (Chose two,)
ip-address 10.100.0.5
subject CN=vpn.juniper.net
email [email protected]
domain-name vpn.juniper.net
You configured two SRX series devices in an active/passive multimode HA setup.
In this scenario, which statement is correct?
Both devices are in the passive state until the activeness determination process is completed.
Both devices start in a hold state until the activeness determination process is completed.
Both devices start in the undiscovered state until the activeness determination process is completed.
Both devices are in the active state until the activeness determine determination process is completed.
Which two statements about transparent mode and Ethernet switching mode on an SRX series
device are correct.
In Ethernet switching mode, Layer 2 interfaces must be placed in a security zone.
In Ethernet switching mode, IRB interfaces must be placed in a security zone.
In transparent mode, Layer 2 interfaces must be placed in a security zone.
In transparent mode, IRB interfaces must be placed in a security zone.
A customer wants to be able to initiate a return connection to an internal host from a specific
Server.
Which NAT feature would you use in this scenario?
target-host
any-remote-host
port-overloading
target-server
You are using AutoVPN to deploy a hub-and-spoke VPN to connect your enterprise sites.
In this scenario, which two statements are true? (Choose two.)
New spoke sites can be added without explicit configuration on the hub.
Direct spoke-to-spoke tunnels can be established automatically.
All spoke-to-spoke IPsec communication will pass through the hub.
AutoVPN requires OSPF over IPsec to discover and add new spokes.
You are configuring advanced policy-based routing. You have created a static route with next
hop of an interface in your inet.0 routing table
Referring to the exhibit, what should be changed to solve this issue?
You should change the routing instance type to virtual-router.
You should move the static route configuration to the main routing instance.
You should move the inet. o table before the routing instance table in your rib-groups configuration.
You should delete the interface-routes configuration under the routing-options hierarchy.
What are three attributes that APBR queries from the application system cache module. (Choose Three)
TTL
destination port
service
DSCP
protocol type
Which two statements about policy enforcer and the forescout integration are true? (Choose two)
802.1X authenticated devices are supported.
802.1X authenticated devices are not supported.
A Forescout CounterACT agent must be installed on third-party devices
A Forescout CounterACT agent is agentless and does not need to be installed on third-party device
Which three statements about persistent NAT are correct? (Choose Three)
New sessions can only be initiated from a source towards the reflexive address.
New sessions can be initiated from a destination towards the reflexive address.
Persistent NAT only applies to source NAT.
All requests from an internal address are mapped to the same reflexive address.
Persistent NAT applies to both destination and source NAT.
You Implement persistent NAT to allow any device on the external side of the firewall to
initiate traffic.
Referring to the exhibit, which statement is correct?
The target-host parameter should be used instead of the any-remote-host parameter.
The port-overloading parameter needs to be turned off in the NAT source interface configuration
The target-host-port parameter should be used instead of the any-remote-host parameter
The any-remote-host parameter does not support interface-based NAT and needs an IP pod to work.
Question