New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Juniper
  3. JNCIP-SEC
  4. JN0-637 - Security, Professional (JNCIP-SEC)

JN0-637 Exam Dumps - Security, Professional (JNCIP-SEC)

Go to page:
Question # 17

You want to create a connection for communication between tenant systems without using physical revenue ports on the SRX Series device.

What are two ways to accomplish this task? (Choose two.)

A.

Use an external router.

B.

Use an interconnect VPLS switch.

C.

Use a secure wire.

D.

Use a point-to-point logical tunnel.

Full Access
Question # 18

You are using ADVPN to deploy a hub-and-spoke VPN to connect your enterprise sites.

Which two statements are true in this scenario? (Choose two.)

A.

ADVPN creates a full-mesh topology.

B.

IBGP routing is required.

C.

OSPF routing is required.

D.

Certificate-based authentication is required.

Full Access
Question # 19

You need to set up source NAT so that external hosts can initiate connections to an internal device, but only if a connection to the device was first initiated by the internal device.

Which type of NAT solution provides this functionality?

A.

Address persistence

B.

Persistent NAT with any remote host

C.

Persistent NAT with target host

D.

Static NAT

Full Access
Question # 20

What are three requirements to run OSPF over GRE over IPsec? (Choose Three)

A.

The GRE interface must be configured in OSPF Area 0.

B.

The OSPF interface must be placed in a zone and must have GRE configured

C.

Overlapping addresses should exist between remote networks.

D.

The GRE interface must be placed in a zone and must have OSPF configured in is host

E.

Overlapping addresses should not exist between remote networks.

Full Access
Question # 21

Exhibit:

The Ipsec VPN does not establish when the peer initiates, but it does establish when the SRX

series device initiates. Referring to the exhibit, what will solve this problem?

A.

IKE needs to be added for the host-inbound traffic on the VPN zone.

B.

The screen configuration on the untrust zone needs to be modified.

C.

IKE needs to be added to the host-inbound traffic directly on the ge-0/0/0 interface.

D.

Application tracking on the untrust zone needs to be removed.

Full Access
Question # 22

Exhibit:

You are configuring NAT64 on your SRX Series device. You have committed the configuration shown in the exhibit. Unfortunately, the communication with the 10.10.201.10 server is not working. You have verified that the interfaces, security zones, and security policies are all correctly configured.

In this scenario, which action will solve this issue?

A.

Configure source NAT to translate return traffic from IPv4 address to the IPv6 address of your source device.

B.

Configure proxy-ARP on the external IPv4 interface for the 10.10.201.10/32 address.

C.

Configure proxy-NDP on the IPv6 interface for the 2001:db8::1/128 address.

D.

Configure destination NAT to translate return traffic from the IPv4 address to the IPv6 address of your source device.

Full Access
Question # 23

Which encapsulation type must be configured on the lt-0/0/0 logical units for an interconnect

logical systems VPLS switch?

A.

encapsulation ethernet-bridge

B.

encapsulation ethernet

C.

encapsulation ethernet-vpls

D.

encapsulation vlan-vpls

Full Access
Question # 24

Which two statements are true regarding NAT64? (Choose two.)

A.

An SRX Series device should be in flow-based forwarding mode for IPv4.

B.

An SRX Series device should be in packet-based forwarding mode for IPv4.

C.

An SRX Series device should be in packet-based forwarding mode for IPv6.

D.

An SRX Series device should be in flow-based forwarding mode for IPv6.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps