Juniper Juniper Certifications JN0-634 Questions & Answers

• Question 21:

  Which two statements about the integrated user firewall feature of the Junos OS are true? (Choose two.)

  A. The maximum number of supported active directory servers is ten.

  B. IPv6 addresses are not supported.

  C. The maximum number of supported active directory servers is five.

  D. IPv6 addresses are supported.

  Correct Answer: AB

• Question 22:

  Your network includes SRX Series devices configured with AppSecure.

  Which two statements regarding the application identification engine are true? (Choose two.)

  A. Applications are only matched in traffic flows associated with client-to-server sessions.

  B. Applications are matched in traffic flows associated with client-to-server and server-to-client sessions.

  C. If the packets entering the engine match a known application, then processing continues.

  D. If the packets entering the engine match a known application, then processing stops.

  Correct Answer: BD

• Question 23:

  The Software-Defined Secure Networks Policy Enforcer contains which two components? (Choose two.)

  A. SRX Series device

  B. Sky ATP

  C. Policy Controller

  D. Feed Connector

  Correct Answer: CD

• Question 24:

  Which feature of Sky ATP is deployed with Software-Defined Secure Networks?

  A. zero-day threat mitigation

  B. software image snapshot support

  C. device inventory management

  D. service redundancy daemon configuration support

  Correct Answer: A

• Question 25:

  After downloading the new IPS attack database, the installation of the new database fails. What caused this condition?

  A. The new attack database no longer contained an attack entry that was in use.

  B. The new attack database was revoked between the time it was downloaded and installed.

  C. The new attack database was too large for the device on which it was being installed.

  D. Some of the new attack entries were already in use and had to be deactivated before installation.

  Correct Answer: A

• Question 26:

  Click the Exhibit button.

  

  Referring to the exhibit, how many AppTrack logs will be generated for an HTTP session lasting 12 minutes?

  A. 4

  B. 2

  C. 1

  D. 3

  Correct Answer: A

• Question 27:

  Which two statements about enabling MACsec using static CAK security mode keys are true? (Choose two.)

  A. CAK secures the data plane traffic.

  B. SAK secures the data plane traffic.

  C. SAK secures the control plane traffic.

  D. CAK secures the control plane traffic.

  Correct Answer: BD

• Question 28:

  Click the Exhibit button.

  

  Two hosts on the same subnet are connected to an SRX340 using interfaces ge-0/0/4 and ge-0/0/5. The two hosts can communicate with each other, but they cannot communicate with hosts outside of their subnet.

  Referring to the exhibit, which three actions would you take to solve this problem? (Choose three.)

  A. Add the ge-0/0/4 and ge-0/0/5 interfaces to the L2 zone.

  B. Remove the irb.0 interface from the L2 zone.

  C. Set the SRX340 to Ethernet switching mode.

  D. Configure a security policy to permit the traffic.

  E. Reboot the SRX340.

  Correct Answer: CDE

• Question 29:

  Which IDP rule configuration will send an RST to any new session that meets the action criteria?

  A. ip-action block

  B. action close-client-and-server

  C. ip-action close

  D. action drop-connection

  Correct Answer: C

• Question 30:

  A customer has recently deployed a next-generation firewall, sandboxing software, cloud access security brokers (CASB), and endpoint protection.

  In this scenario, which tool would provide the customer with additional attack prevention?

  A. Junos Space Cross Provisioning Platform

  B. Contrail

  C. Security Director Policy Enforcer

  D. Network Director Inventory Manager

  Correct Answer: C