ExamGecko
Search Search Login
Home Home / Juniper / JN0-637
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are true regarding NAT64? (Choose two.)
You are deploying IPsec VPNs to securely connect several enterprise sites with ospf for dynamic routing. Some of these sites are secured by third-party devices not running Junos. Which two statements are true for this deployment? (Choose two.)
You are attempting to ping an interface on your SRX Series device, but the ping is unsuccessful. What are three reasons for this behavior? (Choose three.)
Click the Exhibit button. Referring to the exhibit, which two statements are correct? (Choose two.)
Exhibit: Referring to the flow logs exhibit, which two statements are correct? (Choose two.)
Exhibit: Which two statements are correct about the output shown in the exhibit. (Choose Two)
Which two statements are true regarding NAT64? (Choose two.)
You want to bypass IDP for traffic destined to social media sites using APBR, but it is not working and IDP is dropping the session. What are two reasons for this problem? (Choose two.)
Click the Exhibit button. You have configured a CoS-based VPN that is not functioning correctly. Referring to the exhibit, which action will solve the problem?
A company has acquired a new branch office that has the same address space as one of its local networks, 192.168.100.0/24. The offices need to communicate with each other. Which two NAT configurations will satisfy this requirement? (Choose two.)

Question 15 - JN0-637 discussion

Report
Export

Exhibit:

You have deployed an SRX Series device as shown in the exhibit. The devices in the Local zone have recently been added, but their SRX interfaces have not been configured. You must configure the SRX to meet the following requirements:

Devices in the 10.1.1.0/24 network can communicate with other devices in the same network but not with other networks or the SRX.

You must be able to apply security policies to traffic flows between devices in the Local zone.

Which three configuration elements will be required as part of your configuration? (Choose three.)

A.

set security zones security-zone Local interfaces ge-0/0/1.0

Answers
A.

set security zones security-zone Local interfaces ge-0/0/1.0

B.

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-members 10

Answers
B.

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-members 10

C.

set protocols l2-learning global-mode switching

Answers
C.

set protocols l2-learning global-mode switching

D.

set protocols l2-learning global-mode transparent-bridge

Answers
D.

set protocols l2-learning global-mode transparent-bridge

E.

set security zones security-zone Local interfaces irb.10

Answers
E.

set security zones security-zone Local interfaces irb.10

Suggested answer: A, B, D

Explanation:

In this scenario, we need to configure the SRX Series device so that devices in the Local zone (VLAN 10, 10.1.1.0/24 network) can communicate with each other but not with other networks or the SRX itself. Additionally, you must be able to apply security policies to traffic flows between the devices in the Local zone.

Explanation of Answer A (Assigning Interface to Security Zone):

You need to assign the interface ge-0/0/1.0 to the Local security zone. This is crucial because the SRX only applies security policies to interfaces assigned to security zones. Without this, traffic between devices in the Local zone won't be processed by security policies.

Configuration:

set security zones security-zone Local interfaces ge-0/0/1.0

Explanation of Answer B (Configuring Ethernet-Switching for VLAN 10):

Since we are using Layer 2 switching between devices in VLAN 10, we need to configure the interface to operate in Ethernet switching mode and assign it to VLAN 10.

Configuration:

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-members 10

Explanation of Answer D (Transparent Bridging Mode for Layer 2):

The global mode for Layer 2 switching on the SRX device must be set to transparent-bridge. This ensures that the SRX operates in Layer 2 mode and can switch traffic between devices without routing.

Configuration:

set protocols l2-learning global-mode transparent-bridge

Summary:

Interface Assignment: Interface ge-0/0/1.0 is assigned to the Local zone to allow policy enforcement.

Ethernet-Switching: The interface is configured for Layer 2 Ethernet switching in VLAN 10.

Transparent Bridging: The SRX is configured in Layer 2 transparent-bridge mode for switching between devices.

Juniper Security

Reference:

Layer 2 Bridging and Switching Overview: This mode allows the SRX to act as a Layer 2 switch for forwarding traffic between VLAN members without routing. Reference: Juniper Transparent Bridging Documentation.

Show Answer
asked 01/11/2024
Himal Rai
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms