JN0-636 Online Practice Questions and Answers

Exhibit You have recently configured Adaptive Threat Profiling and notice 20 IP address entries in the monitoring section of the Juniper ATP Cloud portal that do not match the number of entries locally on the SRX Series device, as shown in the exhibit.

What is the correct action to solve this problem on the SRX device?

A. You must configure the DAE in a security policy on the SRX device.

B. Refresh the feed in ATP Cloud.

C. Force a manual download of the Proxy__Nodes feed.

D. Flush the DNS cache on the SRX device.

Click the Exhibit button.

When attempting to enroll an SRX Series device to JATP, you receive the error shown in the exhibit. What is the cause of the error?

A. The fxp0 IP address is not routable

B. The SRX Series device certificate does not match the JATP certificate

C. The SRX Series device does not have an IP address assigned to the interface that accesses JATP

D. A firewall is blocking HTTPS on fxp0

What are two valid modes for the Juniper ATP Appliance? (Choose two.)

A. flow collector

B. event collector

C. all-in-one

D. core

You are asked to provide single sign-on (SSO) to Juniper ATP Cloud. Which two steps accomplish this goal? (Choose two.)

A. Configure Microsoft Azure as the service provider (SP).

B. Configure Microsoft Azure as the identity provider (IdP).

C. Configure Juniper ATP Cloud as the service provider (SP).

D. Configure Juniper ATP Cloud as the identity provider (IdP).

You want to enforce I DP policies on HTTP traffic.

In this scenario, which two actions must be performed on your SRX Series device? (Choose two )

A. Choose an attacks type in the predefined-attacks-group HTTP-All.

B. Disable screen options on the Untrust zone.

C. Specify an action of None.

D. Match on application junos-http.

Which two modes are supported on Juniper ATP Cloud? (Choose two.)

A. global mode

B. transparent mode

C. private mode

D. Layer 3 mode

Exhibit An administrator wants to configure an SRX Series device to log binary security events for tenant systems. Referring to the exhibit, which statement would complete the configuration?

A. Configure the tenant as TSYS1 for the pi security profile.

B. Configure the tenant as root for the pi security profile.

C. Configure the tenant as master for the pi security profile.

D. Configure the tenant as local for the pi security profile

Exhibit

The exhibit shows a snippet of a security flow trace.

In this scenario, which two statements are correct? (Choose two.)

A. This packet arrived on interface ge-0/0/4.0.

B. Destination NAT occurs.

C. The capture is a packet from the source address 172.20.101.10 destined to 10.0.1.129.

D. An existing session is found in the table.

You are asked to determine if the 203.0.113.5 IP address has been added to the third-party security feed, DS hield, from Juniper Seclnte1. You have an SRX Series device that is using Seclnte1 feeds from Juniper ATP Cloud. Which command will return this information?

A. show security dynamic--address category--name CC | match 203.0.113.5

B. show security dynamic--address category--name Infected--Hosts | match 203.0.113.5

C. show security dynamic-address category-name IP Filter I match 203.0.113.5

D. show Security dynamic-address category-name JWAS | match 203.0.113.5

Exhibit

Which two statements are correct about the output shown in the exhibit. (Choose two.)

A. The source address is translated.

B. The packet is an SSH packet

C. The packet matches a user-configured policy

D. The destination address is translated.

You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance. What would be a cause of this problem?

A. The collector must have a minimum of two interfaces.

B. The collector must have a minimum of three interfaces.

C. The collector must have a minimum of five interfaces.

D. The collector must have a minimum of four interfaces.

Which two statements are correct regarding tenant systems on SRX Series devices? (Choose two.)

A. A maximum of 32 tenant systems can be configured on a physical SRX device.

B. All tenant systems share a single routing protocol process.

C. Each tenant system runs its own instance of the routing protocol process

D. A maximum of 500 tenant systems can be configured on a physical SRX device.

Which method does an SRX Series device in transparent mode use to learn about unknown devices in a network?

A. LLDP-MED

B. IGMP snooping

C. RSTP

D. packet flooding

You are requested to enroll an SRX Series device with Juniper ATP Cloud.

Which statement is correct in this scenario?

A. If a device is already enrolled in a realm and you enroll it in a new realm, the device data or configuration information is propagated to the new realm.

B. The only way to enroll an SRX Series device is to interact with the Juniper ATP Cloud Web portal.

C. When the license expires, the SRX Series device is disenrolled from Juniper ATP Cloud without a grace period

D. Juniper ATP Cloud uses a Junos OS op script to help you configure your SRX Series device to connect to the Juniper ATP Cloud service.

Click the Exhibit button.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

A. Topology 3

B. Topology 5

C. Topology 2

D. Topology 4

E. Topology 1