Verified JN0-635 dumps Q&As - Pass Guarantee Exam Dumps Test Engine [2021]
JN0-635 dumps and 90 unique questions
Overview of JN0-635 Exam Content
There are various subject areas that you need to be skilled at before you can take the final JN0-635 exam:
- Tenant and Logical Systems;
- Concepts and features of Juniper ATP;
- Security Compliance;
- Application and Functions of Advanced IPsec.
- Concepts of Layer 2 Security;
- NAT;
- Threat Mitigation Techniques;
- How Security Policy and Security Zone Troubleshooting works;
- Concepts of Firewall Filters and ACLs;
- Edge Security Features;
NEW QUESTION 52
You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers.
What will satisfy this requirement?
- A. remote access VPN
- B. policy-based VPN
- C. route-based VPN
- D. OpenVPN
Answer: C
NEW QUESTION 53
Click the Exhibit button.
You are asked to look at a configuration that is designed to take all traffic with a specific source IP address and forward the traffic to a traffic analysis server for further evaluation. The configuration is not working as intended.
Referring to the exhibit, which change must be made to correct the configuration?
- A. Apply the filter as an output filter on interface xe-0/1/0.0
- B. Apply the filter as an input filter on interface xe-0/2/1.0
- C. Create a routing instance named default
- D. Apply the filter as an input filter on interface xe-0/0/1.0
Answer: D
NEW QUESTION 54
Which Junos security feature is used for signature-based attack prevention?
- A. AppQoS
- B. IPS
- C. RADIUS
- D. PIM
Answer: B
NEW QUESTION 55
Click the Exhibit button.
Given the command output shown in the exhibit, which two statements are true? (Choose two.)
- A. The host 172.31.15.1 is directly connected to interface ge-0/0/3.0
- B. The host 10.10.101.10 is directly connected to interface ge-0/0/4.0
- C. Network Address Translation is applied to this session
- D. Traffic matching this session has been received since the session was established
Answer: B,D
NEW QUESTION 56
Click the Exhibit button.
You are asked to look at a configuration that is designed to take all traffic with a specific source IP address and forward the traffic to a traffic analysis server for further evaluation. The configuration is not working as intended.
Referring to the exhibit, which change must be made to correct the configuration?
- A. Apply the filter as an output filter on interface xe-0/1/0.0
- B. Apply the filter as an input filter on interface xe-0/2/1.0
- C. Create a routing instance named default
- D. Apply the filter as an input filter on interface xe-0/0/1.0
Answer: D
NEW QUESTION 57
Click the Exhibit button.
You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches all the rules in your IPS policy.
In this scenario, which action would be taken?
- A. drop packet
- B. no-action
- C. ignore-connection
- D. close-client-and-server
Answer: B
NEW QUESTION 58
You have a remote access VPN where the remote users are using the NCP client. The remote users can access the internal corporate resources as intended; however, traffic that is destined to all other Internet sites is going through the remote access VPN. You want to ensure that only traffic that is destined to the internal corporate resources use the remote access VPN.
Which two actions should you take to accomplish this task? (Choose two.)
- A. Enable the split tunneling feature within the VPN configuration on the SRX Series device
- B. Enable IKEv2 within the VPN configuration on the SRX Series device
- C. Configure split tunneling on the NCP profile on the remote client
- D. Configure the necessary traffic selectors within the VPN configuration on the SRX Series device
Answer: C,D
Explanation:
Reference:
vpns-with-ncp-exclusive-remote-access-client.html
NEW QUESTION 59
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
- A. You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.
- B. You must apply the dynamic address entry in a security policy.
- C. You must apply the dynamic address entry in a security intelligence policy.
- D. You must create a dynamic address entry with the C&C category and the cc_offic365 value.
Answer: A,B
NEW QUESTION 60
You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in this scenario?
- A. The NAT rule in applied to the N/A routing instance.
- B. The NAT rule with translate the source and destination addresses.
- C. The NAT rule will only translate two addresses at a time.
- D. 10 packets have been processed by the NAT rule.
Answer: B
NEW QUESTION 61
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
- A. Detection
- B. Statistics
- C. Analysis
- D. Filtration
Answer: A,C
Explanation:
Reference:
https://www.juniper.net/us/en/products-services/security/advanced-threat-prevention/
NEW QUESTION 62
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?
- A. A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
- B. An IPsec group VPN with the corporate firewall acting as the hub device.
- C. Full mesh IPsec VPNs with tunnels between all sites.
- D. A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
Answer: B
Explanation:
Reference:
https://www.juniper.net/us/en/local/pdf/app-notes/3500202-en.pdf
NEW QUESTION 63
You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic.
Which two statement are true in this scenario? (Choose two.)
- A. The filter should be applied as an input filter on the loopback interface.
- B. Applying the filter will not achieve the desired result.
- C. Applying the filter will achieve the desired result.
- D. The filter should be applied as an output filter on the loopback interface.
Answer: A,B
Explanation:
Reference:
https://www.juniper.net/documentation//en_US/junos/topics/concept/firewall-filter-ex-series-evaluation-understanding.html
NEW QUESTION 64
Click the Exhibit button.
Referring to the exhibit, which IPS deployment mode is running on the SRX5800 device?
- A. monitor mode
- B. in-line tap mode
- C. integrated mode
- D. sniffer mode
Answer: C
NEW QUESTION 65
Click the Exhibit button.
Referring to the exhibit, which IPS deployment mode is running on the SRX5800 device?
- A. monitor mode
- B. in-line tap mode
- C. integrated mode
- D. sniffer mode
Answer: C
NEW QUESTION 66
You are asked to configure an SRX Series device to bypass all security features for IP traffic from the engineering department.
Which firewall filter will accomplish this task?
A)
B)
C)
D)
- A. Option A
- B. Option C
- C. Option B
- D. Option D
Answer: D
NEW QUESTION 67
When would you use the port-overloading-factor 1setting?
- A. to set the maximum port-overloading capacity to 65,536
- B. to disable the port-overloading
- C. to enable the port-overloading
- D. to map ports with 1:1 ratio for port-overloading
Answer: B
Explanation:
Explanation/Reference: https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/ security-edit-port-overloading-interface-source-nat.html
NEW QUESTION 68
Which two modes are supported on Juniper Sky ATP? (Choose two.)
- A. global mode
- B. private mode
- C. secure wire mode
- D. tap mode
Answer: C,D
NEW QUESTION 69
Which two statements are true about ADVPN members? (Choose two.)
- A. ADVPN members are authenticated using certificates
- B. ADVPN members can use IKEv2
- C. ADVPN members are authenticated using pre-shared keys
- D. ADVPN members can use IKEv1
Answer: A,B
NEW QUESTION 70
When would you use the port-overloading-factor 1 setting?
- A. to disable the port-overloading
- B. to set the maximum port-overloading capacity to 65,536
- C. to map ports with 1:1 ratio for port-overloading
- D. to enable the port-overloading
Answer: C
NEW QUESTION 71
Click the Exhibit button.
When attempting to enroll an SRX Series device to JATP, you receive the error shown in the exhibit. What is the cause of the error?
- A. The fxp0 IP address is not routable
- B. The SRX Series device does not have an IP address assigned to the interface that accesses JATP
- C. A firewall is blocking HTTPS on fxp0
- D. The SRX Series device certificate does not match the JATP certificate
Answer: B
NEW QUESTION 72
......
JN0-635 Dumps for Pass Guaranteed - Pass JN0-635 Exam: https://www.passleader.top/Juniper/JN0-635-exam-braindumps.html