1. Home
  2. Juniper
  3. JNCIP-SEC
  4. JN0-637
  5. Security, Professional (JNCIP-SEC) Questions and Answers

Pass the Juniper JNCIP-SEC JN0-637 Questions and answers with CertsForce

 Juniper Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions
Questions # 1:

What are three attributes that APBR queries from the application system cache module. (Choose Three)

Options:
A.

TTL

B.

destination port

C.

service

D.

DSCP

E.

protocol type

Expert Solution
Questions # 2:

Which two statements are correct about automated threat mitigation with Security Director? (Choose two.)

Options:
A.

It works with third-party switches.

B.

It provides endpoint protection by running a Juniper ATP Cloud agent on the servers.

C.

It provides endpoint protection by running a Juniper ATP Cloud agent on EX Series devices.

D.

It works with SRX Series devices.

Expert Solution
Questions # 3:

You want to deploy two vSRX instances in different public cloud providers to provide redundant security services for your network. Layer 2 connectivity between the two vSRX instances is not possible.

What would you configure on the vSRX instances to accomplish this task?

Options:
A.

Chassis cluster

B.

Secure wire

C.

Multinode HA

D.

Virtual chassis

Expert Solution
Questions # 4:

Exhibit:

Question # 4

The Ipsec VPN does not establish when the peer initiates, but it does establish when the SRX

series device initiates. Referring to the exhibit, what will solve this problem?

Options:
A.

IKE needs to be added for the host-inbound traffic on the VPN zone.

B.

The screen configuration on the untrust zone needs to be modified.

C.

IKE needs to be added to the host-inbound traffic directly on the ge-0/0/0 interface.

D.

Application tracking on the untrust zone needs to be removed.

Expert Solution
Questions # 5:

You are using AutoVPN to deploy a hub-and-spoke VPN to connect your enterprise sites.

In this scenario, which two statements are true? (Choose two.)

Options:
A.

New spoke sites can be added without explicit configuration on the hub.

B.

Direct spoke-to-spoke tunnels can be established automatically.

C.

All spoke-to-spoke IPsec communication will pass through the hub.

D.

AutoVPN requires OSPF over IPsec to discover and add new spokes.

Expert Solution
Questions # 6:

You are asked to establish IBGP between two nodes, but the session is not established. To troubleshoot this problem, you configured trace options to monitor BGP protocol message exchanges.

Question # 6

Question # 6

Referring to the exhibit, which action would solve the problem?

Options:
A.

Add the junos-host zone policy to permit the BGP packets.

B.

Add a firewall filter to lo0 that permits the BGP packets.

C.

Modify the security policy to permit the BGP packets.

D.

Add BGP to the lo0 host-inbound-traffic configuration.

Expert Solution
Questions # 7:

You are using trace options to troubleshoot a security policy on your SRX Series device.

Question # 7

Referring to the exhibit, which two statements are true? (Choose two.)

Options:
A.

The SSH traffic matches an existing session.

B.

No entries are created in the SRX session table.

C.

The traffic is not destined for the root logical system.

D.

The security policy controls traffic destined to the SRX device.

Expert Solution
Questions # 8:

Your IPsec tunnel is configured with multiple security associations (SAs). Your SRX Series device supports the CoS-based IPsec VPNs with multiple IPsec SAs feature. You are asked to configure CoS for this tunnel.

Which two statements are true in this scenario? (Choose two.)

Options:
A.

The local and remote gateways do not need the forwarding classes to be defined in the same order.

B.

A maximum of four forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.

C.

The local and remote gateways must have the forwarding classes defined in the same order.

D.

A maximum of eight forwarding classes can be configured for a VPN with the multi-sa forwarding-classes statement.

Expert Solution
Questions # 9:

Exhibit:

Question # 9

Question # 9

In which mode is the SRX Series device?

Options:
A.

Packet

B.

Ethernet switching

C.

Mixed

D.

Transparent

Expert Solution
Questions # 10:

Referring to the exhibit,

Question # 10

which two statements are correct about the NAT configuration? (Choose two.)

Options:
A.

Both the internal and the external host can initiate a session after the initial translation.

B.

Only a specific host can initiate a session to the reflexive address after the initial session.

C.

Any external host will be able to initiate a session to the reflexive address.

D.

The original destination port is used for the source port for the session.

Expert Solution
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions