[Aug 28, 2022] Free Junos Security JN0-635 Exam Question
JN0-635 dumps & Junos Security sure practice dumps
Juniper JN0-635 Exam Topics:
| Section | Objectives |
|---|---|
| Layer 2 Security | Describe the concepts, operation, or functionality of Layer 2 security
Given a scenario, demonstrate how to configure or monitor Layer 2 security |
| Firewall Filters | Describe the concepts, operation, or functionality of firewall filters and ACLs
Given a scenario, demonstrate how to configure, troubleshoot, or monitor firewall filters |
| Compliance | Describe the concepts or operation of security compliance
|
| Troubleshooting Security Policy and Zones | Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones
|
| Logical and Tenant Systems | Describe the concepts, operation, or functionality of the logical systems
Describe the concepts, operation, or functionality of the tenant systems
|
| Advanced Threat Protection | Describe the concepts, operation, or functionality of Juniper ATP
Given a scenario, demonstrate how to configure or monitor Juniper ATP |
| Advanced Network Address Translation | Describe the concepts, operation, or functionality of advanced NAT functionality
Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced NAT scenarios |
| Edge Security | Describe the concepts, operation, or functionality of edge security features
|
| Threat Mitigation | Describe the concepts, operation, or functionality of threat mitigation
Given a scenario, demonstrate how to configure or monitor threat mitigation |
NEW QUESTION 62
Click the Exhibit button.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The device cannot pass Layer 2 and Layer 3 traffic at the same time
- B. You can secure inter-VLAN traffic with a security policy on this device
- C. The device can pass Layer 2 and Layer 3 traffic at the same time
- D. You can secure intra-VLAN traffic with a security policy on this device
Answer: A,D
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ethernet-port-switching- modes.html
NEW QUESTION 63
What is the required when deploying a log collector in Junos Space?
- A. the IP address of interface eth1 on the log collector
- B. root user access to the log collector
- C. a shared log file directory on the log collector
- D. a distributed deployment of the log collector nodes
Answer: B
NEW QUESTION 64
Click the Exhibit button.
Given the command output shown in the exhibit, which two statements are true? (Choose two.)
- A. Traffic matching this session has been received since the session was established
- B. The host 172.31.15.1 is directly connected to interface ge-0/0/3.0
- C. Network Address Translation is applied to this session
- D. The host 10.10.101.10 is directly connected to interface ge-0/0/4.0
Answer: A,D
NEW QUESTION 65
Which feature of Sky ATP is deployed with Policy Enforcer?
- A. software image snapshot support
- B. service redundancy daemon configuration support
- C. zero-day threat mitigation
- D. device inventory management
Answer: C
NEW QUESTION 66
Click the Exhibit button.
Referring to the exhibit, which statement is true?
- A. Static NAT without PAT is occurring
- B. Source NAT without PAT is occurring
- C. Destination NAT is occurring
- D. Source NAT with PAT is occurring
Answer: D
NEW QUESTION 67
You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed.
Which specific traceoption flag will help you troubleshoot this problem?
- A. rules
- B. lookup
- C. configuration
- D. routing-socket
Answer: B
NEW QUESTION 68
Click the Exhibit button.
The IKE policy and proposal are configured properly on both devices as shown in the exhibit. Which configuration snippet will complete the IKE configuration on the branch SRX Series device?
A)
B)
C)
D)
- A. Option B
- B. Option D
- C. Option A
- D. Option C
Answer: B
NEW QUESTION 69
Click the Exhibit button.
Which statement is correct regarding the information show in the exhibit?
- A. The output is for an ADVPN
- B. The tunnel is not encrypting the traffic
- C. The tunnel gateway address was automatically discovered
- D. The tunnel binding was discovered automatically
Answer: C
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show- security-ipsec-next-hop-tunnels.html
NEW QUESTION 70
Click the Exhibit button.
Which type of NAT is shown in the exhibit?
- A. NAT46
- B. persistent NAT
- C. DS-Lite
- D. NAT64
Answer: D
NEW QUESTION 71
Click the Exhibit button.
Referring to the exhibit, you have expanded the disk storage size in ESXi for your log collector from 500 GB to 600 GB. However, your log collector's disk size has not changed.
Given the scenario, which two statements are true? (Choose two.)
- A. You must re-run the log collector setup script to update the storage settings.
- B. You must run a script from the console to expand the disk size.
- C. You must reboot the log collector for storage settings to be updated
- D. The ESXi storage parameter is not associated with the Elasticsearch disk size parameter.
Answer: B,C
NEW QUESTION 72
Malware that is detonated by the JATP sandbox must be able to communicate with the Internet without being able to harm your local network resources.
Which statement is correct in this scenario?
- A. The honeypot interface must be connected to the Internet zone
- B. The management interface must be connected to the Internet zone
- C. The monitoring interface must be connected to the Internet zone
- D. The exhaust interface must be connected to the Internet zone
Answer: B
NEW QUESTION 73
You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers.
What will satisfy this requirement?
- A. route-based VPN
- B. OpenVPN
- C. remote access VPN
- D. policy-based VPN
Answer: A
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/secuirty-cos-based-ipsec- vpns.html
NEW QUESTION 74
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?
