Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Juniper > Juniper Certifications > JN0-636 > JN0-636 Online Practice Questions and Answers

JN0-636 Online Practice Questions and Answers

Questions 4

You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses. Which two steps will fulfill this requirement? (Choose two.)

A. Enroll the devices with Juniper ATP Appliance.

B. Enroll the devices with Juniper ATP Cloud.

C. Enable a third-party Tor feed.

D. Create a custom feed containing all current known MAC addresses.

Buy Now

Correct Answer: AB

Explanation: To block all known Tor network IP addresses on an SRX Series device, the following steps must be taken:

Enroll the devices with Juniper ATP Appliance or Juniper ATP Cloud: both of these services provide threat intelligence feeds that include known IP addresses associated with the Tor network. By enrolling the SRX Series device, the device

will have access to the latest Tor network IP addresses, and it can then use this information to block traffic from those IP addresses. Creating a custom feed containing all current known MAC addresses, is not a valid option since Tor network

uses IP addresses, MAC addresses are not used to identify the Tor network.

Enable a third-party Tor feed may be used but it's not necessary as Juniper ATP Appliance and Juniper ATP Cloud already provide the same feature.

Questions 5

Exhibit

You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit. What is the correct action to solve the problem on the SRX device?

A. Create a firewall filter to accept the BGP traffic

B. Configure destination NAT for BGP traffic.

C. Add BGP to the Allowed host-inbound-traffic for the interface

D. Modify the security policy to allow the BGP traffic.

Buy Now

Correct Answer: A

Questions 6

Click the Exhibit button.

When attempting to enroll an SRX Series device to JATP, you receive the error shown in the exhibit. What is the cause of the error?

A. The fxp0 IP address is not routable

B. The SRX Series device certificate does not match the JATP certificate

C. The SRX Series device does not have an IP address assigned to the interface that accesses JATP

D. A firewall is blocking HTTPS on fxp0

Buy Now

Correct Answer: C

Reference: https://kb.juniper.net/InfoCenter/index? page=contentandid=KB33979andcat=JATP_SERIESandactp=LIST

Questions 7

You are asked to detect domain generation algorithms

Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)

A. Define an advanced-anti-malware policy under [edit services].

B. Attach the security-metadata-streaming policy to a security

C. Define a security-metadata-streaming policy under [edit

D. Attach the advanced-anti-malware policy to a security policy.

Buy Now

Correct Answer: BD

Explanation: To detect domain generation algorithms (DGAs) on an SRX Series firewall, you can use the security-metadata-streaming and advanced-anti-malware features. The first step is to define a security-metadata-streaming policy under

[edit services], which allows the firewall to receive and process metadata from a third- party security intelligence service. This metadata includes information about DGAs, which the firewall can use to identify and block malicious traffic. The

second step is to attach the security-metadata-streaming policy to a security policy, this will enable the firewall to inspect traffic against the DGA domains provided by the intelligence service.

The third step is to enable the advanced-anti-malware feature on the firewall, and attach an advanced-anti-malware policy to a security policy. This allows the firewall to detect and block malware based on signatures and behavioral analysis,

which can also detect and block traffic associated with DGAs.

Questions 8

You want to enforce I DP policies on HTTP traffic.

In this scenario, which two actions must be performed on your SRX Series device? (Choose two )

A. Choose an attacks type in the predefined-attacks-group HTTP-All.

B. Disable screen options on the Untrust zone.

C. Specify an action of None.

D. Match on application junos-http.

Buy Now

Correct Answer: AD

Explanation: To enforce IDP policies on HTTP traffic on an SRX Series device, the following actions must be performed:

Choose an attacks type in the predefined-attacks-group HTTP-All: This allows the SRX Series device to match on specific types of attacks that can occur within HTTP traffic. For example, it can match on SQL injection or cross-site scripting

(XSS) attacks.

Match on application junos-http: This allows the SRX Series device to match on HTTP traffic specifically, as opposed to other types of traffic. It is necessary to properly identify the traffic that needs to be protected. Disabling screen options on

the Untrust zone and specifying an action of None are not necessary to enforce IDP policies on HTTP traffic. The first one is a feature used to prevent certain types of attacks, the second one is used to take no action in case of a match.

Questions 9

Exhibit.

A hub member of an ADVPN is not functioning correctly.

Referring the exhibit, which action should you take to solve the problem?

A. [edit interfaces] root@vSRX-1# delete st0.0 multipoint

B. [edit interfaces] user@hub-1# delete ipsec vpn advpn-vpn traffic-selector

C. [edit security] user@hub-1# set ike gateway advpn-gateway advpn suggester disable

D. [edit security] user@hub-1# delete ike gateway advpn-gateway advpn partner

Buy Now

Correct Answer: B

Questions 10

Which two modes are supported on Juniper ATP Cloud? (Choose two.)

A. global mode

B. transparent mode

C. private mode

D. Layer 3 mode

Buy Now

Correct Answer: AC

Explanation: Juniper ATP Cloud supports two main modes of operation:

Global mode: In this mode, the Juniper ATP Cloud service analyzes all files and network traffic that pass through the cloud-based service. It uses a combination of static and dynamic analysis techniques, as well as machine learning, to detect

and block malicious files, even if they are not known to traditional anti-virus software. Private mode: In this mode, the Juniper ATP Cloud service analyzes only the files and network traffic that are specifically uploaded or submitted for analysis

by the user. It uses the same analysis techniques as in global mode, but the user has more control over which files and network traffic are analyzed and can be used to analyze files that are behind the firewall.

Questions 11

Exhibit

Which two statements are correct about the output shown in the exhibit? (Choose two.)

A. The packet is silently discarded.

B. The packet is part of an existing session.

C. The packet is part of a new session.

D. The packet is explicitly rejected.

Buy Now

Correct Answer: CD

Questions 12

Exhibit

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly. Which two commands will solve this problem? (Choose two.)

A. Option A

B. Option B

C. Option C

D. Option D

Buy Now

Correct Answer: C

Questions 13

Click the Exhibit button.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

A. Topology 3

B. Topology 5

C. Topology 2

D. Topology 4

E. Topology 1

Buy Now

Correct Answer: ADE

Reference: https://www.juniper.net/documentation/en_US/junos-space17.2/policy- enforcer/topics/concept/ policy-enforcer-deployment-supported-topologies.html

Exam Code: JN0-636
Exam Name: Service Provider Routing and Switching Professional (JNCIP-SP)
Last Update: Jul 08, 2026
Questions: 92

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.