New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

JN0-637 Security, Professional (JNCIP-SEC) Questions and Answers

Questions 4

You want to bypass IDP for traffic destined to social media sites using APBR, but it is not working and IDP is dropping the session.

What are two reasons for this problem? (Choose two.)

Options:

A.

IDP disable is not configured on the APBR rule.

B.

The application services bypass is not configured on the APBR rule.

C.

The APBR rule does a match on the first packet.

D.

The session did not properly reclassify midstream to the correct APBR rule.

Buy Now
Questions 5

Which two statements are true when setting up an SRX Series device to operate in mixed mode? (Choose two.)

Options:

A.

A physical interface can be configured to be both a Layer 2 and a Layer 3 interface at the same time.

B.

User logical systems support Layer 2 traffic processing.

C.

The SRX must be rebooted after configuring at least one Layer 3 and one Layer 2 interface.

D.

Packets from Layer 2 interfaces are switched within the same bridge domain.

Buy Now
Questions 6

You are deploying a large-scale VPN spanning six sites. You need to choose a VPN technology that satisfies the following requirements:

    All sites must have secure reachability to all other sites.

    New spoke sites can be added without explicit configuration on the hub site.

    All spoke-to-spoke communication must traverse the hub site.Which VPN technology will satisfy these requirements?

Options:

A.

ADVPN

B.

Group VPN

C.

Secure Connect VPN

D.

AutoVPN

Buy Now
Questions 7

You want to use a security profile to limit the system resources allocated to user logical systems.

In this scenario, which two statements are true? (Choose two.)

Options:

A.

If nothing is specified for a resource, a default reserved resource is set for a specific logical system.

B.

If you do not specify anything for a resource, no resource is reserved for a specific logical system, but the entire system can compete for resources up to the maximum available.

C.

One security profile can only be applied to one logical system.

D.

One security profile can be applied to multiple logical systems.

Buy Now
Questions 8

Your IPsec tunnel is configured with multiple security associations (SAs). Your SRX Series device supports the CoS-based IPsec VPNs with multiple IPsec SAs feature. You are asked to configure CoS for this tunnel.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

The local and remote gateways do not need the forwarding classes to be defined in the same order.

B.

A maximum of four forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.

C.

The local and remote gateways must have the forwarding classes defined in the same order.

D.

A maximum of eight forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.

Buy Now
Questions 9

Which three statements about persistent NAT are correct? (Choose Three)

Options:

A.

New sessions can only be initiated from a source towards the reflexive address.

B.

New sessions can be initiated from a destination towards the reflexive address.

C.

Persistent NAT only applies to source NAT.

D.

All requests from an internal address are mapped to the same reflexive address.

E.

Persistent NAT applies to both destination and source NAT.

Buy Now
Questions 10

Click the Exhibit button.

Referring to the exhibit, which three actions do you need to take to isolate the hosts at the switch port level if they become infected with malware? (Choose three.)

Options:

A.

Enroll the SRX Series device with Juniper ATP Cloud.

B.

Use a third-party connector.

C.

Deploy Security Director with Policy Enforcer.

D.

Configure AppTrack on the SRX Series device.

E.

Deploy Juniper Secure Analytics.

Buy Now
Questions 11

Which two elements are necessary to configure a rule under an APBR profile? (Choose Two)

Options:

A.

instance type

B.

match condition

C.

then action

D.

RIB group

Buy Now
Questions 12

You are deploying OSPF over IPsec with an SRX Series device and third-party device using GRE.

Which two statements are correct? (Choose two.)

Options:

A.

The GRE interface should use lo0 as endpoints.

B.

The OSPF protocol must be enabled under the VPN zone.

C.

Overlapping addresses are allowed between remote networks.

D.

The GRE interface must be configured under the OSPF protocol.

Buy Now
Questions 13

Which two statements describe the behavior of logical systems? (Choose two.)

Options:

A.

Each logical system shares the routing protocol process.

B.

A default routing instance must be manually created for each logical system

C.

Each logical system has a copy of the routing protocol process.

D.

A default routing instance is automatically created for each logical system.

Buy Now
Questions 14

Which two statements about the differences between chassis cluster and multinode HA on

SRX series devices are true? (Choose Two)

Options:

A.

