Exam Details

  • Exam Code
    :JN0-636
  • Exam Name
    :Service Provider Routing and Switching Professional (JNCIP-SP)
  • Certification
    :JNCIP-SEC
  • Vendor
    :Juniper
  • Total Questions
    :92 Q&As
  • Last Updated
    :Oct 25, 2024

Juniper JNCIP-SEC JN0-636 Questions & Answers

  • Question 61:

    Exhibit

    You configure Source NAT using a pool of addresses that are in the same subnet range as the external ge-0/0/0 interface on your vSRX device. Traffic that is exiting the internal network can reach external destinations, but the return traffic is being dropped by the service provider router.

    Referring to the exhibit, what must be enabled on the vSRX device to solve this problem?

    A. STUN

    B. Proxy ARP

    C. Persistent NAT

    D. DNS Doctoring

  • Question 62:

    You are asked to detect domain generation algorithms

    Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)

    A. Define an advanced-anti-malware policy under [edit services].

    B. Attach the security-metadata-streaming policy to a security

    C. Define a security-metadata-streaming policy under [edit

    D. Attach the advanced-anti-malware policy to a security policy.

  • Question 63:

    Exhibit

    Referring to the exhibit, which type of NAT is being performed?

    A. Static NAT

    B. Destination NAT

    C. Persistent NAT

    D. Source NAT

  • Question 64:

    Exhibit

    You are not able to ping the default gateway of 192.168 100 1 (or your network that is located on your SRX Series firewall. Referring to the exhibit, which two commands would correct the configuration of your SRX Series device? (Choose two.)

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 65:

    You are asked to provide single sign-on (SSO) to Juniper ATP Cloud. Which two steps accomplish this goal? (Choose two.)

    A. Configure Microsoft Azure as the service provider (SP).

    B. Configure Microsoft Azure as the identity provider (IdP).

    C. Configure Juniper ATP Cloud as the service provider (SP).

    D. Configure Juniper ATP Cloud as the identity provider (IdP).

  • Question 66:

    Exhibit

    The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain. What are two appropriate mitigation actions for the selected incident? (Choose two.)

    A. Immediate response required: Block malware IP addresses (download server or CnC server)

    B. Immediate response required: Wipe infected endpoint hosts.

    C. Immediate response required: Deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected.

    D. Not an urgent action: Use IVP to confirm if machine is infected.

  • Question 67:

    You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses. Which two steps will fulfill this requirement? (Choose two.)

    A. Enroll the devices with Juniper ATP Appliance.

    B. Enroll the devices with Juniper ATP Cloud.

    C. Enable a third-party Tor feed.

    D. Create a custom feed containing all current known MAC addresses.

  • Question 68:

    You opened a support ticket with JTAC for your Juniper ATP appliance. JTAC asks you to set up access to the device using the reverse SSH connection. Which three setting must be configured to satisfy this request? (Choose three.)

    A. Enable JTAC remote access

    B. Create a temporary root account.

    C. Enable a JATP support account.

    D. Create a temporary admin account.

    E. Enable remote support.

  • Question 69:

    Click the Exhibit button.

    When attempting to enroll an SRX Series device to JATP, you receive the error shown in the exhibit. What is the cause of the error?

    A. The fxp0 IP address is not routable

    B. The SRX Series device certificate does not match the JATP certificate

    C. The SRX Series device does not have an IP address assigned to the interface that accesses JATP

    D. A firewall is blocking HTTPS on fxp0

  • Question 70:

    Exhibit

    You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit. What is the correct action to solve the problem on the SRX device?

    A. Create a firewall filter to accept the BGP traffic

    B. Configure destination NAT for BGP traffic.

    C. Add BGP to the Allowed host-inbound-traffic for the interface

    D. Modify the security policy to allow the BGP traffic.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-636 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.