1. Home
  2. Juniper
  3. JN0-636

Service Provider Routing and Switching Professional (JNCIP-SP)

Exam Details

  • Exam Code
    :JN0-636
  • Exam Name
    :Service Provider Routing and Switching Professional (JNCIP-SP)
  • Certification
    :JNCIP-SEC
  • Vendor
    :Juniper
  • Total Questions
    :92 Q&As
  • Last Updated
    :May 12, 2024

Juniper JNCIP-SEC JN0-636 Questions & Answers

  • Question 31:

    Exhibit

    You are validating bidirectional traffic flows through your IPsec tunnel. The 4546 session represents traffic being sourced from the remote end of the IPsec tunnel. The 4547 session represents traffic that is sourced from the local network destined to the remote network.

    Which statement is correct regarding the output shown in the exhibit?

    A. The remote gateway address for the IPsec tunnel is 10.20.20.2

    B. The session information indicates that the IPsec tunnel has not been established

    C. The local gateway address for the IPsec tunnel is 10.20.20.2

    D. NAT is being used to change the source address of outgoing packets

  • Question 32:

    You are asked to allocate security profile resources to the interconnect logical system for it to work properly. In this scenario, which statement is correct?

    A. The NAT resources must be defined in the security profile for the interconnect logical system.

    B. No resources are needed to be allocated to the interconnect logical system.

    C. The resources must be calculated based on the amount of traffic that will flow between the logical systems.

    D. The flow-session resource must be defined in the security profile for the interconnect logical system.

  • Question 33:

    You must implement an IPsec VPN on an SRX Series device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled

    automatically from the certificate authority.

    In this scenario, which statement is correct.

    A. You can use CRL to accomplish this behavior.

    B. You can use SCEP to accomplish this behavior.

    C. You can use OCSP to accomplish this behavior.

    D. You can use SPKI to accomplish this behavior.

  • Question 34:

    Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts.

    What will solve this problem?

    A. Disable PAT.

    B. Enable destination NAT.

    C. Enable persistent NAT

    D. Enable address persistence.

  • Question 35:

    You want to configure a threat prevention policy.

    Which three profiles are configurable in this scenario? (Choose three.)

    A. device profile

    B. SSL proxy profile

    C. infected host profile

    D. CandC profile

    E. malware profile

  • Question 36:

    SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security--intelligence url

    https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml

    and receives the following output:

    What is the problem in this scenario?

    A. The device is directly enrolled with Juniper ATP Cloud.

    B. The device is already enrolled with Policy Enforcer.

    C. The SRX Series device does not have a valid license.

    D. Junos Space does not have matching schema based on the

  • Question 37:

    You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic. Which two statement are true in this scenario? (Choose two.)

    A. The filter should be applied as an output filter on the loopback interface.

    B. Applying the filter will achieve the desired result.

    C. Applying the filter will not achieve the desired result.

    D. The filter should be applied as an input filter on the loopback interface.

  • Question 38:

    Exhibit.

    Referring to the exhibit, which two statements are true? (Choose two.)

    A. The configured solution allows IPv6 to IPv4 translation.

    B. The configured solution allows IPv4 to IPv6 translation.

    C. The IPv6 address is invalid.

    D. External hosts cannot initiate contact.

  • Question 39:

    In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)

    A. Send a custom message

    B. Close the connection.

    C. Drop the connection silently.

    D. Quarantine the host.

  • Question 40:

    Exhibit You are using trace options to verity NAT session information on your SRX Series device Referring to the exhibit, which two statements are correct? (Choose two.)

    A. This packet is part of an existing session.

    B. The SRX device is changing the source address on this packet from

    C. This is the first packet in the session

    D. The SRX device is changing the destination address on this packet 10.0.1 1 to 172 20.101.10.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-636 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.