Juniper jn0-635 practice test

Which three types of peer devices are supported for CoS-based IPsec VPNs? (Choose three.)

• A. branch SRX Series device
• B. third-party device
• C. cSRX
• D. high-end SRX Series device
• E. vSRX

You are asked to configure a new SRX Series CPE device at a remote office. The device must
participate in forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)

• A. Host inbound traffic must not be processed by the flow module
• B. Host inbound traffic must be processed by the flow module
• C. The SRX Series device can process both MPLS and IPsec with default traffic handling
• D. A firewall filter must be configured to enable packet mode forwarding

Which three roles or protocols are required when configuring an ADVPN? (Choose three.)

• A. OSPF
• B. shortcut partner
• C. shortcut suggester
• D. IKEv1
• E. BGP

You must troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your
network consists of SRX340s and SRX5600s.
In this scenario, which two statements are true? (Choose two.)

• A. IPsec logs are written to the kmd log file by default
• B. IKE logs are written to the messages log file by default
• C. You must enable data plane logging on the SRX340 devices to generate security policy logs
• D. You must enable data plane logging on the SRX5600 devices to generate security policy logs

Click the Exhibit button.

You are implementing a new branch site and want to ensure Internet traffic is sent directly to your
ISP and other traffic is sent to your company headquarters. You have configured filter-based
forwarding to accomplish this objective. You verify proper functionality using the outputs shown in
the exhibit.
Which two statements are true in this scenario? (Choose two.)

• A. The session utilizes one routing instance
• B. The ge-0/0/5 and ge-0/0/1 interfaces must reside in a single security zone
• C. The ge-0/0/5 and ge-0/0/1 interfaces can reside in different security zones
• D. The session utilizes two routing instances

Click the Exhibit button.

The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server.
Which action will solve the problem?

• A. Create a security policy that matches the traffic parameters
• B. Edit the source NAT to correct the translated address
• C. Create a route entry to direct traffic into the configured tunnel
• D. Create a route to the desired server

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

• A. Data is transmitted across the link in plaintext
• B. The link is not protected against man-in-the-middle attacks
• C. The link is protected against man-in-the-middle attacks
• D. Data is transmitted across the link in cyphertext

You are asked to secure your network against TOR network traffic.
Which two Juniper products would accomplish this task? (Choose two.)

• A. Contrail Edge
• B. Contrail Insights
• C. Juniper Sky ATP
• D. Juniper ATP Appliance

You are asked to implement the session cache feature on an SRX5400.
In this scenario, what information does a session cache entry record? (Choose two.)

• A. The type of processing to do for ingress traffic
• B. The type of processing to do for egress traffic
• C. To which SPU the traffic of the session should be forwarded
• D. To which NPU the traffic of the session should be forwarded

Which feature of Sky ATP is deployed with Policy Enforcer?

• A. zero-day threat mitigation
• B. software image snapshot support
• C. device inventory management
• D. service redundancy daemon configuration support