JN0-635 Online Practice Questions and Answers

Which interface family is required for Layer 2 transparent mode on SRX Series devices?

A. LLDP

B. Ethernet switching

C. inet

D. VPLS

You are asked to merge to corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX Series device servers as the gateway for each network.

Which solution allows you to merge the two networks without modifying the current address assignments?

A. persistent NAT

B. NAT46

C. source NAT

D. double NAT

You are asked to secure your network against TOR network traffic.

Which two Juniper products would accomplish this task? (Choose two.)

A. Contrail Edge

B. Contrail Insights

C. Juniper Sky ATP

D. Juniper ATP Appliance

You are asked to implement the session cache feature on an SRX5400.

In this scenario, what information does a session cache entry record? (Choose two.)

A. The type of processing to do for ingress traffic

B. The type of processing to do for egress traffic

C. To which SPU the traffic of the session should be forwarded

D. To which NPU the traffic of the session should be forwarded

Click the Exhibit button.

Referring to the exhibit, which IPS deployment mode is running on the SRX5800 device?

A. sniffer mode

B. integrated mode

C. monitor mode

D. in-line tap mode

In a Juniper ATP Appliance, what would be a reason for the mitigation rule to be in the failed-remove state?

A. The Juniper ATP Appliance received a commit error message from the SRX Series device

B. The Juniper ATP Appliance received an unknown error message from the SRX Series device

C. The Juniper ATP Appliance was not able to communicate with the SRX Series device

D. The Juniper ATP Appliance was not able to obtain the config lock

You configured a security policy permitting traffic from the trust zone to the DMZ zone, inserted the new policy at the top of the list, and successfully committed it to the SRX Series device. Upon monitoring, you notice that the hit count does not increase on the newly configured policy.

In this scenario, which two commands would help you to identify the problem? (Choose two.)

A. user@srx> show security zones trust detail

B. user@srx> show security shadow-policies from zone trust to zone DMZ

C. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port 443

D. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port 443 result-count 10

Exhibit.

A hub member of an ADVPN is not functioning correctly. Referring the exhibit, which action should you take to solve the problem?

A. [edit interfaces] root@vSRX-1# delete st0.0 multipoint

B. [edit interfaces] user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

C. [edit security] user@hub-1# set ike gateway advpn-gateway advpn suggester disable

D. [edit security] user@hub-1# delete ike gateway advpn-gateway advpn partner

The monitor traffic interface command is being used to capture the packets destined to and the from the

SRX Series device.

In this scenario, which two statements related to the feature are true? (Choose two.)

A. This feature does not capture transit traffic.

B. This feature captures ICMP traffic to and from the SRX Series device.

C. This feature is supported on high-end SRX Series devices only.

D. This feature is supported on both branch and high-end SRX Series devices.

Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

A. Juniper Networks will not investigate false positives generated by this custom feed.

B. The custom infected hosts feed will not overwrite the Sky ATP infected host's feed.

C. The custom infected hosts feed will overwrite the Sky ATP infected host's feed.

D. Juniper Networks will investigate false positives generated by this custom feed.