Juniper JN0-637 Practice Test - Questions Answers, Page 11
Question list
List of questions
Related questions
Which two statements about the differences between chassis cluster and multinode HA on
SRX series devices are true? (Choose Two)
Multinode HA member nodes require Layer 2 connectivity.
Multinode HA supports Layer 2 and Layer 3 connectivity between nodes.
Multinode HA requires Layer 3 connectivity between nodes.
Chassis cluster member nodes require Layer 2 connectivity.
Referring to the exhibit, you are assigned the tenantSYS1 user credentials on an SRX series
device.
In this scenario, which two statements are correct? (Choose two.)
When you log in to the device, you will be located at the operational mode of the main system hierarchy.
When you log in to the device, you will be located at the operational mode of the Tenant.SY51 logical system hierarchy.
When you log in to the device, you will be permitted to view only the routing tables for the Tenant SYS1 logical system.
When you log in to the device, you will be permitted to view all routing tables available on the on an SYS1 Series device.
A user reports that a specific application is not working properly. This application makes
multiple connection to the server and must have the same address every time from a pool and this behavior needs to be changed.
What would solve this problem?
Use STUN.
Use DNS doctoring.
Use the address-persistent parameter.
Use the persistent-nat parameter.
You have cloud deployments in Azure, AWS, and your private cloud. You have deployed
multicloud using security director with policy enforcer to. Which three statements are true in this scenario? (Choose three.)
You can run Juniper ATP scans only on traffic from your private cloud.
You can run Juniper ATP scans for all three domains.
You must secure the policies individually by domain.
The Policy Enforcer is able to flag infected hosts in all three domains.
You can simultaneously manage the security policies in all three domains.
Which two statements describe the behavior of logical systems? (Choose two.)
Each logical system shares the routing protocol process.
A default routing instance must be manually created for each logical system
Each logical system has a copy of the routing protocol process.
A default routing instance is automatically created for each logical system.
Which two statements are correct about advanced policy-based routing?
It can use the application system cache to route traffic.
The associated routing instance should be configured as a virtual router instance.
It cannot use the application system cache to route traffic.
The associated routing instance should be configured as a forwarding instance.
You have deployed a new site as shown in the exhibit. Hosts in the 10.10.10.0/24 network
must access the DB1 server. The DB1 server must also have internet access the DB1 server encrypted.
Which two configuration statements will be required as part of the configuration on SRX1 to satisfy this requirement? (Choose two)
set security macsec interfaces ge-0/0/1 connectivity association access-sw
set protocols 12-learning global mode transprent-bridge
set security forwarding-options secure-wire access-sw interface ge-0/0/1.0
set security macsec connectivity-association access-sw security-mode static-cak
Exhibit:
The Ipsec VPN does not establish when the peer initiates, but it does establish when the SRX
series device initiates. Referring to the exhibit, what will solve this problem?
IKE needs to be added for the host-inbound traffic on the VPN zone.
The screen configuration on the untrust zone needs to be modified.
IKE needs to be added to the host-inbound traffic directly on the ge-0/0/0 interface.
Application tracking on the untrust zone needs to be removed.
You are experiencing problem with your ADVPN tunnels getting established. The tunnel
and egress interface are located in different zone. What are two reasons for these problems? (Choose two.)
IKE is not an allowed protocol in the external interfaces' security zone.
IKE is not an allowed protocol in the tunnel endpoints' security zone.
OSPF is not an allowed protocol in the tunnel endpoints' security zone.
BGP is not an allowed protocol in the tunnel endpoints' security zone.
Which two statements are correct about DNS doctoring?
The DNS ALG must be disabled.
Proxy ARP is required if your NAT pool for the server is on the same subnet as the uplink interface.
Proxy ARP is required if your NAT pool for the server is on a different subnet as the uplink interface
The DNS ALG must be enabled.
Question