CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-636

Free JN0-636 Exam Braindumps (page: 9)

Page 8 of 29
PDF with 115 Questions

Exhibit



The show network-access aaa radius-servers command has been issued to solve authentication issues.
Referring to the exhibit, to which two authentication servers will the SRX Series device continue to send requests? (Choose TWO)

  1. 200l:DB8:0:f101;:2
  2. 192.168.30.191
  3. 192.168.30.190
  4. 192.168.30.188

Answer(s): B,C

Explanation:

The SRX Series device will continue to send requests to authentication servers 192.168.30.190 and 192.168.30.191. This is because the exhibit shows the output of the show network-access aaa radius- servers command. This command displays the status of the RADIUS servers configured on the device. In the output, we can see that there are three RADIUS servers configured - 192.168.30.190, 192.168.30.191, and 2001:DB8:0:f101::2. However, the status of the third server is shown as "DOWN". This means that the device is not able to communicate with this server. Therefore, the device will continue to send requests to the other two servers - 192.168.30.190 and

192.168.30.191.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents: https://www.juniper.net/documentation/en_US/junos/topics/reference/command- summary/show-network-access-aaa-radius-servers.html



All interfaces involved in transparent mode are configured with which protocol family?

  1. mpls
  2. bridge
  3. inet
  4. ethernet -- switching

Answer(s): B

Explanation:

In transparent mode, all interfaces involved are configured with the bridge protocol family. This allows the SRX device to act as a bridge between the interfaces and forward traffic transparently without any modification. The bridge interfaces can be configured to forward traffic based on layer 2 headers, such as MAC addresses, without the need for routing or IP addressing.



What are two valid modes for the Juniper ATP Appliance? (Choose two.)

  1. flow collector
  2. event collector
  3. all-in-one
  4. core

Answer(s): C,D

Explanation:

The two valid modes for the Juniper ATP Appliance are all-in-one and core. The all-in-one mode is a single appliance that performs both the collector and the core functions. The collector function collects traffic from the network and sends it to the core function for analysis and detection. The core function performs the threat detection, mitigation, and analytics. The all-in-one mode is suitable for small to medium-sized networks that do not require high scalability or performance. The core mode is a dedicated appliance that performs only the core function. The core mode is used in conjunction with one or more collector appliances that collect traffic from the network and send it to the core appliance for analysis and detection. The core mode is suitable for large-scale networks that require high scalability and performance.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:
https://www.juniper.net/documentation/en_US/junos/topics/concept/security-atp-appliance- overview.html



Exhibit



Referring to the exhibit, an internal host is sending traffic to an Internet host using the 203.0.113.1 reflexive address with source port 54311.
Which statement is correct in this situation?

  1. Only the Internet host that the internal host originally communicated with can initiate traffic to reach the internal host using the 203.0.113.1 address, source port 54311, and a random destination port.
  2. Only the Internet host that the internal host originally communicated with can initiate traffic to reach the internal host using the 203.0 113.1 address, a random source port, and destination port 54311.
  3. Any host on the Internet can initiate traffic to reach the internal host using the 203.0.113.1 address, source port 54311, and a random destination port.
  4. Any host on the Internet can initiate traffic to reach the internal host using the 203.0.113.1 address, a random source port, and destination port 54311.

Answer(s): B

Explanation:

According to the Juniper documentation, reflexive NAT is a type of source NAT that allows an internal host to communicate with an external host using a single public IP address and port. The reflexive NAT session is created when the internal host initiates the traffic to the external host, and the session is deleted when the traffic stops. The reflexive NAT session is bidirectional, meaning that the external host can send traffic back to the internal host using the same public IP address and port that the internal host used to reach the external host. However, the external host cannot initiate a new session to the internal host using the same public IP address and port, unless the internal host has already established a session with the external host. Therefore, only the Internet host that the internal host originally communicated with can initiate traffic to reach the internal host using the 203.0.113.1 address, a random source port, and destination port 54311.


Reference:

[Configuring Reflexive NAT]






Post your Comments and Discuss Juniper JN0-636 exam with other Community members:

JN0-636 Discussions & Posts