CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-636

Free JN0-636 Exam Braindumps (page: 8)

Page 7 of 29
PDF with 115 Questions

Exhibit



You have recently configured Adaptive Threat Profiling and notice 20 IP address entries in the monitoring section of the Juniper ATP Cloud portal that do not match the number of entries locally on the SRX Series device, as shown in the exhibit.
What is the correct action to solve this problem on the SRX device?

  1. You must configure the DAE in a security policy on the SRX device.
  2. Refresh the feed in ATP Cloud.
  3. Force a manual download of the Proxy__Nodes feed.
  4. Flush the DNS cache on the SRX device.

Answer(s): B

Explanation:

The correct action to solve this problem on the SRX device is to refresh the feed in ATP Cloud. This is because the number of IP address entries in the monitoring section of the Juniper ATP Cloud portal does not match the number of entries locally on the SRX Series device. This discrepancy can be caused by a number of factors, such as the SRX device not being properly configured for Adaptive Threat Profiling, or the feed not being properly downloaded from the Juniper ATP Cloud portal. By refreshing the feed in ATP Cloud, the SRX device can synchronize its local feed with the latest feed from the cloud service and ensure that the entries are consistent and accurate.


Reference:

Juniper

Security, Professional (JNCIP-SEC) Reference Materials source and documents:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-adaptive- threat-profiling-configuring.html



You want to enroll an SRX Series device with Juniper ATP Appliance. There is a firewall device in the path between the devices. In this scenario, which port should be opened in the firewall device?

  1. 8080
  2. 443
  3. 80
  4. 22

Answer(s): B

Explanation:

This is the port used for encrypted communication between the SRX series device and the Juniper ATP Appliance
In order to enroll an SRX Series device with Juniper ATP Appliance, the firewall device must have port 443 open. Port 443 is the default port used for HTTPS traffic, the communication between the SRX Series device and the ATP Appliance needs to be encrypted, that's why this port should be opened.



Which two types of source NAT translations are supported in this scenario? (Choose two.)

  1. translation of IPv4 hosts to IPv6 hosts with or without port address translation
  2. translation of one IPv4 subnet to one IPv6 subnet with port address translation
  3. translation of one IPv6 subnet to another IPv6 subnet without port address translation
  4. translation of one IPv6 subnet to another IPv6 subnet with port address translation

Answer(s): A,C

Explanation:

The two types of source NAT translations that are supported in this scenario are translation of IPv4 hosts to IPv6 hosts with or without port address translation, and translation of one IPv6 subnet to another IPv6 subnet without port address translation. These are the types of source NAT translations that are supported by the Junos OS for IPv6 NAT. Translation of IPv4 hosts to IPv6 hosts allows IPv4- only hosts to communicate with IPv6-only hosts by changing the source IPv4 address to a corresponding IPv6 address. Port address translation can be optionally enabled to conserve IPv6 addresses by using different port numbers for different sessions. Translation of one IPv6 subnet to another IPv6 subnet allows IPv6 hosts to use a different IPv6 address range for outbound traffic, such as for security or policy reasons. Port address translation is not supported for this type of translation, as IPv6 addresses are abundant and do not need to be conserved.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-nat-ipv6-

overview.html



Exhibit



Referring to the exhibit, which statement is true?

  1. This custom block list feed will be used before the Juniper Seclntel
  2. This custom block list feed cannot be saved if the Juniper Seclntel block list feed is configured.
  3. This custom block list feed will be used instead of the Juniper Seclntel block list feed
  4. This custom block list feed will be used after the Juniper Seclntel block list feed.

Answer(s): C

Explanation:

According to the Juniper documentation, a custom block list feed is a user-defined list of IP addresses or URLs that are considered malicious or unwanted. A custom block list feed can be configured to override the default Juniper Seclntel block list feed, which is a cloud-based service that provides a list of known malicious IP addresses and URLs. To override the Juniper Seclntel block list feed, the custom block list feed must have a higher priority value than the Juniper Seclntel block list feed. In the exhibit, the custom block list feed has a priority value of 10, which is higher than the default priority value of 5 for the Juniper Seclntel block list feed. Therefore, this custom block list feed will be used instead of the Juniper Seclntel block list feed.


Reference:

: [Configuring Custom Block List Feeds]






Post your Comments and Discuss Juniper JN0-636 exam with other Community members:

JN0-636 Discussions & Posts