- A. A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
- B. A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
- C. Full mesh IPsec VPNs with tunnels between all sites.
- D. An IPsec group VPN with the corporate firewall acting as the hub device.
Answer: D
Explanation:
Explanation
https://www.juniper.net/us/en/local/pdf/app-notes/3500202-en.pdf
NEW QUESTION 75
Click the Exhibit button.
You have configured an ADVPN that is operational. However, OSPF will not establish correctly across the ADVPN tunnels.
Referring to the exhibit, which two commands will solve the problem? (Choose two.)
- A. [edit protocols ospf area 0.0.0.0]
user@srx# set interface st0.0 demand-circuit - B. [edit protocols ospf area 0.0.0.0]
user@srx# set interface st0.0 dynamic-neighbors - C. [edit protocols ospf area 0.0.0.0]
user@srx# set interface st0.0 interface-type nbma - D. [edit protocols ospf area 0.0.0.0]
user@srx# set interface st0.0 topology advpn
Answer: A,B
NEW QUESTION 76
Click the Exhibit button.
Referring to the exhibit, what is the maximum number of zones that are able to be created within all logical systems?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 77
You are asked to set up notifications if one of your collector traffic feeds drops below 100 kbps.
Which two configuration parameters must be set to accomplish this task? (Choose two.)
- A. Set a general triggered notification on the JATP appliance
- B. Set a traffic system alert on the JATP appliance
- C. Set a logging notification on the JATP appliance
- D. Set a traffic SNMP trap on the JATP appliance
Answer: B,C
NEW QUESTION 78
You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.
What would be a cause of this problem?
- A. The collector must have a minimum of two interfaces.
- B. The collector must have a minimum of four interfaces.
- C. The collector must have a minimum of three interfaces.
- D. The collector must have a minimum of five interfaces.
Answer: B
NEW QUESTION 79
Click the Exhibit button.
The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server. Which action will solve the problem?
- A. Edit the source NAT to correct the translated address
- B. Create a route to the desired server
- C. Create a security policy that matches the traffic parameters
- D. Create a route entry to direct traffic into the configured tunnel
Answer: C
NEW QUESTION 80
Click the Exhibit button.
You deployed a site-to-site IPsec VPN connecting two data centers together using SRX5800s. After examining the performance of the IPsec VPN, you decide to enable IPsec performance acceleration to increase the rate of traffic that can be sent through the tunnel.
Referring to the exhibit, which two statements should you add to the configuration to accomplish this task? (Choose two.)
- A. [edit security flow]
user@srx# set load-distribution session-affinity ipsec - B. [edit security flow]
user@srx# set tcp-mss ipsec-vpn mss 65535 - C. [edit security flow]
user@srx# set ipsec-performance-acceleration - D. [edit security flow]
user@srx# set power-mode-ipsec
Answer: A,C
NEW QUESTION 81
You are asked to implement the session cache feature on an SRX5400.
In this scenario, what information does a session cache entry record? (Choose two.)
- A. To which NPU the traffic of the session should be forwarded
- B. The type of processing to do for ingress traffic
- C. The type of processing to do for egress traffic
- D. To which SPU the traffic of the session should be forwarded
Answer: C,D
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-packet-based- forwarding.html
NEW QUESTION 82
Click the Exhibit button.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The SRX Series device is not enrolled but can communicate with the JATP Appliance
- B. The SRX Series device cannot download the security feeds from the JATP Appliance
- C. The SRX Series device is enrolled and communicating with a JATP Appliance
- D. The JATP Appliance cannot download the security feeds from the GSS servers
Answer: A,B
NEW QUESTION 83
Click the Exhibit button.
You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches all the rules in your IPS policy.
In this scenario, which action would be taken?
- A. ignore-connection
- B. drop packet
- C. close-client-and-server
- D. no-action
Answer: D
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-idp-policy-rules- and-rulebases.html
NEW QUESTION 84
You opened a support ticket with JTAC for your Juniper ATP appliance. JTAC asks you to set up access to the device using the reverse SSH connection.
Which three setting must be configured to satisfy this request? (Choose three.)
- A. Create a temporary admin account.
- B. Enable remote support.
- C. Create a temporary root account.
- D. Enable a JATP support account.
- E. Enable JTAC remote access
Answer: A,B,D
Explanation:
https://kb.juniper.net/InfoCenter/index?page=content&id=TN326&cat=&actp=LIST&showDraft=fal se
NEW QUESTION 85
Click the Exhibit button.
You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches all the rules in your IPS policy.
In this scenario, which action would be taken?
- A. ignore-connection
- B. drop packet
- C. close-client-and-server
- D. no-action
Answer: D
NEW QUESTION 86
Click the Exhibit button.
A user is trying to reach a company's website, but the connection errors out. The security policies are configured correctly.
Referring to the exhibit, what is the problem?
- A. Persistent NAT must be enabled
- B. DNS ALG must be disabled
- C. Static NAT is missing a rule for DNS server
- D. The action for rule 1 must change to static-nat inet
Answer: C
NEW QUESTION 87
......
Juniper JN0-635 Actual Questions and Braindumps: https://testking.practicedump.com/JN0-635-exam-questions.html