JN0-636 Exam Questions

Which interface family is required for Layer 2 transparent mode on SRX Series devices?

Click the Exhibit button. user@srx> show chassis cluster interfaces Control link status: Up Control interfaces: Index Interface Monitored-Status Internal-SA Security 0 em0 Up Disab...

You have configured three logical tunnel interfaces in a tenant system on an SRX1500 device. When committing the configuration, the commit fails. In this scenario, what would cause...

You are asked to merge to corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX Serie...

You have set up Security Director with Policy Enforcer and have configured 12 third-party feeds and a Sky ATP feed. You are also injecting 16 feeds using the available open API. Yo...

Which three types of peer devices are supported for CoS-based IPsec VPNs? (Choose three.)

You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic. Which two statements are true regarding...

Which three roles or protocols are required when configuring an ADVPN? (Choose three.)

You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network consists of SRX340s and SRX5600s. In this scenario, which two statements are...

Click the Exhibit button. You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquar...

Click the Exhibit button. The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server. Which action will solve the problem? Exhibit: user@sr...

You are asked to secure your network against TOR network traffic. Which two Juniper products would accomplish this task? (Choose two.)

You are asked to implement the session cache feature on an SRX5400. In this scenario, what information does a session cache entry record? (Choose two.)

Which feature of Sky ATP is deployed with Policy Enforcer?

Click the Exhibit button. Referring to the exhibit, which two statements are true? (Choose two.) Exhibit: user@srx> show services advanced-anti-malware status Server connection sta...

When would you use the port-overloading-factor 1 setting?

Which Junos security feature is used for signature-based attack prevention?

You are asked to configure an IPSec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers. What will satisfy this requirement?

You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate. Which conf...

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

Which type of NAT is shown in the exhibit?

Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)

You issue the command shown in the exhibit. Which policy will be active for the identified traffic?

You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic. Which two statement are true in...

You have noticed a high number of TCP-based attacks directed toward your primary edge device. You are asked to configure the IDP feature on your SRX Series device to block this att...

Which two log format types are supported by the JATP appliance? (Choose two.)

Referring the exhibit, which action should you take to solve the problem?

According to the log shown in the exhibit, you notice the IPsec session is not establishing. What is the reason for this behavior?

You opened a support ticket with JTAC for your Juniper ATP appliance. JTAC asks you to set up access to the device using the reverse SSH connection. Which three setting must be con...

The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device. In this scenario, which two statements are true? (Choose...

You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices int...

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance. What would be a cause of this problem?

You must implement an IPsec VPN on an SRX Series device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate su...

You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU-name(s)>." error....

Referring to the exhibit, which two statements are true? (Choose two.) [Exhibit: Image showing Juniper security-profile configuration for SP-I and c-1 TSYS.]

You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites. In this scena...

You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in thi...

Which three type of peer devices are supported for Cos-Based IPsec VPN?

What are two important function of the Juniper Networks ATP appliance solution? (Choose two.)

You are asked to deploy Juniper ATP appliance in your network. You must ensure that incidents and alerts are sent to your SIEM. In this scenario, which logging output format is sup...

You are asked to share threat intelligence from your environment with third party tools so that those tools can be identify and block lateral threat propagation from compromised ho...

You want to enable inter-tenant communica on with tenant system. In this Scenario, Which two solutions will accomplish this task?

Refer to the exhibit, which two potential violations will generate alarm? (Choose two) [Exhibit: Image showing Juniper security alarm potential-violation configuration.]

You must find an infected host and where the a ack came from using the Juniper ATP Cloud. Which two monitor workspaces will return the requested information? (Choose two)

Referring to the exhibit, the operator user is unable to save configuration files to a usb stick the is plugged into SRX. What should you do to solve this problem?

An operator user is unable to save configuration files to a USB stick that is plugged into SRX. Based on the provided configuration snippet (image shows `edit system login` configu...

You must create a secure fabric in your company's network In this Scenario. Which three statements are correct? (Choose Three)

You are troubleshooting a firewall filter in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the...

You configured a security policy permitting traffic from the trust zone to the untrust zone but your traffic isn't hitting the policy. In this scenario, which cli command allows yo...

In an effort to reduce client-server latency transparent mode was enabled an an SRX series device. Which two types of traffic will be permitted in this scenario? (Choose Two)