Free JN0-636 Exam Questions | JN0-636 dumps PDF free (Page 4 )

QUESTION: 11

Exhibit

You are using traceoptions to verify NAT session information on your SRX Series device. Referring to the exhibit, which two statements are correct? (Choose two.)

This is the last packet in the session.
The SRX Series device is performing both source and destination NAT on this session.
This is the first packet in the session.
The SRX Series device is performing only source NAT on this session.

Answer(s): B,C

Explanation:

The SRX Series device is performing both source and destination NAT on this session because the traceoptions output shows that both source and destination IP addresses and ports are translated. The source IP address 192.168.5.2 is translated to 192.168.100.1 and the destination IP address 1.1.1.1 is translated to 192.168.5.1. The source port 0 is translated to 14777 and the destination port 80 is translated to 80. The traceoptions output also shows the rule and pool IDs for both source and destination NAT: 2/32770 and 1/1 respectively.
This is the first packet in the session because the traceoptions output shows the flag flow_first_packet, which indicates that this is the first packet of a new session. The traceoptions output also shows the flag flow_first_src_xlate and flow_first_rule_dst_xlate, which indicate that this is the first time that source and destination NAT are applied to this session.

Reference:

traceoptions (Security NAT) | Junos OS | Juniper Networks [SRX] How to interpret Flow TraceOptions output for NAT troubleshooting

Show Answer Next Question

QUESTION: 12

Exhibit

Which two statements are correct about the output shown in the exhibit. (Choose two.)

The source address is translated.
The packet is an SSH packet
The packet matches a user-configured policy
The destination address is translated.

Answer(s): A,B

Explanation:

The source address is translated because the traceoptions output shows that the source IP address 192.168.5.2 is translated to 192.168.100.1 and the source port 0 is translated to 14777. The traceoptions output also shows the flag flow_first_src_xlate, which indicates that this is the first time that source NAT is applied to this session.
The packet is an SSH packet because the traceoptions output shows that the application protocol is tcp/22, which is the default port for SSH. The traceoptions output also shows the flag flow_tcp_syn, which indicates that this is the first packet of a TCP connection.

Reference:

traceoptions (Security NAT) | Junos OS | Juniper Networks [SRX] How to interpret Flow TraceOptions output for NAT troubleshooting

Show Answer Next Question

QUESTION: 13

Which statement is true about persistent NAT types?

The target-host-port parameter cannot be used with IPv4 addresses in NAT46.
The target-host parameter cannot be used with IPv6 addressee in NAT64.
The target-host parameter cannot be used with IPv4 addresses in NAT46
The target-host-port parameter cannot be used with IPv6 addresses in NAT64

Answer(s): D

Explanation:

NAT (Network Address Translation) is a method to map one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. There are different types of NAT, one of them is the persistent NAT which is a type of NAT that allows you to map the same internal IP address to the same external IP address each time a host initiates a connection.

Show Answer Next Question

QUESTION: 14

You are deploying a virtualization solution with the security devices in your network Each SRX Series device must support at least 100 virtualized instances and each virtualized instance must have its own discrete administrative domain.
In this scenario, which solution would you choose?

VRF instances
virtual router instances
logical systems
tenant systems

Answer(s): C

Explanation:

A logical system is a virtualization feature in SRX Series devices that allows you to create multiple, isolated virtual routers within a single physical device. Each logical system has its own routing table, firewall policies, and interfaces, and it can be managed and configured independently of the other logical systems. Logical systems are an effective way to isolate different administrative domains and to support a large number of virtualized instances.

According to the Juniper documentation, the solution that would best meet the requirements of deploying a virtualization solution with the security devices in the network is logical systems. Logical systems are a feature that allows the SRX Series device to be partitioned into multiple logical devices, each with its own discrete administrative domain, routing table, firewall policies, VPNs, and interfaces. Each logical system can support up to 100 virtualized instances, depending on the SRX Series model and the available resources.
The following solutions are not suitable or incorrect for this scenario:
VRF instances: VRF instances are a type of routing instance that allows the SRX Series device to maintain multiple routing tables for different VPNs or customers. However, VRF instances do not provide separate administrative domains, firewall policies, or interfaces for each instance. Virtual router instances: Virtual router instances are a type of routing instance that allows the SRX Series device to create multiple logical routers, each with its own routing table and interfaces. However, virtual router instances do not provide separate administrative domains or firewall policies for each instance.
Tenant systems: Tenant systems are a feature that allows the SRX Series device to create multiple logical devices, each with its own discrete administrative domain, routing table, firewall policies, VPNs, and interfaces. However, tenant systems are only supported on the SRX1500, SRX4100, and SRX4200 devices, and each tenant system can only support up to 10 virtualized instances.

Reference:

1: Understanding Logical Systems 2: SRX Series Logical Systems Feature Guide 3: vrf (Routing Instances) : [virtual-router (Routing Instances)] : [Understanding Tenant Systems]

Show Answer Next Question

QUESTION: 15

Exhibit

Which two statements are correct about the output shown in the exhibit? (Choose two.)

The packet is processed as host inbound traffic.
The packet matches the default security policy.
The packet matches a configured security policy.
The packet is processed in the first path packet flow.

Answer(s): A,D

Explanation:

The packet is processed as host inbound traffic because the traceoptions output shows that the destination IP address 10.10.10.1 belongs to the SRX device itself, which is configured with the ge- 0/0/1.0 interface. The traceoptions output also shows the flag flow_host_inbound, which indicates that the packet is destined to the device.
The packet matches the default security policy because the traceoptions output shows that the policy name is default-deny, which is the implicit system-default security policy that denies all packets. The traceoptions output also shows the flag flow_policy_deny, which indicates that the packet is denied by the policy.

Reference:

traceoptions (Security NAT) | Junos OS | Juniper Networks [SRX] How to interpret Flow TraceOptions output for NAT troubleshooting Default Security Policies | Junos OS | Juniper Networks

Show Answer Next Question

Juniper JN0-636 Exam Questions
Security, Professional (Page 4 )

QUESTION: 11

Explanation:

Reference:

QUESTION: 12

Explanation:

Reference:

QUESTION: 13

Explanation:

QUESTION: 14

Explanation:

Reference:

QUESTION: 15

Explanation:

Reference:

Join the JN0-636 Discussion

Juniper JN0-636 Exam Questions Security, Professional (Page 4 )

QUESTION: 11

Explanation:

Reference:

QUESTION: 12

Explanation:

Reference:

QUESTION: 13

Explanation:

QUESTION: 14

Explanation:

Reference:

QUESTION: 15

Explanation:

Reference:

Join the JN0-636 Discussion

Juniper JN0-636 Exam Questions
Security, Professional (Page 4 )