Multinode HA member nodes require Layer 2 connectivity.

B.

Multinode HA supports Layer 2 and Layer 3 connectivity between nodes.

C.

Multinode HA requires Layer 3 connectivity between nodes.

D.

Chassis cluster member nodes require Layer 2 connectivity.

Buy Now
Questions 15

Click the Exhibit button.

Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

You cannot secure intra-VLAN traffic with a security policy on this device.

B.

You can secure inter-VLAN traffic with a security policy on this device.

C.

The device can pass Layer 2 and Layer 3 traffic at the same time.

D.

The device cannot pass Layer 2 and Layer 3 traffic at the same time.

Buy Now
Questions 16

You are using AutoVPN to deploy a hub-and-spoke VPN to connect your enterprise sites.

In this scenario, which two statements are true? (Choose two.)

Options:

A.

New spoke sites can be added without explicit configuration on the hub.

B.

Direct spoke-to-spoke tunnels can be established automatically.

C.

All spoke-to-spoke IPsec communication will pass through the hub.

D.

AutoVPN requires OSPF over IPsec to discover and add new spokes.

Buy Now
Questions 17

Which two statements are correct about automated threat mitigation with Security Director? (Choose two.)

Options:

A.

It works with third-party switches.

B.

It provides endpoint protection by running a Juniper ATP Cloud agent on the servers.

C.

It provides endpoint protection by running a Juniper ATP Cloud agent on EX Series devices.

D.

It works with SRX Series devices.

Buy Now
Questions 18

Referring to the exhibit,

which three statements about the multinode HA environment are true? (Choose three.)

Options:

A.

Two services redundancy groups are available.

B.

IP monitoring has failed for the services redundancy group.

C.

Node 1 will host services redundancy group 1 unless it is unavailable.

D.

Session state is synchronized on both nodes.

E.

Node 2 will process transit traffic that it receives for services redundancy group 1.

Buy Now
Questions 19

You are asked to configure tenant systems.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

A tenant system can have only one administrator.

B.

After successful configuration, the changes are merged into the primary database for each tenant system.

C.

Tenant systems have their own configuration database.

D.

You can commit multiple tenant systems at a time.

Buy Now
Questions 20

You have a multinode HA default mode deployment and the ICL is down.

In this scenario, what are two ways that the SRX Series devices verify the activeness of their peers? (Choose two.)

Options:

A.

Custom IP addresses may be configured for the activeness probe.

B.

Fabric link heartbeats are used to verify the activeness of the peers.

C.

Each peer sends a probe with the virtual IP address as the destination IP address.

D.

Each peer sends a probe with the virtual IP address as the source IP address and the upstream router as the destination IP address.

Buy Now
Questions 21

Exhibit:

You have configured a CoS-based VPN that is not functioning correctly.

Referring to the exhibit, which action will solve the problem?

Options:

A.

You must delete one forwarding class.

B.

You must change the loss priorities of the forwarding classes to low.

C.

You must use inet precedence instead of DSCP.

D.

You must change the code point for the DB-data forwarding class to 10000.

Buy Now
Questions 22

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

Options:

A.

The traffic is permitted.

B.

The traffic was initiated by the 10.10.102.10 address.

C.

The destination device is not responding.

D.

The traffic is denied.

Buy Now
Questions 23

You Implement persistent NAT to allow any device on the external side of the firewall to

initiate traffic.

Referring to the exhibit, which statement is correct?

Options:

A.

The target-host parameter should be used instead of the any-remote-host parameter.

B.

The port-overloading parameter needs to be turned off in the NAT source interface configuration

C.

The target-host-port parameter should be used instead of the any-remote-host parameter

D.

The any-remote-host parameter does not support interface-based NAT and needs an IP pod to work.

Buy Now
Questions 24

You are asked to establish a hub-and-spoke IPsec VPN using an SRX Series device as the hub. All of the spoke devices are third-party devices.

Which statement is correct in this scenario?

Options:

A.

You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.

B.

You must statically configure the next-hop tunnel binding table entries for each of the third-party spoke devices.

C.

You must create a policy-based VPN on the hub device when peering with third-party devices.

