Juniper JNCIP JN0-634 Questions & Answers

• Question 1:

  Click the Exhibit button.

  

  You have configured integrated user firewall on the SRX Series devices in your network. However, you noticed that no users can access the servers that are behind the SRX Series devices.

  Referring to the exhibit, what is the problem?

  A. The Kerberos service is not configured correctly on the Active Directory server.

  B. There are no authentication entries in the SRX Series device for the users.

  C. The security policy on the SRX Series device is configured incorrectly.

  D. The SAML service is not configured correctly on the Active Directory server.

  Correct Answer: C

• Question 2:

  Click the Exhibit button.

  

  Referring to the exhibit, which two statements are true? (Choose two.)

  A. The application firewall rule is not inspecting encrypted traffic.

  B. There are two rules configured in the rule set.

  C. The rule set uses application definitions from the predefined library.

  D. The configured rule set matches most analyzed applications.

  Correct Answer: AC

• Question 3:

  Your network includes SRX Series devices at all headquarter, data center, and branch locations. The headquarter and data center locations use high-end SRX Series devices, and the branch locations use branch SRX Series devices. You are asked to deploy IPS on the SRX Series devices using one of the available IPS deployment modes.

  In this scenario, which two statements are true? (Choose two.)

  A. Inline tap mode provides enforcement.

  B. Inline tap mode can be used at all locations.

  C. Integrated mode can be used at all locations.

  D. Integrated mode provides enforcement.

  Correct Answer: CD

• Question 4:

  Click the Exhibit button.

  

  You have enabled mixed mode on an SRX Series device. You are unable to commit the configuration shown in the exhibit.

  What is the problem in this scenario?

  A. A Layer 3 interface has not been configured on VLAN v10.

  B. The trust zone cannot contain both Layer 2 and Layer 3 interfaces.

  C. STP is not enabled under the host-inbound-traffic system services hierarchy on the trust and protected security zones.

  D. An IRB interface has not been configured.

  Correct Answer: B

• Question 5:

  You are using the integrated user firewall feature on an SRX Series device.

  Which three parameters are stored in the Active Directory authentication table? (Choose three.)

  A. IP address

  B. MAC address

  C. group mapping

  D. username

  E. password

  Correct Answer: ACD

• Question 6:

  You have set up Sky ATP with the SRX Series devices in your network. However, your SRX Series devices are unable to communicate with the Sky ATP cloud because the communication is being blocked by a gateway network device.

  Which two actions should you take to solve the problem? (Choose two.)

  A. Open destination port 443 inbound from the Internet on the gateway network device.

  B. Open destination port 8080 outbound from the Internet on the gateway network device.

  C. Open destination port 443 outbound from the Internet on the gateway network device.

  D. Open destination port 8080 inbound from the Internet on the gateway network device.

  Correct Answer: CD

• Question 7:

  Click the Exhibit button.

  

  Referring to the exhibit, the host has been automatically blocked from communicating on the network because a malicious file was downloaded. You cleaned the infected host and changed the investigation status to Resolved ?Fixed.

  What does Sky ATP do if the host then attempts to download a malicious file that would result in a threat score of 10?

  A. Sky ATP does not log the connection attempt and an SRX Series device does not allow the host to communicate on the network.

  B. Sky ATP logs the connection attempt and an SRX Series device does not allow the host to communicate on the network.

  C. Sky ATP logs the connection attempt and an SRX Series device allows the host to communicate on the network.

  D. Sky ATP does not log the connection attempt and an SRX Series device allows the host to communicate on the network.

  Correct Answer: C

• Question 8:

  You are implementing user authentication on your network using an SRX Series device and want to ensure that there are redundant forms of authentication for users to access the network. You have configured the device with the integrated user firewall and user role firewall features. You are testing failover methods using the default priority values.

  In this scenario, which two statements are true? (Choose two.)

  A. If the user fails local authentication, then the Junos OS will attempt to authenticate the user with a user role firewall.

  B. If the user fails user role firewall authentication, then the Junos OS will attempt to authenticate the user with an integrated user firewall.

  C. If the user fails integrated user firewall authentication, then the Junos OS will attempt to authenticate with a user role firewall.

  D. If the user fails local authentication, then the Junos OS will attempt to authenticate the user with an integrated user firewall.

  Correct Answer: CD

• Question 9:

  Your network includes SRX Series devices at the headquarters location. The SRX Series devices at this location are part of a high availability chassis cluster and are expected to support several UTM features.

  Which two statements related to this environment are true? (Choose two.)

  A. UTM features can be configured on either of the nodes within the cluster.

  B. The chassis cluster must be configured for active/active mode.

  C. UTM features must be configured on the primary node within the cluster.

  D. The chassis cluster must be configured for active/backup mode.

  Correct Answer: AD

• Question 10:

  Your manager has identified that employees are spending too much time posting on a social media site. You are asked to block user from posting on this site, but they should still be able to access any other site on the Internet.

  In this scenario, which AppSecure feature will accomplish this task?

  A. AppQoS

  B. AppTrack

  C. APpFW

  D. APBR

  Correct Answer: C