2023年最新のJuniper JN0-635試験問題には173問があります
無料で使えるJN0-635別格な問題集をダウンロード2023年03月05日に更新された173問があります
質問 47
You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU-name(s)>." error.
Which command would be used to solve the problem?
- A. request security polices check
- B. request security polices resync
- C. request service-deployment
- D. restart security-intelligence
正解: B
解説:
Reference:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30443&cat=SRX_SERIES&actp=LIST
質問 48
Referring to the security policy shown in the exhibit, which two actions will happen as the packet is processed? (Choose two.)
- A. It marks and passes matched traffic with a high DSCP priority.
- B. It passes unmatched traffic after modifying the DSCP priority.
- C. It marks and passes matched traffic with a low DSCP priority.
- D. It passes unmatched traffic without modifying DSCP priority.
正解: A,D
質問 49
In a Juniper ATP Appliance, what would be a reason for the mitigation rule to be in the failed-remove state?
- A. The Juniper ATP Appliance was not able to obtain the config lock
- B. The Juniper ATP Appliance received an unknown error message from the SRX Series device
- C. The Juniper ATP Appliance received a commit error message from the SRX Series device
- D. The Juniper ATP Appliance was not able to communicate with the SRX Series device
正解: A
質問 50
Click the Exhibit button.
A host is unable to communicate with a webserver. Referring to the exhibit, which statement is correct?
- A. The session table is running out of resources
- B. A session is created for this flow
- C. The webserver is not listening for traffic on port 80
- D. A policy is denying the traffic between these two hosts
正解: D
質問 51
Click the Exhibit button.
A user is trying to reach a company's website, but the connection errors out. The security policies are configured correctly.
Referring to the exhibit, what is the problem?
- A. Static NAT is missing a rule for DNS server
- B. DNS ALG must be disabled
- C. The action for rule 1 must change to static-nat inet
- D. Persistent NAT must be enabled
正解: A
質問 52
You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed.
Which specific traceoption flag will help you troubleshoot this problem?
- A. rules
- B. configuration
- C. routing-socket
- D. lookup
正解: A
質問 53
Click the Exhibit button.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The SRX Series device is not enrolled but can communicate with the JATP Appliance
- B. The SRX Series device is enrolled and communicating with a JATP Appliance
- C. The SRX Series device cannot download the security feeds from the JATP Appliance
- D. The JATP Appliance cannot download the security feeds from the GSS servers
正解: A,C
質問 54
Click the Exhibit button.
You are asked to look at a configuration that is designed to take all traffic with a specific source IP address and forward the traffic to a traffic analysis server for further evaluation. The configuration is not working as intended.
Referring to the exhibit, which change must be made to correct the configuration?
- A. Apply the filter as an output filter on interface xe-0/1/0.0
- B. Create a routing instance named default
- C. Apply the filter as an input filter on interface xe-0/2/1.0
- D. Apply the filter as an input filter on interface xe-0/0/1.0
正解: D
質問 55
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
- A. Analysis
- B. Statistics
- C. Detection
- D. Filtration
正解: A,C
解説:
https://www.juniper.net/us/en/products-services/security/advanced-threat-prevention/
質問 56
Exhibit.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The c-1 TSYS has a reservation for the security flow resource.
- B. The c-1 TSYS cannot use any security flow resources.
- C. The c-1 TSYS can use security flow resources up to the system maximum.
- D. The c-1 TSYS has no reservation for the security flow resource.
正解: B,D
解説:
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-profile-logical-system.html
質問 57
You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network consists of SRX340s and SRX5600s.
In this scenario, which two statements are true? (Choose two.)
- A. You must enable data plane logging on the SRX5600 devices to generate security policy logs
- B. IPsec logs are written to the kmd log file by default
- C. You must enable data plane logging on the SRX340 devices to generate security policy logs
- D. IKE logs are written to the messages log file by default
正解: A,B
質問 58
How does secure wire mode differ from transparent mode?
- A. In secure wire mode, IRB interfaces can be configured to route inter-VLAN traffic
- B. In secure wire mode, no switching lookup takes place to forward traffic
- C. In secure wire mode, security policies cannot be used to secure intra-VLAN traffic
- D. In secure wire mode, traffic can be modified using source NAT
正解: B
質問 59
Click the Exhibit button.
While configuring the SRX345, you review the MACsec connection between devices and note that it is not working.
Referring to the exhibit, which action would you use to identify problem?
- A. Verify that the transmission path is not replicating packets or correcting frame check sequence error packets
- B. Verify that the formatting settings are correct between the devices and that the software supports the version of MACsec in use
- C. Verify that the interface between the two devices is up and not experiencing errors
- D. Verify that the connectivity association key and the connectivity association key name match on both devices
正解: D
質問 60
Which two statements about enabling MACsec using static CAK security mode keys are true?
