Juniper JN0-636 JNCIP-SEC Exam Questions Instant Access

Question 1

You issue the command shown in the exhibit.

Which policy will be active for the identified traffic?

APolicy p4

BPolicy p7

CPolicy p1

DPolicy p12

Answer : B

Question 2

Exhibit.

A hub member of an ADVPN is not functioning correctly.

Referring the exhibit, which action should you take to solve the problem?

A[edit interfaces]
root@vSRX-1# delete st0.0 multipoint

B[edit interfaces]
user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

C[edit security]
user@hub-1# set ike gateway advpn-gateway advpn suggester disable

D[edit security]
user@hub-1# delete ike gateway advpn-gateway advpn partner

Answer : B

Question 3

Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)

AYou must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.

BYou must create a dynamic address entry with the C&C category and the cc_offic365 value.

CYou must apply the dynamic address entry in a security policy.

DYou must apply the dynamic address entry in a security intelligence policy.

Answer : A, C

Question 4

Click the Exhibit button.

Which type of NAT is shown in the exhibit?

ANAT46

BNAT64

Cpersistent NAT

DDS-Lite

Answer : B

Question 5

Exhibit

Referring to the exhibit, which type of NAT is being performed?

AStatic NAT

BDestination NAT

CPersistent NAT

DSource NAT

Answer : D

Source NAT is a type of NAT that is used to translate the source IP address and port number of a packet. This is typically used to allow multiple devices on a private network to access the internet using a single public IP address. In the exhibit, we can see that the source IP address and port number of the packet are being translated from 10.10.10.2/61606 to 203.0.113.100/179. This is a clear indication that Source NAT is being performed.Reference:

Network Address Translation Feature Guide

SRX NAT with Illustrated Examples

Question 6

Refer to the exhibit,

which two potential violations will generate alarm ? (Choose Two)

Athe number of policy violations by a source network identifier

Bthe ratio of policy violation traffic compared to accepted traffic.

Cthe number of policy violation by a destination TCP port

Dthe number of policy violation to an application within a specified period

Answer : A, D

The exhibit shows a security policy configuration with a threshold of 1000 policy violations by a source network identifier and a threshold of 10 policy violations to an application within a specified period. If either of these thresholds are exceeded, an alarm will be generated. Therefore, the correct answer is A and D. The other options are incorrect because:

B) The ratio of policy violation traffic compared to accepted traffic is not a criterion for triggering an alarm. The security policy configuration does not specify any ratio or percentage of policy violation traffic that would cause an alarm.

C) The number of policy violation by a destination TCP port is also not a criterion for triggering an alarm. The security policy configuration does not specify any threshold or duration for policy violation by a destination TCP port.

policy (Security Alarms)

Monitoring Security Policy Violations

Question 7

Refer to the Exhibit.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

ATopology 3

BTopology 5

CTopology 2

DTopology 4

ETopology 1

Answer : A, D, E

Juniper Security, Professional JN0-636 JNCIP-SEC Exam Questions