JN0-635 Online Practice Questions and Answers

Click the Exhibit button.

You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior,

you notice that you have a session that matches all the rules in your IPS policy.

In this scenario, which action would be taken?

A. drop packet

B. no-action

C. close-client-and-server

D. ignore-connection

Click the Exhibit button.

Referring to the exhibit, which statement is true?

A. ARP security is securing data across the control interface

B. IPsec is securing data across the control interface

C. SSH is securing data across the control interface

D. MACsec is securing data across the control interface

Click the Exhibit button.

You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquarters. You have configured filter-based forwarding to accomplish this objective. You verify proper functionality using the outputs shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

A. The session utilizes one routing instance

B. The ge-0/0/5 and ge-0/0/1 interfaces must reside in a single security zone

C. The ge-0/0/5 and ge-0/0/1 interfaces can reside in different security zones

D. The session utilizes two routing instances

Click the Exhibit button.

The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server. Which action will solve the problem?

A. Create a security policy that matches the traffic parameters

B. Edit the source NAT to correct the translated address

C. Create a route entry to direct traffic into the configured tunnel

D. Create a route to the desired server

Click the Exhibit button.

A user is trying to reach a company's website, but the connection errors out. The security policies are configured correctly.

Referring to the exhibit, what is the problem?

A. Persistent NAT must be enabled

B. The action for rule 1 must change to static-nat inet

C. DNS ALG must be disabled

D. Static NAT is missing a rule for DNS server

Click the Exhibit button.

You have configured tenant systems on your SRX Series device.

Referring to the exhibit, which two actions should you take to facilitate inter-TSYS communication? (Choose two.)

A. Place the logical tunnel interfaces in a virtual router routing instance in the interconnect switch

B. Place the logical tunnel interfaces in a VPLS routing instance in the interconnect switch

C. Connect each TSYS with the interconnect switch by configuring INET configured logical tunnel interfaces in the interconnect switch

D. Connect each TSYS with the interconnect switch by configuring Ethernet VPLS configured logical tunnel interfaces in the interconnect switch

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. You can secure intra-VLAN traffic with a security policy on this device

B. You can secure inter-VLAN traffic with a security policy on this device

C. The device can pass Layer 2 and Layer 3 traffic at the same time

D. The device cannot pass Layer 2 and Layer 3 traffic at the same time

Click the Exhibit button.

Which statement is correct regarding the information show in the exhibit?

A. The tunnel binding was discovered automatically

B. The output is for an ADVPN

C. The tunnel gateway address was automatically discovered

D. The tunnel is not encrypting the traffic

Click the Exhibit button.

You have two hosts on the same subnet connecting to an SRX340 on interfaces ge-0/0/4 and ge-0/0/5. However, the two hosts cannot communicate with each other.

Referring to the exhibit, what are two actions that would solve this problem? (Choose two.)

A. Set the SRX340 to Ethernet switching mode and reboot

B. Add an IRB interface to the VLAN

C. Put the ge-0/0/4 and ge-0/0/5 interfaces in different VLANs

D. Remove the ge-0/0/4 and ge-0/0/5 interfaces from the L2 security zone

A user is unable to reach a necessary resource. You discover the path through the SRX Series device

includes several security features. The traffic is not being evaluated by any security policies.

In this scenario, which two components within the flow module would affect the traffic? (Choose two.)

A. services/ALG

B. destination NAT

C. source NAT

D. route lookup

Exhibit.

A hub member of an ADVPN is not functioning correctly. Referring the exhibit, which action should you take to solve the problem?

A. [edit interfaces] root@vSRX-1# delete st0.0 multipoint

B. [edit interfaces] user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

C. [edit security] user@hub-1# set ike gateway advpn-gateway advpn suggester disable

D. [edit security] user@hub-1# delete ike gateway advpn-gateway advpn partner

According to the log shown in the exhibit, you notice the IPsec session is not establishing. What is the reason for this behavior?

A. Mismatched proxy ID

B. Mismatched peer ID

C. Mismatched preshared key

D. Incorrect peer address.

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance. What would be a cause of this problem?

A. The collector must have a minimum of two interfaces.

B. The collector must have a minimum of three interfaces.

C. The collector must have a minimum of five interfaces.

D. The collector must have a minimum of four interfaces.

Which three type of peer devices are supported for Cos-Based IPsec VPN?

A. High-end SRX Series device

B. cSRX

C. vSRX

D. Branch-end SRX Series devics

You are asked to look at a configuration that is designed to take all traffic with a specific source ip address and forward the traffic to a traffic analysis server for further evaluation. The configuration is no longer working as intended.

Referring to the exhibit which change must be made to correct the configuration?

A. Apply the filter as in input filter on interface xe-0/2/1.0

B. Apply the filter as in input filter on interface xe-0/0/1.0

C. Create a routing instance named default

D. Apply the filter as in output filter on interface xe-0/1/0.0