Free JN0-637 Sample Questions — Security, Professional (JNCIP-SEC)

Which two statements are correct about the ICL in an active/active mode multinode HA environment? (Choose two.)

• A. The ICL uses a separate routing instance to communicate with remote multinode HA peers
• B. The ICL is the local device management interface in a multinode HA environment
• C. The ICL is strictly a Layer 2 interface
• D. The ICL traffic can be encrypted

You are deploying OSPF over IPsec with an SRX Series device and third-party device using GRE. Which two statements are correct? (Choose two.)

• A. Overlapping addresses are allowed between remote networks
• B. The GRE interface should use lo0 as endpoints
• C. The GRE interface must be configured under the OSPF protocol
• D. The OSPF protocol must be enabled under the VPN zone

In a multimode HA environment, which service must be configured to synchronize between nodes?

• A. PKI certificated
• B. IDP
• C. IPsec VPN
• D. advanced policy-based routing

You are asked to connect two hosts that are directly connected to an SRX Series device. The traffic should flow unchanged as it passes through the SRX, and routing or switch lookups should not be performed. However, the traffic should still be subjected to security policy checks. What will provide this functionality?

• A. transparent mode
• B. secure wire
• C. MACsec
• D. mixed mode

You have deployed automated threat mitigation using Security Director with Policy Enforcer, Juniper ATP Cloud, SRX Series devices, Forescout, and third-party switches. In this scenario, which device is responsible for communicating directly to the third-party switches when infected hosts need to be blocked?

• A. Forescout
• B. Juniper ATP cloud
• C. SRX Series device
• D. Policy Enforcer

Which two statements are true when setting up an SRX Series device to operate in mixed mode? (Choose two.)

• A. physical interface can be configured to be both a Layer 2 and a Layer 3 interface at the same time
• B. The SRX must be rebooted after configuring at least one Layer 3 and one Layer 2 interface
• C. Packets from Layer 2 interfaces are switched within the same bridge domain
• D. User logical systems support Layer 2 traffic processing

You are deploying a large scale VPN spanning six sites. You need to choose a VPN technology that satisfies the following requirements: all sites must have secure reachability to all other sites. new spoke sites can be added without explicit configuration on the hub site. all spoke-to-spoke communication must traverse the hub site. Which VPN technology will satisfy these requirements?

• A. ADVPN
• B. AutoVPN
• C. secure connect VPN
• D. group VPN

What are three core components for enabling advanced policy-based routing? (Choose three.)

• A. APBR profile
• B. routing instance
• C. filter-based forwarding
• D. policies
• E. routing options

You need to generate a certificate for a PKI-based site-to-site VPN. The peer is expecting to use your domain name, vpn.Juniper.net, to establish the VPN. Your domain name, vpn.juniper.net, resolves to 10.100.0.5. Which two configuration elements are required when you generate your certificate request? (Choose two.)

• A. email [email protected]
• B. ip-address 10.100.0.5
• C. domain-name vpn.juniper.net
• D. subject CN=vpn.juniper.net

Which two statements are correct about automated threat mitigation with Security Director? (Choose two.)

• A. Infected hosts are tracked by their IP address
• B. Infected hosts are tracked by their user identity
• C. Infected hosts are tracked by their chassis serial number
• D. Infected hosts are tracked by their MAC address

You want to deploy two vSRX instances in different public cloud providers to provide redundant security services for your network. Layer 2 connectivity between the two vSRX instances is not possible. What would you configure on the vSRX instances to accomplish this task?

• A. multinode HA
• B. secure wire
• C. chassis cluster
• D. virtual chassis

Which two statements about transparent mode and Ethernet switching mode on an SRX Series device are correct? (Choose two.)

• A. In transparent mode, IRB Interfaces must be placed in a security zone
• B. In Ethernet switching mode Layer 2 Interfaces must be placed in a security zone
• C. In transparent mode, Layer 2 interfaces must be placed in a security zone
• D. In Ethernet switching mode. IRB Interfaces must be placed in a security zone

You are deploying threat remediation to endpoints connected through third-party devices. In this scenario, which three statements are correct? (Choose three.)

• A. All third-party switches must support AAA/RADIUS and Dynamic Authorization Extensions to the RADIUS protocol
• B. The connector uses an API to gather endpoint MAC address information from the RADIUS server
• C. All third-party switches in the specified network are automatically mapped and registered with the RADIUS server
• D. The connector queries the RADIUS server for the infected host endpoint details and initiates a change of authorization (CoA) for the infected host. D. The RADUIS server sends Status-Server messages to update infected host information to the connector

You are asked to configure tenant systems. Which two statements are true in this scenario? (Choose two.)

• A. Tenant systems have their own configuration database
• B. tenant system can have only one administrator
• C. You can commit multiple tenant systems at a time
• D. After successful configuration, the changes are merged into the primary database for each tenant system

Which role does an SRX Series device play in a DS-Lite deployment?

• A. softwire concentrator
• B. softwire initiator
• C. STUN client
• D. STUN server