Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Juniper JN0-635 Security. Professional (JNCIP-SEC) Exam Practice Test

Demo: 13 questions
Total 88 questions

Security. Professional (JNCIP-SEC) Questions and Answers

Question 1

You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for

the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to

ensure remote users can access the webserver.Which two statements are true in this scenario? (Choose two.)

Options:

A.

The DNS doctoring ALG is not enabled by default.

B.

The Proxy ARP feature must be configured.

C.

The DNS doctoring ALG is enabled by default.

D.

The DNS CNAME record is translated.

Question 2

Click the Exhibit button.

You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquarters. You have configured filter-based forwarding to accomplish this objective. You verify proper functionality using the outputs shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

The session utilizes one routing instance

B.

The ge-0/0/5 and ge-0/0/1 interfaces must reside in a single security zone

C.

The ge-0/0/5 and ge-0/0/1 interfaces can reside in different security zones

D.

The session utilizes two routing instances

Question 3

You have configured three logical tunnel interfaces in a tenant system on an SRX1500 device. When committing the configuration, the commit fails.

In this scenario, what would cause this problem?

Options:

A.

There is no GRE tunnel between the tenant system and master system allowing SSH traffic

B.

There is no VPLS switch on the tenant system containing a peer It-0/0/0 interface

C.

The SRX1500 device does not support more than two logical interfaces per tenant system

D.

The SRX1500 device requires a tunnel PIC to allow for logical tunnel interfaces

Question 4

You have downloaded and initiated the installation of the application package for the JATP Appliance on an SRX1500. You must confirm that the installation of the application package has completed successfully.

In this scenario, which command would you use to accomplish this task?

Options:

A.

show services application-identification version

B.

show services application-identification application detail

C.

show services application-identification application version

D.

show services application-identification status

Question 5

According to the log shown in the exhibit, you notice the IPsec session is not establishing.

What is the reason for this behavior?

Options:

A.

Mismatched proxy ID

B.

Mismatched peer ID

C.

Mismatched preshared key

D.

Incorrect peer address.

Question 6

Click the Exhibit button.

You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches all the rules in your IPS policy.

In this scenario, which action would be taken?

Options:

A.

drop packet

B.

no-action

C.

close-client-and-server

D.

ignore-connection

Question 7

You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers.

What will satisfy this requirement?

Options:

A.

route-based VPN

B.

OpenVPN

C.

remote access VPN

D.

policy-based VPN

Question 8

You are asked to secure your network against TOR network traffic.

Which two Juniper products would accomplish this task? (Choose two.)

Options:

A.

Contrail Edge

B.

Contrail Insights

C.

Juniper Sky ATP

D.

Juniper ATP Appliance

Question 9

Click the Exhibit button.

Your company has purchased a competitor and now must connect the new network to the existing one. The competitor’s gateway device is receiving its ISP address using DHCP. Communication between the two sites must be secured; however, obtaining a static public IP address for the new site gateway is not an option at this time. The company has several requirements for this solution:

  • A site-to-site IPsec VPN must be used to secure traffic between the two sites;
  • The IKE identity on the new site gateway device must use the hostname option; and
  • Internet traffic from each site should exit through its local Internet connection.

The configuration shown in the exhibit has been applied to the new site’s SRX, but the secure tunnel is not working.

In this scenario, what configuration change is needed for the tunnel to come up?

Options:

A.

Remove the quotes around the hostname

B.

Bind interface st0 to the gateway

C.

Change the IKE policy mode to aggressive

D.

Apply a static address to ge-0/0/2

Question 10

Which Junos security feature is used for signature-based attack prevention?

Options:

A.

RADIUS

B.

AppQoS

C.

IPS

D.

PIM

Question 11

Click the Exhibit button.

Given the command output shown in the exhibit, which two statements are true? (Choose two.)

Options:

A.

The host 172.31.15.1 is directly connected to interface ge-0/0/3.0

B.

Traffic matching this session has been received since the session was established

C.

The host 10.10.101.10 is directly connected to interface ge-0/0/4.0

D.

Network Address Translation is applied to this session

Question 12

Which two log format types are supported by the JATP appliance? (Choose two.)

Options:

A.

YAML

B.

XML

C.

CSV

D.

YANG

Question 13

In which two ways are tenant systems different from logical systems? (Choose two.)

Options:

A.

Tenant systems have higher scalability than logical systems

B.

Tenant systems have less scalability than logical systems

C.

Tenant systems have fewer routing features than logical systems

D.

Tenant systems have more routing features than logical systems

Demo: 13 questions
Total 88 questions