D.

You must always peer using loopback addresses when using non-Junos devices as your spokes.

Buy Now
Questions 25

A user reports that a specific application is not working properly. This application makes

multiple connection to the server and must have the same address every time from a pool and this behavior needs to be changed.

What would solve this problem?

Options:

A.

Use STUN.

B.

Use DNS doctoring.

C.

Use the address-persistent parameter.

D.

Use the persistent-nat parameter.

Buy Now
Questions 26

Exhibit:

Referring to the exhibit, what do you use to dynamically secure traffic between the Azure and AWS clouds?

Options:

A.

You can dynamically secure traffic between the clouds by using user identities in the security policies.

B.

You can dynamically secure traffic between the clouds by using advanced connection tracking in the security policies.

C.

You can dynamically secure traffic between the clouds by using security tags in the security policies.

D.

You can dynamically secure traffic between the clouds by using URL filtering in the security policies.

Buy Now
Questions 27

You have deployed automated threat mitigation using Security Director with Policy Enforcer, Juniper ATP Cloud, SRX Series devices, Forescout, and third-party switches.

In this scenario, which device is responsible for communicating directly to the third-party switches when infected hosts need to be blocked?

Options:

A.

Forescout

B.

Policy Enforcer

C.

Juniper ATP Cloud

D.

SRX Series device

Buy Now
Questions 28

You need to generate a certificate for a PKI-based site-to-site VPN. The peer is expecting to

user your domain name vpn.juniper.net.

Which two configuration elements are required when you generate your certificate request? (Chose two,)

Options:

A.

ip-address 10.100.0.5

B.

subject CN=vpn.juniper.net

C.

email admin@juniper.net

D.

domain-name vpn.juniper.net

Buy Now
Questions 29

Exhibit:

In which mode is the SRX Series device?

Options:

A.

Packet

B.

Ethernet switching

C.

Mixed

D.

Transparent

Buy Now
Questions 30

The SRX series device is performing static NAT. you want to ensure that host A can reach the

internal webserver www.juniper.net using domain name.

Referring to the exhibit, which two Junos features are required to accomplish this task? (Choose two.)

Options:

A.

DNS doctoring

B.

proxy ARP

C.

persistent NAT

D.

STUN

Buy Now
Questions 31

What are three core components for enabling advanced policy-based routing? (Choose three.)

Options:

A.

Filter-based forwarding

B.

Routing options

C.

Routing instance

D.

APBR profile

E.

Policies

Buy Now
Questions 32

Exhibit:

Host A shown in the exhibit is attempting to reach the Web1 webserver, but the connection is failing. Troubleshooting reveals that when Host A attempts to resolve the domain name of the server (web.acme.com), the request is resolved to the private address of the server rather than its public IP.

Which feature would you configure on the SRX Series device to solve this issue?

Options:

A.

Persistent NAT

B.

Double NAT

C.

DNS doctoring

D.

STUN protocol

Buy Now
Questions 33

You have deployed two SRX Series devices in an active/passive multimode HA scenario.

In this scenario, which two statements are correct? (Choose two.)

Options:

A.

Services redundancy group 1 (SRG1) is used for services that do not have a control plane state.

B.

Services redundancy group 0 (SRG0) is used for services that have a control plane state.

C.

Services redundancy group 0 (SRG0) is used for services that do not have a control plane state.

D.

Services redundancy group 1 (SRG1) is used for services that have a control plane state.

Buy Now
Questions 34

You are asked to select a product offered by Juniper Networks that can collect and assimilate data from all probes and determine the optimal links for different applications to maximize the full potential of AppQoE.

Which product provides this capability?

Options:

A.

Security Director

B.

Network Director

C.

Mist

D.

Security Director Insights

Buy Now
Exam Code: JN0-637
Exam Name: Security, Professional (JNCIP-SEC)
Last Update: Dec 29, 2024
Questions: 115
JN0-637 pdf

JN0-637 PDF

$25.5  $84.99
JN0-637 Engine

JN0-637 Testing Engine

$30  $99.99
JN0-637 PDF + Engine

JN0-637 PDF + Testing Engine

$40.5  $134.99