JN0-635 Exam Questions

What are three components of Software-Defined Secure Networks? (Choose three.)

Which AppSecure feature identifies applications that are present in traffic?

Which three components are part of the AppSecure services suite? (Choose three.)

Referring to the exhibit, a user with IP address 10.1.1.85 generates a request that triggers the HTTP:EXT:DOT-LNK IDP signature that is a member of the "HTTP - All" predefined atta...

What is a function of UTM?

Which two parameters are required to match in an IDP rule for the terminal option to take effect? (Choose two.)

You are implementing user authentication on your network using an SRX Series device and want to ensure that there are redundant forms of authentication for users to access the netw...

You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restarted to the VLANs from which they originate. Which confi...

Click the Exhibit button. Referring to the exhibit, you have expanded the disk storage size in ESXi for your log collector from 500 GB to 600 GB. However, your log collector's disk...

You are scanning files that are being transferred from the Internet to hosts on your internal network with Sky ATP. However, you notice that files that are 1 GB in size are not bei...

Your manager has notices a drop in productivity and believes it is due to employees checking their social media feeds too frequently. You are asked to provide analytical statistics...

What is the required when deploying a log collector in Junos Space?

Click the Exhibit button. been blocked. Referring to the log message shown in the exhibit, why was access blocked?

Using the Policy Controller API, which configuration would post Sky ATP with PE mode to the Policy Enforcer controller configuration?

Click the Exhibit button. [edit security] user@host# show policies global { policy new-policy { match { source-address any; destination-address any; application junos-https; } then...

The IPsec VPN on your SRX Series device establishes both the Phase 1 and Phase 2 security associations. Users are able to pass traffic through the VPN. During peak VPN usage times,...

You have initiated the download of the IPS signature database on your SRX Series device. Which command would you use to confirm the download has completed?

You are asked to implement a Dynamic IPsec VPN on your new SRX240. You are required to facilitate up to 5 simultaneous users. Which two statements must be considered when accomplis...

Click the Exhibit button. user @host> show bgp summary logical-system LSYS1 Groups : 11 Peers : 10 Down peers: 1 Table Tot. Paths Act Paths Suppressed History Damp State Pending in...

Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature. Which command would you use to accomplish this task?

Click the Exhibit button. user@key-server> show security group-vpn server ike security- associations Index State Initiator cookie Responder cookie Mode Remote Address 97 UP bb22440...

You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption. Upon e...

You are asked to ensure that your IPS engine blocks attacks. You must ensure that your system continues to drop additional malicious traffic without additional IPS processing for u...

You are asked to implement the AppFW feature on an SRX Series device. Which three tasks must be performed to make the feature work? (Choose three.)

You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode. What must be considered when accomplishing this task?

What is a secure key management protocol used by IPsec?

You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800. Which two methods of forwardi...

As an SRX administrator, you must find all encrypted sessions on an SRX Series device. Which command would you use to accomplish this task?

Which configurable SRX Series device feature allows you to capture transit traffic?

Which two statements about AppQoS are true? (Choose two.)

Click the Exhibit button. [edit protocols ospf area 0.0.0.0] user@host# run show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Addres...

A local user complains that they cannot connect to an FTP server on the DMZ network. You investigate and confirm that the security policy allows FTP traffic from the trust zone to...

Click the Exhibit button. IPv6 to IPv4 addresses are not being translated as shown in the exhibit. Which two configurations would resolve the problem? (Choose two.)

Click the Exhibit button. userehost# run show route inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static...

Click the Exhibit button. While configuring the SRX345, you review the MACsec connection between devices and note that it is not working. Referring to the exhibit, which action wou...

Click the Exhibit button. You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches al...

Your organization has multiple Active Directory domains to control user access. You must ensure that security policies are passing traffic based upon the users' access rights. What...

You are asked to set up notifications if one of your collector traffic feeds drops below 100 kbps. Which two configuration parameters must be set to accomplish this task? (Choose t...

You have configured static NAT for a webserver in your DMZ. Both internal and external users can reach the webserver using the webserver's IP address. However, only internal users...

Click the Exhibit button. Referring to the exhibit, which statement is true?

You have configured three logical tunnel interfaces in a tenant system on an SRX1500 device. When committing the configuration, the commit fails. In this scenario, what would cause...

You are asked to merge to corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX Serie...

You have set up Security Director with Policy Enforcer and have configured 12 third-party feeds and a Sky ATP feed. You are also injecting 16 feeds using the available open API. Yo...

Which three types of peer devices are supported for CoS-based IPsec VPNs? (Choose three.)

You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic. Which two statements are true regarding...

Which three roles or protocols are required when configuring an ADVPN? (Choose three.)

You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network consists of SRX340s and SRX5600s. In this scenario, which two statements are...

Click the Exhibit button. You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquar...

Click the Exhibit button. The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server. Which action will solve the problem?

Click the Exhibit button. Referring to the exhibit, which two statements are true? (Choose two.)