JN0-635 Online Practice Questions and Answers

Click the Exhibit button.

You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquarters. You have configured filter-based forwarding to accomplish this objective. You verify proper functionality using the outputs shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

A. The session utilizes one routing instance

B. The ge-0/0/5 and ge-0/0/1 interfaces must reside in a single security zone

C. The ge-0/0/5 and ge-0/0/1 interfaces can reside in different security zones

D. The session utilizes two routing instances

You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of

CoS on the intermediate routers.

What will satisfy this requirement?

A. route-based VPN

B. OpenVPN

C. remote access VPN

D. policy-based VPN

Click the Exhibit button.

Your company has purchased a competitor and now must connect the new network to the existing one. The competitor's gateway device is receiving its ISP address using DHCP. Communication between the two sites must be secured; however, obtaining a static public IP address for the new site gateway is not an option at this time. The company has several requirements for this solution:

A site-to-site IPsec VPN must be used to secure traffic between the two sites; The IKE identity on the new site gateway device must use the hostname option; and Internet traffic from each site should exit through

its local Internet connection.

The configuration shown in the exhibit has been applied to the new site's SRX, but the secure tunnel is not

working.

In this scenario, what configuration change is needed for the tunnel to come up?

A. Remove the quotes around the hostname

B. Bind interface st0 to the gateway

C. Change the IKE policy mode to aggressive

D. Apply a static address to ge-0/0/2

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. Events based on this third-party feed will not affect a host's threat score

B. SRX Series devices will block traffic based on this third-party feed

C. SRX Series devices will not block traffic based on this third-party feed

D. Events based on this third-party feed will affect a host's threat score

Click the Exhibit button.

You have configured an ADVPN that is operational. However, OSPF will not establish correctly across the ADVPN tunnels.

Referring to the exhibit, which two commands will solve the problem? (Choose two.)

A. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 dynamic-neighbors

B. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 topology advpn

C. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 interface-type nbma

D. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 demand-circuit

Malware that is detonated by the JATP sandbox must be able to communicate with the Internet without being able to harm your local network resources.

Which statement is correct in this scenario?

A. The management interface must be connected to the Internet zone

B. The exhaust interface must be connected to the Internet zone

C. The honeypot interface must be connected to the Internet zone

D. The monitoring interface must be connected to the Internet zone

Click the Exhibit button.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

A. Topology 3

B. Topology 5

C. Topology 2

D. Topology 4

E. Topology 1

Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)

A. You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value.

B. You must create a dynamic address entry with the CandC category and the cc_offic365 value.

C. You must apply the dynamic address entry in a security policy.

D. You must apply the dynamic address entry in a security intelligence policy.

Exhibit.

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly. Which two commands will solve this problem? (Choose two.)

A. [edit interfaces] user@srx# delete st0.0 multipoint

B. [edit security ike gateway advpn-gateway] user@srx# delete advpn partner

C. [edit security ike gateway advpn-gateway] user@srx# set version v1-only

D. [edit security ike gateway advpn-gateway] user@srx# set advpn suggester disable

You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in this scenario?

A. The NAT rule with translate the source and destination addresses.

B. The NAT rule will only translate two addresses at a time.

C. The NAT rule in applied to the N/A routing instance.

D. 10 packets have been processed by the NAT rule.