Juniper JN0-637 Practice Test - Questions Answers, Page 4
List of questions
Related questions
Which two statements are correct about the ICL in an active/active mode multinode HA environment? (Choose two.)
The ICL is strictly a Layer 2 interface.
The ICL uses a separate routing instance to communicate with remote multinode HA peers.
The ICL traffic can be encrypted.
The ICL is the local device management interface in a multinode HA environment.
Exhibit:
Your company uses SRX Series devices to establish an IPsec VPN that connects Site-1 and the HQ networks. You want VoIP traffic to receive priority over data traffic when it is forwarded across the VPN.
Which three actions should you perform in this scenario? (Choose three.)
Enable next-hop tunnel binding.
Create a firewall filter that identifies VoIP traffic and associates it with the correct forwarding class.
Configure CoS forwarding classes and scheduling parameters.
Enable the copy-outer-dscp parameter so that DSCP header values are copied to the tunneled packets.
Enable the multi-sa parameter to enable two separate IPsec SAs for the VoIP and data traffic.
Your IPsec tunnel is configured with multiple security associations (SAs). Your SRX Series device supports the CoS-based IPsec VPNs with multiple IPsec SAs feature. You are asked to configure CoS for this tunnel.
Which two statements are true in this scenario? (Choose two.)
The local and remote gateways do not need the forwarding classes to be defined in the same order.
A maximum of four forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.
The local and remote gateways must have the forwarding classes defined in the same order.
A maximum of eight forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.
The exhibit shows part of the flow session logs.
The existing session is found in the table, and the fast path process begins.
This packet arrives on interface ge-0/0/4.0.
Junos captures a TCP packet from source address 172.20.101.10 destined to 10.0.1.129.
Destination NAT occurs.
You have deployed automated threat mitigation using Security Director with Policy Enforcer, Juniper ATP Cloud, SRX Series devices, Forescout, and third-party switches.
In this scenario, which device is responsible for communicating directly to the third-party switches when infected hosts need to be blocked?
Forescout
Policy Enforcer
Juniper ATP Cloud
SRX Series device
Referring to the exhibit,
which two statements are correct about the NAT configuration? (Choose two.)
Both the internal and the external host can initiate a session after the initial translation.
Only a specific host can initiate a session to the reflexive address after the initial session.
Any external host will be able to initiate a session to the reflexive address.
The original destination port is used for the source port for the session.
You are using ADVPN to deploy a hub-and-spoke VPN to connect your enterprise sites.
Which two statements are true in this scenario? (Choose two.)
ADVPN creates a full-mesh topology.
IBGP routing is required.
OSPF routing is required.
Certificate-based authentication is required.
You want to create a connection for communication between tenant systems without using physical revenue ports on the SRX Series device.
What are two ways to accomplish this task? (Choose two.)
Use an external router.
Use an interconnect VPLS switch.
Use a secure wire.
Use a point-to-point logical tunnel.
An ADVPN configuration has been verified on both the hub and spoke devices and it seems fine. However, OSPF is not functioning as expected.
Referring to the exhibit, which two statements under interface st0.0 on both the hub and spoke devices would solve this problem? (Choose two.)
interface-type p2mp
dynamic-neighbors
passive
interface-type p2p
You have deployed an SRX Series device at your network edge to secure Internet-bound sessions for your local hosts using source NAT. You want to ensure that your users are able to interact with applications on the Internet that require more than one TCP session for the same application session.
Which two features would satisfy this requirement? (Choose two.)
address persistence
STUN
persistent NAT
double NAT
Question