You want to configure a threat prevention policy.
Which three profiles are configurable in this scenario? (Choose three.)
A. malware profile
B. infected host profile
C. C&C profile
D. SSL proxy profile
E. device profile
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You configured a chassis cluster for high availability on an SRX Series device and enrolled this HA cluster with the Juniper ATP Cloud. Which two statements are correct in this scenario? (Choose two.)
A. You must use different license keys on both cluster nodes.
B. You must set up your HA cluster after enrolling your devices with Juniper ATP Cloud
C. When enrolling your devices, you only need to enroll one node.
D. You must use the same license key on both cluster nodes.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Exhibit
You are using trace options to verity NAT session information on your SRX Series device Referring to the exhibit, which two statements are correct? (Choose two.)
A. The SRX device is changing the destination address on this packet 10.0.1 1 to 172 20.101.10.
B. The SRX device is changing the source address on this packet from
C. This packet is part of an existing session.
D. This is the first packet in the session
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Exhibit
You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
A. You must change the global mode to switching mode.
B. You must change the global mode to transparent bridge mode.
C. You must change the global mode to security switching mode.
D. You must change the global mode to security bridging mode
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Exhibit
Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)
A. CAK is used for encryption and decryption of the MACsec session.
B. SAK is successfully generated using this key.
C. CAK is not used for encryption and decryption of the MACsec session.
D. SAK is not generated using this key.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to ensure remote users can access the webserver.Which two statements are true in this scenario? (Choose two.)
A. The DNS CNAME record is translated.
B. The Proxy ARP feature must be configured.
C. The DNS doctoring ALG is not enabled by default.
D. The DNS doctoring ALG is enabled by default.
正解:B,D
質問 7:
What is the purpose of the Switch Microservice of Policy Enforcer?
A. to inspect traffic for malware
B. to enroll SRX Series devices with Juniper ATP Cloud
C. to isolate infected hosts
D. to synchronize security policies to SRX Series devices
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Exhibit
You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.
In this scenario, which action will solve this problem?
A. You must add another term to the firewall filter to accept the traffic from the 172.25.1.0/24 network.
B. You must create the static default route to neighbor 172.21 0.2 under the ISP-1 routing instance hierarchy.
C. You must apply the firewall filter to the lo0 interface when using filter-based forwarding.
D. You must specify that the 172.25.1.1/24 IP address is the primary address on the ge-0/0/1 interface.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic. How many IKE security associations are required between the IPsec peers in this scenario?
A. 4
B. 1
C. 3
D. 2
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
神谷** -
よかった!JN0-636試験に合格し、資格証明書を取りました。信頼に値する資料です!