CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-637

Free JN0-637 Exam Braindumps (page: 11)

Page 10 of 30
PDF with 115 Questions

Referring to the exhibit,



which statement about TLS 1.2 traffic is correct?

  1. TLS 1.2 traffic will be sent to routing instance R1 but not forwarded to the next hop.
  2. TLS 1.2 traffic will be sent to routing instance R1 and forwarded to next hop 10.1.0.1.
  3. TLS 1.2 traffic will be sent to routing instance R2 but not forwarded to the next hop.
  4. TLS 1.2 traffic will be sent to routing instance R2 and forwarded to next hop 10.2.0.1.

Answer(s): A



You have an initial setup of ADVPN with two spokes and a hub. A host at partner Spoke-1 is sending traffic to a host at partner Spoke-2.
In this scenario, which statement is true?

  1. Spoke-1 will establish a VPN to Spoke-2 when this is first deployed, so traffic will be sent immediately to Spoke-2.
  2. Spoke-1 will send the traffic through the hub and not use a direct VPN to Spoke-2.
  3. Spoke-1 will establish the tunnel to Spoke-2 before sending any of the host traffic.
  4. Spoke-1 will send the traffic destined to Spoke-2 through the hub until the VPN is established between the spokes.

Answer(s): A



Referring to the exhibit,



which two statements about User1 are true? (Choose two.)

  1. User1 has access to the configuration specific to their assigned logical system.
  2. User1 is logged in to logical system LSYS-1.
  3. User1 can add logical units to an interface that a primary administrator has not previously assigned.
  4. User1 can view outputs from other user logical systems.

Answer(s): A,B

Explanation:

In this configuration, User1 is logged into logical system LSYS-1, which restricts access and visibility to that particular system. This ensures isolation between logical systems on the same physical device. Only a system administrator can assign additional permissions. For more details, see Juniper Logical Systems Guide.

From the exhibit, we see that User1 is logged into logical system LSYS-1:
Access to Assigned Logical System (Answer A): User1, being logged into the logical system LSYS-1, only has access to the configuration and interfaces within that logical system. This is a key feature of logical systems in Junos, ensuring users are restricted to their respective environments. Logged into LSYS-1 (Answer B): The prompt shows that User1 is currently operating in LSYS-1, as indicated by the User1@SRX:LSYS-1> command line.


Reference:

Juniper logical systems configuration and user permissions.



Exhibit:



You are asked to ensure that Internet users can access the company's internal webserver using its

FQDN. However, the internal DNS server's A record only points to the webserver's private address. Referring to the exhibit, which two actions are required to complete this task? (Choose two.)

  1. Disable the DNS ALG.
  2. Configure static NAT for both the DNS server and the webserver.
  3. Configure destination NAT for both the DNS server and the webserver.
  4. Configure proxy ARP on ge-0/0/3.

Answer(s): B,D

Explanation:

In the scenario where internal users are trying to access the company's web server via its FQDN but the DNS server resolves to a private IP, two key actions are needed:
Static NAT (Answer B): Since the internal DNS server resolves the web server to its private IP address (10.10.10.4/24), you need to configure static NAT for both the DNS server and the webserver. This will ensure that requests coming from the internet will be translated to the web server's public IP (203.0.113.4) and the DNS server's public IP (203.0.113.2).
Example Command:
bash set security nat static rule-set public-to-private from zone untrust set security nat static rule-set public-to-private rule dns-server match destination-address 203.0.113.2/32
set security nat static rule-set public-to-private rule dns-server then static-nat-prefix 10.10.10.2/32 set security nat static rule-set public-to-private rule web-server match destination-address 203.0.113.4/32
set security nat static rule-set public-to-private rule web-server then static-nat-prefix 10.10.10.4/32 Proxy ARP (Answer D): The SRX needs to respond to ARP requests for the public IP addresses of both the DNS and webserver on the interface facing the internet (ge-0/0/3). This allows the SRX to handle requests directed at the public IPs.
Example Command:

set interfaces ge-0/0/3 unit 0 family inet proxy-arp interface-address 203.0.113.2/32

set interfaces ge-0/0/3 unit 0 family inet proxy-arp interface-address 203.0.113.4/32 These two configurations allow external users to access the internal web server via its public IP, as resolved by the DNS server.


Reference:

Juniper NAT and proxy ARP documentation.






Post your Comments and Discuss Juniper JN0-637 exam with other Community members:

JN0-637 Discussions & Posts