New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

JN0-636 Exam Dumps - Security, Professional (JNCIP-SEC)

Go to page:
Question # 9

Exhibit

Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)

A.

CAK is not used for encryption and decryption of the MACsec session.

B.

SAK is successfully generated using this key.

C.

CAK is used for encryption and decryption of the MACsec session.

D.

SAK is not generated using this key.

Full Access
Question # 10

Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?

A.

The number of traffic selectors configured for the VPN.

B.

The number of CoS queues configured for the VPN.

C.

The number of classifiers configured for the VPN.

D.

The number of forwarding classes configured for the VPN.

Full Access
Question # 11

you must find an infected host and where the a􀆩ack came from using the Juniper ATP Cloud. Which two monitor workspaces will return the requested information? (Choose Two)

A.

Hosts

B.

File Scanning

C.

Threat Sources

D.

Encrypted Traffic

Full Access
Question # 12

Click the Exhibit button.

Which type of NAT is shown in the exhibit?

A.

NAT46

B.

NAT64

C.

persistent NAT

D.

DS-Lite

Full Access
Question # 13

Exhibit

You configure a traceoptions file called radius on your returns the output shown in the exhibit

What is the source of the problem?

A.

An incorrect password is being used.

B.

The authentication order is misconfigured.

C.

The RADIUS server IP address is unreachable.

D.

The RADIUS server suffered a hardware failure.

Full Access
Question # 14

Exhibit

You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.

In this scenario, which action will solve this problem?

A.

You must specify that the 172.25.1.1/24 IP address is the primary address on the ge-0/0/1 interface.

B.

You must apply the firewall filter to the lo0 interface when using filter-based forwarding.

C.

You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.

D.

You must create the static default route to neighbor 172.21 0.2 under the ISP-1 routing instance hierarchy.

Full Access
Question # 15

SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url

https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml

and receives the following output:

What is the problem in this scenario?

A.

The device is directly enrolled with Juniper ATP Cloud.

B.

The device is already enrolled with Policy Enforcer.

C.

The SRX Series device does not have a valid license.

D.

Junos Space does not have matching schema based on the

Full Access
Question # 16

Exhibit

The exhibit shows a snippet of a security flow trace.

In this scenario, which two statements are correct? (Choose two.)

A.

This packet arrived on interface ge-0/0/4.0.

B.

Destination NAT occurs.

C.

The capture is a packet from the source address 172.20.101.10 destined to 10.0.1.129.

D.

An existing session is found in the table.

Full Access
Go to page: