Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Juniper > Juniper Certifications > JN0-636 > JN0-636 Online Practice Questions and Answers

JN0-636 Online Practice Questions and Answers

Questions 4

Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies

Referring to the exhibit, what should you do to solve this problem?

A. You must change the global mode to security switching mode.

B. You must change the global mode to security bridging mode

C. You must change the global mode to transparent bridge mode.

D. You must change the global mode to switching mode.

Buy Now

Correct Answer: B

Questions 5

You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses. Which two steps will fulfill this requirement? (Choose two.)

A. Enroll the devices with Juniper ATP Appliance.

B. Enroll the devices with Juniper ATP Cloud.

C. Enable a third-party Tor feed.

D. Create a custom feed containing all current known MAC addresses.

Buy Now

Correct Answer: AB

Explanation: To block all known Tor network IP addresses on an SRX Series device, the following steps must be taken:

Enroll the devices with Juniper ATP Appliance or Juniper ATP Cloud: both of these services provide threat intelligence feeds that include known IP addresses associated with the Tor network. By enrolling the SRX Series device, the device

will have access to the latest Tor network IP addresses, and it can then use this information to block traffic from those IP addresses. Creating a custom feed containing all current known MAC addresses, is not a valid option since Tor network

uses IP addresses, MAC addresses are not used to identify the Tor network.

Enable a third-party Tor feed may be used but it's not necessary as Juniper ATP Appliance and Juniper ATP Cloud already provide the same feature.

Questions 6

You want to enforce I DP policies on HTTP traffic.

In this scenario, which two actions must be performed on your SRX Series device? (Choose two )

A. Choose an attacks type in the predefined-attacks-group HTTP-All.

B. Disable screen options on the Untrust zone.

C. Specify an action of None.

D. Match on application junos-http.

Buy Now

Correct Answer: AD

Explanation: To enforce IDP policies on HTTP traffic on an SRX Series device, the following actions must be performed:

Choose an attacks type in the predefined-attacks-group HTTP-All: This allows the SRX Series device to match on specific types of attacks that can occur within HTTP traffic. For example, it can match on SQL injection or cross-site scripting

(XSS) attacks.

Match on application junos-http: This allows the SRX Series device to match on HTTP traffic specifically, as opposed to other types of traffic. It is necessary to properly identify the traffic that needs to be protected. Disabling screen options on

the Untrust zone and specifying an action of None are not necessary to enforce IDP policies on HTTP traffic. The first one is a feature used to prevent certain types of attacks, the second one is used to take no action in case of a match.

Questions 7

Which two modes are supported on Juniper ATP Cloud? (Choose two.)

A. global mode

B. transparent mode

C. private mode

D. Layer 3 mode

Buy Now

Correct Answer: AC

Explanation: Juniper ATP Cloud supports two main modes of operation:

Global mode: In this mode, the Juniper ATP Cloud service analyzes all files and network traffic that pass through the cloud-based service. It uses a combination of static and dynamic analysis techniques, as well as machine learning, to detect

and block malicious files, even if they are not known to traditional anti-virus software. Private mode: In this mode, the Juniper ATP Cloud service analyzes only the files and network traffic that are specifically uploaded or submitted for analysis

by the user. It uses the same analysis techniques as in global mode, but the user has more control over which files and network traffic are analyzed and can be used to analyze files that are behind the firewall.

Questions 8

You are deploying a virtualization solution with the security devices in your network Each SRX Series device must support at least 100 virtualized instances and each virtualized instance must have its own discrete administrative domain. In this scenario, which solution would you choose?

A. VRF instances

B. virtual router instances

C. logical systems

D. tenant systems

Buy Now

Correct Answer: C

Explanation: A logical system is a virtualization feature in SRX Series devices that allows you to create multiple, isolated virtual routers within a single physical device. Each logical system has its own routing table, firewall policies, and interfaces, and it can be managed and configured independently of the other logical systems. Logical systems are an effective way to isolate different administrative domains and to support a large number of virtualized instances.

Questions 9

Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts.

What will solve this problem?

A. Disable PAT.

B. Enable destination NAT.

C. Enable persistent NAT

D. Enable address persistence.

Buy Now

Correct Answer: D

Explanation: The solution to this problem is to enable address persistence. This will ensure that the same external IP address is used for multiple sessions between an internal host and an external host. This will result in only one authentication being required, as the same external IP address will be used for all sessions.

Questions 10

Click the Exhibit button.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

A. Topology 3

B. Topology 5

C. Topology 2

D. Topology 4

E. Topology 1

Buy Now

Correct Answer: ADE

Reference: https://www.juniper.net/documentation/en_US/junos-space17.2/policy- enforcer/topics/concept/ policy-enforcer-deployment-supported-topologies.html

Questions 11

Your company wants to use the Juniper Seclntel feeds to block access to known command and control servers, but they do not want to use Security Director to manage the feeds. Which two Juniper devices work in this situation? (Choose two)

A. EX Series devices

B. MX Series devices

C. SRX Series devices

D. QFX Series devices

Buy Now

Correct Answer: BC

Explanation: Juniper MX and SRX series devices support the integration of Seclntel feeds, which provide information about known command and control servers, for the purpose of blocking access to them. These devices can be configured to use the Seclntel feeds without the need for Security Director to manage the feeds. EX series and QFX series devices are not capable of working in this situation, as they do not support the integration of Seclntel feeds.

Questions 12

Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)

A. You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.

B. You must create a dynamic address entry with the CandC category and the cc_offic365 value.

C. You must apply the dynamic address entry in a security policy.

D. You must apply the dynamic address entry in a security intelligence policy.

Buy Now

Correct Answer: AC

Questions 13

Your company uses non-Juniper firewalls and you are asked to provide a Juniper solution for zero-day malware protection. Which solution would work in this scenario?

A. Juniper ATP Cloud

B. Juniper Secure Analytics

C. Juniper ATP Appliance

D. Juniper Security Director

Buy Now

Correct Answer: A

Explanation: Juniper ATP Cloud provides zero-day malware protection for non-Juniper firewalls. It's a cloud-based service that analyzes files and network traffic to detect and prevent known and unknown (zero-day) threats. It uses a combination of static and dynamic analysis techniques, as well as machine learning, to detect and block malicious files, even if they are not known to traditional anti-virus software. It also provides real-time visibility and detailed forensics for incident response and remediation.

Exam Code: JN0-636
Exam Name: Service Provider Routing and Switching Professional (JNCIP-SP)
Last Update: Feb 15, 2025
Questions: 92

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2025 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.