[2023年更新]JN0-636はJNCIP-SECリアルな無料試験練習テスト
無料JNCIP-SEC JN0-636試験問題を提供します
質問 # 44
Exhibit
Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.
Which two commands will solve this problem? (Choose two.)
A)
B)
C)
D)
- A. Option A
- B. Option C
- C. Option D
- D. Option B
正解:B
質問 # 45
Click the Exhibit button.
The IKE policy and proposal are configured properly on both devices as shown in the exhibit.
Which configuration snippet will complete the IKE configuration on the branch SRX Series device?
- A.

- B.

- C.

- D.

正解:D
質問 # 46
As an SRX administrator, you must find all encrypted sessions on an SRX Series device.
Which command would you use to accomplish this task?
- A. show security flow session tunnel
- B. show security ike security-associations
- C. show security flow session encrypted
- D. show security ike tunnel-map
正解:C
質問 # 47
You are asked to detect domain generation algorithms
Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)
- A. Define an advanced-anti-malware policy under [edit services].
- B. Define a security-metadata-streaming policy under [edit
- C. Attach the security-metadata-streaming policy to a security
- D. Attach the advanced-anti-malware policy to a security policy.
正解:A、D
質問 # 48
Your company wants to use the Juniper Seclntel feeds to block access to known command and control servers, but they do not want to use Security Director to manage the feeds.
Which two Juniper devices work in this situation? (Choose two)
- A. EX Series devices
- B. SRX Series devices
- C. QFX Series devices
- D. MX Series devices
正解:C
質問 # 49
Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)
- A. Topology 3
- B. Topology 2
- C. Topology 5
- D. Topology 1
- E. Topology 4
正解:A、D、E
解説:
https://www.juniper.net/documentation/en_US/junos-space17.2/policy-enforcer/topics/concept/ policy-enforcer-deployment-supported-topologies.html
質問 # 50
Your company uses non-Juniper firewalls and you are asked to provide a Juniper solution for zero-day malware protection. Which solution would work in this scenario?
- A. Juniper Secure Analytics
- B. Juniper Security Director
- C. Juniper ATP Cloud
- D. Juniper ATP Appliance
正解:D
質問 # 51
Referring to the exhibit, which type of NAT is being performed?
- A. Source NAT
- B. Static NAT
- C. Destination NAT
- D. Persistent NAT
正解:A
質問 # 52
Which two features would be used for DNS doctoring on an SRX Series firewall? (Choose two.)
- A. static NAT
- B. source NAT
- C. The DNS ALG must be enabled.
- D. The DNS ALG must be disabled.
正解:B、D
質問 # 53
You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800.
Which two methods of forwarding, between virtual routers, would you recommend? (Choose two.)
- A. Create static routes in each virtual router using thenext-tablecommand.
- B. Connect a direct cable between boo physical interfaces, one in each virtual router and use static routes with thenext-hopcommand.
- C. Use a static route to forward traffic across virtual routers using the next-table option.
Enable the return route by using a RIB group. - D. Use a RIB group to share the internal routing protocol routes from the master routing instance.
正解:A、B
質問 # 54
You are asked to download and install the IPS signature database to a device operating in chassis cluster mode. Which statement is correct in this scenario?
- A. The IPS signature package must be downloaded and installed on the primary and backup nodes.
- B. The first synchronization of the backup node and the primary node must be performed manually.
- C. The first time you synchronize the IPS signature package from the primary node to the backup node, the primary node must be rebooted.
- D. You must download and install the IPS signature package on the primary node.
正解:A
質問 # 55
Referring to the exhibit, which three statements are true? (Choose three.)
- A. The packet's destination is to a server in the DMZ zone.
- B. The packet is dropped before making an SSH connection.
- C. The packet is allowed to make an SSH connection.
- D. The packet's destination is to an interface on the SRX Series device.
- E. The packet originated within the Trust zone.
正解:B、D、E
質問 # 56
You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU-name(s)>." error.
Which command would be used to solve the problem?
- A. restart security-intelligence
- B. request service-deployment
- C. request security polices check
- D. request security polices resync
正解:D
質問 # 57
Exhibit
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The data that traverses the ge-0/070 interface is secured by a secure association key.
- B. The data that traverses the ge-070/0 interface can be intercepted and read by anyone.
- C. The data that traverses the ge-070/0 interface cannot be intercepted and read by anyone.
- D. The data that traverses the ge-O/0/0 interface is secured by a connectivity association key.
正解:B、C
質問 # 58
Exhibit
Which two statements are correct about the output shown in the exhibit. (Choose two.)
- A. The packet is an SSH packet
- B. The packet matches a user-configured policy
- C. The destination address is translated.
- D. The source address is translated.
正解:A、D
質問 # 59
You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents. Which security feature achieves this objective?
- A. infected host feeds
- B. encrypted traffic insights
- C. Secure Web Proxy
- D. DNS security
正解:D
質問 # 60
Click the Exhibit button.
While configuring the SRX345, you review the MACsec connection between devices and note that it is not working.
Referring to the exhibit, which action would you use to identify problem?
- A. Verify that the interface between the two devices is up and not experiencing errors
- B. Verify that the formatting settings are correct between the devices and that the software supports the version of MACsec in use
- C. Verify that the transmission path is not replicating packets or correcting frame check sequence error packets
- D. Verify that the connectivity association key and the connectivity association key name match on both devices
正解:D
解説:
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show- security-mka-statistics.html
質問 # 61
You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate.
Which configuration accomplishes these objectives?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option C
- D. Option D
正解:D
解説:
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/ref/statement/family-ethernet-switching-edit-interfaces-qfx-series.html#statement-name-statement__d26608e73
質問 # 62
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?
- A. Full mesh IPsec VPNs with tunnels between all sites.
- B. An IPsec group VPN with the corporate firewall acting as the hub device.
- C. A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
- D. A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
正解:B
質問 # 63
Exhibit
Which statement is true about the output shown in the exhibit?
- A. The SRX Series device is configured with flow-based IPv6 forwarding options.
- B. The SRX Series device is configured with packet-based IPv6 forwarding options.
- C. The SRX Series device is configured with default security forwarding options.
- D. The SRX Series device is configured to disable IPv6 packet forwarding.
正解:C
質問 # 64
Which two statements are correct about the output shown in the exhibit? (Choose two.)
- A. The packet is processed as host inbound traffic.
- B. The packet matches the default security policy.
- C. The packet matches a configured security policy.
- D. The packet is processed in the first path packet flow.
正解:A、B
質問 # 65
......
Juniper JN0-636認定試験は、ジュニパーネットワークのセキュリティ側面に焦点を当てた専門レベルの認定試験です。この試験は、すでにセキュリティ分野で何らかの経験を積んでおり、ジュニパーのセキュリティソリューションの知識とスキルを深めることを目指している人々を対象としています。認定試験はJNCIP-SECとしても知られており、Juniper Networks認定プログラムの一部です。
Juniper JN0-636試験は、IT業界で非常に尊敬されている認定試験であり、試験に合格することで、高度なセキュリティ技術とソリューションにおける候補者の専門知識を証明することができます。雇用主はこの認定の価値を認識し、セキュリティ関連の役割について求める際には、この認定を持っている候補者を探します。また、この認定を持つ個人は、持たない個人よりも高い給与を期待することができます。
Juniper JN0-636リアルな問題と知能問題集:https://jp.fast2test.com/JN0-636-premium-file.html
JN0-636問題集でJNCIP-SEC高確率練習問題集:https://drive.google.com/open?id=13NzmHiqJJ-_KQ50BjQUquJI_5YWP-mD5