ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output: What is the problem in this scenario?

Question 4 - JN0-636 discussion

Report
Export

Exhibit

Referring to the exhibit, which three statements are true? (Choose three.)

A.
The packet's destination is to an interface on the SRX Series device.
Answers
A.
The packet's destination is to an interface on the SRX Series device.
B.
The packet's destination is to a server in the DMZ zone.
Answers
B.
The packet's destination is to a server in the DMZ zone.
C.
The packet originated within the Trust zone.
Answers
C.
The packet originated within the Trust zone.
D.
The packet is dropped before making an SSH connection.
Answers
D.
The packet is dropped before making an SSH connection.
E.
The packet is allowed to make an SSH connection.
Answers
E.
The packet is allowed to make an SSH connection.
Suggested answer: A, C, D

Explanation:

According to the exhibit, which is a security flow trace on an SRX Series device, the following statements are true:

The packet's destination is to an interface on the SRX Series device. This is indicated by the line packet dropped for self but not interested, which means that the packet is destined to the SRX device itself, but the device does not have the corresponding service configured in the host-inboundtraffic stanza for the interface1.

The packet originated within the Trust zone. This is indicated by the line zone name: Trust, which shows that the packet belongs to the Trust zone. The Trust zone is typically the zone where the internal network is connected to the SRX device2.

The packet is dropped before making an SSH connection. This is indicated by the line flow_first_inline_processing: pak(0x4a9c0d0), which shows that the packet is the first packet in the session and is processed by the firewall. The packet is dropped because it does not match any security policy or host-inbound-traffic rule1. The packet is trying to make an SSH connection, which uses TCP port 22, as shown by the line source port: 22.

The following statements are false:

The packet's destination is to a server in the DMZ zone. There is no indication of the DMZ zone in the trace output. The DMZ zone is typically the zone where the external servers are connected to the SRX device2.

The packet is allowed to make an SSH connection. The packet is not allowed to make an SSH connection, as explained above.

Reference: 1: SRX Getting Started - Troubleshoot Security Policy 2: SRX Getting Started - Configure Security Zones

Show Answer
asked 18/09/2024
Yusuf Sivrikaya
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms