Are you ready to take your JN0-636 Security,Professional (JNCIP-SEC) exam? The latest Security,Professional (JNCIP-SEC) JN0-636 Exam Questions from PassQuestion would be the valid preparation material which can aid a candidate to pass the Juniper JN0-636 exam with flying colours. It will boost your self-assurance that will make it easier to to prepare and pass the JN0-636 test easily. So by studying these characteristics of the Security,Professional (JNCIP-SEC) JN0-636 Exam Questions, you will be able pass the Juniper JN0-636 exam with ease and earn the JNCIP-SEC certification successfully. 

Security,Professional (JNCIP-SEC)

The Security enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIP-SEC, the professional-level certification in this track, is designed for networking professionals with advanced knowledge of the Juniper Networks Junos OS for SRX Series devices. The written exam verifies your understanding of advanced security technologies and related platform configuration and troubleshooting skills.

Exam Details

Exam Code: JN0-636
Prerequisite Certification: JNCIS-SEC
Delivered by: Pearson VUE
Exam Length: 90 minutes
Exam Type: 65 multiple-choice questions
Software Versions: Junos OS 22.2/SD 22.1

Exam Objectives

Firewall Filters

• Describe the concepts, operation, or functionality of firewall filters.
• Given a scenario, demonstrate how to configure, troubleshoot, or monitor firewall filters.

Troubleshooting Security Policy and Zones

• Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones.

Advanced Threat Protection

• Describe the concepts, operation, or functionality of Juniper Advanced Threat Prevention (on-premises appliance or Cloudbased service).
• Given a scenario, demonstrate how to configure or monitor Juniper Advanced Threat Prevention.

Edge Security

• Describe the concepts, operation, or functionality of edge security features.

Compliance

• Describe the concepts or operation of security compliance.

Threat Mitigation

• Describe the concepts, operation, or functionality of threat mitigation.
• Given a scenario, demonstrate how to configure or monitor threat mitigation.

Logical and Tenant Systems

• Describe the concepts, operation, or functionality of the logical systems.
• Describe the concepts, operation, or functionality of the tenant systems.

Layer 2 Security

• Describe the concepts, operation, or functionality of Layer 2 security.
• Given a scenario, demonstrate how to configure or monitor Layer 2 security.

Advanced Network Address Translation (NAT)

• Describe the concepts, operation, or functionality of advanced NAT functionality.
• Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced NAT scenarios.

Advanced IPsec

• Describe the concepts, operation, or functionality of advanced IPsec applications.
• Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced IPsec functionality.

View Online Security,Professional (JNCIP-SEC)  JN0-636 Free Questions

1. Your company wants to scale to 200 branches across the globe. Dynamic routing over the VPNs is required and you want to minimize the chance of compromising the keys.
Which type of VPN implementation should you use?
A.  policy-based VPN with preshared key authentication
B.  route-based VPN with preshared key authentication
C.  policy-based VPN with certificate-based authentication
D.  route-based VPN with certificate-based authentication
Answer: D
 
2. You installed the IPS license on the SRX Series device and need to download the IPS signature database. What must you do?
A.  Run the request security idp security-package install command; the signature database will be downloaded from Juniper Networks and installed.
B.  Run the request security idp security-package download command followed by the request security idp security-package install command.
C.  Run the request security idp security-package download command; the signature database will be downloaded from Juniper Networks and installed.
D.  Download the signature database from Juniper Networks and run the request security idp security-package download to use TFTP to transfer the file from your laptop and install it on the SRX Series device.
Answer: B
 
3. A large company with different partners wants to establish a VPN among the various sites using certificates. One partner receives a certificate from a different CA server than does corporate headquarters.
Which type of certificate format is used on the SRX Series device to establish this VPN?
A.  PKCS10
B.  PKCS7
C.  PKCSS
D.  PKCS12
Answer: B
 
4. You want to configure system security resources for logical systems on SRX devices. Which statement is true regarding the system behavior of security profiles?
A.  They are defined by user administrators within an LSYS.
B.  Up to 512 profiles can be configured.
C.  One security profile can be applied to multiple LSYSs.
D.  Configured limitations of type maximum guarantees system resources.
Answer: C
 
5. You have configured DNS doctoring on your SRX device to allow your internal Web server traffic to respond to www.targethost.com. You now want to verify proper DNS doctoring behavior.
Which action allows you to perform this task?
A.  Initiate a ping from an internal host to www.targethost.com.
B.  Initiate a ping from an external host to www.targethost.com.
C.  Initiate a ping from the internal Web server to an external host.
D.  Verify that the DNS ALG is enabled.
Answer: B
 
6. A security administrator wants to establish a certificate-based VPN between SRXA and SRXB. SRXA receives a certificate from certificate authority CA-A and SRXB receives a certificate from certificate authority CA-B.
Which type of certificates are needed on SRXA to establish the VPN tunnel?
A.  SRXA's local certificate, and SRXA's CA certificate issued by CA-A
B.  SRXA's local certificate, and SRXB's CA certificate issued by CA-B
C.  SRXA's local certificate, and SRXB's local certificate
D.  SRXB's local certificate, SRXA's CA certificate issued by CA-A, and SRXB's CA certificate issued by CA-B
Answer: B
 
7. You want to add the IDP attack database to your SRX device. Which two tasks are required to complete this goal?(Choose two.)
A.  Download the IDP security package.
B.  Download the IDP sensor database.
C.  Install the IDP sensor database.
D.  Install the IDP security package.
Answer: A, D
 
8. You are asked to separate several remote branch locations by attaching them to separate SRX Series devices.
You have only one SRX Series device and must accomplish this objective virtually. You are required to have separate routing tables, and each interface must be in different logical devices.
Which type of routing-instance must you use to accomplish this objective?
A.  virtual-router
B.  non-forwarding
C.  policy-based
D.  forwarding
Answer: A
 
9. Your enterprise requires a remote access solution and wants the installation of the VPN client software to be automated and linked to users as they log in to the VPN server.
Which client VPN feature meets this requirement?
A.  Purchase SSL VPN feature licenses and add them to the SRX Series device
B.  Install the Junos Pulse client on the Windows devices at login
C.  Deploy the group VPN SRX Series device feature 1
D.  Deploy the dynamic VPN on the SRX Series device
Answer: D
 
10. Which two methods can be categorized under the reconnaissance phase? (Choose two.)
A.  using information from the target company website
B.  Xmas attack
C.  ping of death
D.  war dialing scan
Answer: A, D