Juniper JN0-636 Security,Professional (JNCIP-SEC) Online Training
Juniper JN0-636 Online Training
The questions for JN0-636 were last updated at Dec 24,2024.
- Exam Code: JN0-636
- Exam Name: Security,Professional (JNCIP-SEC)
- Certification Provider: Juniper
- Latest update: Dec 24,2024
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following commandshow configuration services security―intelligence url
https://cloudfeeds.argon.juniperaecurity.net/api/manifeat.xml
and receives the following output:
What is the problem in this scenario?
- A . The device is directly enrolled with Juniper ATP Cloud.
- B . The device is already enrolled with Policy Enforcer.
- C . The SRX Series device does not have a valid license.
- D . Junos Space does not have matching schema based on the
You are asked to deploy filter-based forwarding on your SRX Series device for incoming traffic sourced from the 10.10 100 0/24 network in this scenario, which three statements are correct? (Choose three.)
- A . You must create a forwarding-type routing instance.
- B . You must create and apply a firewall filter that matches on the source address 10.10.100.0/24 and then sends this traffic to your routing
- C . You must create and apply a firewall filter that matches on the destination address 10 10.100.0/24 and then sends this traffic to your routing instance.
- D . You must create a RIB group that adds interface routes to your routing instance.
- E . You must create a VRF-type routing instance.
You are asked to provide single sign-on (SSO) to Juniper ATP Cloud.
Which two steps accomplish this goal? (Choose two.)
- A . Configure Microsoft Azure as the service provider (SP).
- B . Configure Microsoft Azure as the identity provider (IdP).
- C . Configure Juniper ATP Cloud as the service provider (SP).
- D . Configure Juniper ATP Cloud as the identity provider (IdP).
You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents.
Which security feature achieves this objective?
- A . infected host feeds
- B . encrypted traffic insights
- C . DNS security
- D . Secure Web Proxy
Exhibit
You are using ATP Cloud and notice that there is a host with a high number of ETI and C&C hits sourced from the same investigation and notice that some of the events have not been automatically mitigated.
Referring to the exhibit, what is a reason for this behavior?
- A . The C&C events are false positives.
- B . The infected host score is globally set bellow a threat level of 5.
- C . The infected host score is globally set above a threat level of 5.
- D . The ETI events are false positives.
Exhibit
Which statement is true about the output shown in the exhibit?
- A . The SRX Series device is configured with default security forwarding options.
- B . The SRX Series device is configured with packet-based IPv6 forwarding options.
- C . The SRX Series device is configured with flow-based IPv6 forwarding options.
- D . The SRX Series device is configured to disable IPv6 packet forwarding.
Exhibit
You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.
In this scenario, which action will solve this problem?
- A . You must specify that the 172.25.1.1/24 IP address is the primary address on the ge-0/0/1 interface.
- B . You must apply the firewall filter to the lo0 interface when using filter-based forwarding.
- C . You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.
- D . You must create the static default route to neighbor 172.21 0.2 under the ISP-1 routing instance hierarchy.
Exhibit
You configure a traceoptions file called radius on your returns the output shown in the exhibit
What is the source of the problem?
- A . An incorrect password is being used.
- B . The authentication order is misconfigured.
- C . The RADIUS server IP address is unreachable.
- D . The RADIUS server suffered a hardware failure.
Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts
What will solve this problem?
- A . Disable PAT.
- B . Enable destination NAT.
- C . Enable persistent NAT
- D . Enable address persistence.
What is the purpose of the Switch Microservice of Policy Enforcer?
- A . to isolate infected hosts
- B . to enroll SRX Series devices with Juniper ATP Cloud
- C . to inspect traffic for malware
- D . to synchronize security policies to SRX Series devices