(Choose two.)
- A. CAK secures the data plane traffic.
- B. SAK secures the data plane traffic.
- C. CAK secures the control plane traffic.
- D. SAK secures the control plane traffic.
正解: B,C
質問 61
Click the Exhibit button.
A host is unable to communicate with a webserver. Referring to the exhibit, which statement is correct?
- A. The session table is running out of resources
- B. A session is created for this flow
- C. The webserver is not listening for traffic on port 80
- D. A policy is denying the traffic between these two hosts
正解: D
質問 62
You are asked to configure a security policy on the SRX Series device.
After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU- name(s)>." error.
Which command would be used to solve the problem?
- A. request security polices check
- B. request security polices resync
- C. request service-deployment
- D. restart security-intelligence
正解: B
解説:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30443&cat=SRX_SERIES&actp=LIS T
質問 63
You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?
- A. A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
- B. A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.
- C. Full mesh IPsec VPNs with tunnels between all sites.
- D. An IPsec group VPN with the corporate firewall acting as the hub device.
正解: D
解説:
Reference:
https://www.juniper.net/us/en/local/pdf/app-notes/3500202-en.pdf
質問 64
Click the Exhibit button.
You are implementing a new branch site and want to ensure Internet traffic is sent directly to your ISP and other traffic is sent to your company headquarters. You have configured filter-based forwarding to accomplish this objective. You verify proper functionality using the outputs shown in the exhibit.
Which two statements are true in this scenario? (Choose two.)
- A. The session utilizes one routing instance
- B. The ge-0/0/5 and ge-0/0/1 interfaces must reside in a single security zone
- C. The ge-0/0/5 and ge-0/0/1 interfaces can reside in different security zones
- D. The session utilizes two routing instances
正解: A,C
質問 65
You configured a security policy permitting traffic from the trust zone to the DMZ zone, inserted the new policy at the top of the list, and successfully committed it to the SRX Series device. Upon monitoring, you notice that the hit count does not increase on the newly configured policy.
In this scenario, which two commands would help you to identify the problem? (Choose two.)
- A. user@srx> show security zones trust detail
- B. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port 443
- C. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port
- D. user@srx> show security shadow-policies from zone trust to zone DMZ
正解: C,D
解説:
443 result-count 10
質問 66
Click the Exhibit button.
Referring to the exhibit, which three types of traffic would be examined by the IPS policy between Switch-1 and Switch-2? (Choose three.)
- A. LLDP
- B. ICMP
- C. UDP
- D. ARP
- E. TCP
正解: B,C,E
質問 67
You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate.
Which configuration accomplishes these objectives?
A)
B)
C)
D)
- A. Option D
- B. Option A
- C. Option B
- D. Option C
正解: A
解説:
Explanation
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/ref/statement/family-ethernet-sw
質問 68
Which two VPN features are supported with CoS-based IPsec VPNs? (Choose two.)
- A. dead peer detection
- B. VPN monitoring
- C. IKEv1
- D. IKEv2
正解: A,D
解説:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/secuirty-cos-based-ipsec- vpns.html
質問 69
Your network includes SRX Series devices at the headquarters location. The SRX Series devices at this location are part of a high availability chassis cluster and are configured for IPS. There has been a node failover.
In this scenario, which statement is true?
- A. Existing sessions continue to be processed by IPS because of table synchronization.
- B. Existing sessions are no longer processed by IPS and become firewall sessions.
- C. Existing session continue to be processed by IPS as long as GRES is configured.
- D. Existing sessions are dropped and must be reestablished so IPS processing can occur.
正解: B
解説:
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-ips-overview.html IPS with Chassis Clustering Limitations:
IPS is supported in both active/passive and active/active chassis cluster modes on SRX Series devices with the following limitations:
No inspection is performed on sessions that fail over or fail back. Only new sessions after a failover are inspected by IPS, and older sessions become firewall session
質問 70
Click the Exhibit button.
Referring to the exhibit, what is the maximum number of zones that are able to be created within all logical systems?
- A. 0
- B. 1
- C. 2
- D. 3
正解: C
質問 71
Which two log format types are supported by the JATP appliance? (Choose two.)
- A. YAML
- B. CSV
- C. YANG
- D. XML
正解: B,D
解説:
https://www.juniper.net/documentation/en_US/release-independent/jatp/topics/topic-map/jatp- custom-log-ingestion.html
質問 72
......
Juniper JN0-635試験実践テスト問題:https://jp.fast2test.com/JN0-635-premium-file.html
最新の認定試験JN0-635問題集-実践テスト問題:https://drive.google.com/open?id=1xGPtzsI7EDT7KaxkYuDx8b6BFI8pT7xK