JN0-637
Real Dumps
https://www.certspots.com/exam/jn0-637/
JNCIP-SEC JN0-637 Real Dumps
1. You are deploying a virtualization solution with the security
devices in your network Each SRX Series device must support at least
100 virtualized instances and each virtualized instance must have its
own discrete administrative domain.
In this scenario, which solution would you choose?
A. VRF instances
B. virtual router instances
C. logical systems
D. tenant systems
Answer: C
JNCIP-SEC JN0-637 Real Dumps
2. How does secure wire mode differ from transparent mode?
A. In secure wire mode, traffic can be modified using source NAT.
B. In secure wire mode, no switching lookup takes place to forward
traffic.
C. In secure wire mode, security policies cannot be used to secure
intra-VLAN traffic.
D. In secure wire mode, IRB interfaces can be configured to route
inter-VLAN traffic.
Answer: B
JNCIP-SEC JN0-637 Real Dumps
3. Which two statements are true about ADVPN members? (Choose
two.)
A. ADVPN members are authenticated using certificates.
B. ADVPN members are authenticated using pre-shared keys.
C. ADVPN members can use IKEv2.
D. ADVPN members can use IKEv1.
Answer: A, C
JNCIP-SEC JN0-637 Real Dumps
4. Which Junos security feature is used for signature-based attack
prevention?
A. RADIUS
B. AppQoS
C. IPS
D. PIM
Answer: C
JNCIP-SEC JN0-637 Real Dumps
5. After downloading the new IPS attack database, the installation of the
new database fails. What caused this condition?
A. The new attack database no longer contained an attack entry that was in
use.
B. The new attack database was too large for the device on which it was
being installed.
C. The new attack database was revoked between the time it was
downloaded and installed.
D. Some of the new attack entries were already in use and had to be
deactivated before installation.
Answer: A
JNCIP-SEC JN0-637 Real Dumps
6. Which two additional configuration actions are necessary for the thirdparty feed shown in the exhibit to work properly? (Choose two.)
A. You must create a dynamic address entry with the IP filter category and
the ipfilter_office365 value.
B. You must apply the dynamic address entry in a security policy.
C. You must apply the dynamic address entry in a security intelligence
policy.
D. You must create a dynamic address entry with the C&C category and the
cc_offic365 value.
Answer: A, B
JNCIP-SEC JN0-637 Real Dumps
7. You want to use selective stateless packet-based forwarding based on the
source address. In this scenario, which command will allow traffic to bypass
the SRX Series device flow daemon?
A. set firewall family inet filter bypas3_flowd term t1 then virtual-channel
stateless
B. set firewall family inet filter bypaa3_flowd term t1 then skip-services
accept
C. set firewall family inet filter bypass__f lowd term t1 then packet-mode
D. set firewall family inet filter bypass_flowd term t1 then routing-instance
stateless
Answer: B
JNCIP-SEC JN0-637 Real Dumps
8. What is a function of UTM?
A. content filtering
B. AppFW
C. IPsec
D. bridge mode
Answer: A
JNCIP-SEC JN0-637 Real Dumps
9. All interfaces involved in transparent mode are configured with
which protocol family?
A. ethernet - switching
B. inet
C. bridge
D. mpls
Answer: D
JNCIP-SEC JN0-637 Real Dumps
10. In an effort to reduce client-server latency transparent mode was
enabled an SRX series device. Which two types of traffic will be
permitted in this scenario? (Choose Two )
A. ARP
B. Layer 2 non-IP multicast
C. BGP
D. IPsec
Answer: A, B