Juniper JN0-635 問題集

質問 1：
Click the Exhibit button.

According to the policy shown in the exhibit, which application-services traffic will be processed first?
A. the application traffic matchings the utm-policy log rule set
B. the application traffic matchings the application-firewall rule-set demo-tracking_1 rule
C. the application traffic matchings the utm-policy wf-policy_websense-home rules
D. the application traffic matchings the IDP rules
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 2：
Your network includes SRX Series devices at the headquarters location. The SRX Series devices at this location are part of a high availability chassis cluster and are configured for IPS. There has been a node failover.
In this scenario, which statement is true?
A. Existing sessions are dropped and must be reestablished so IPS processing can occur.
B. Existing session continue to be processed by IPS as long as GRES is configured.
C. Existing sessions continue to be processed by IPS because of table synchronization.
D. Existing sessions are no longer processed by IPS and become firewall sessions.
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 3：
You have configured three logical tunnel interfaces in a tenant system on an SRX1500 device.
When committing the configuration, the commit fails.
In this scenario, what would cause this problem?
A. The SRX1500 device requires a tunnel PIC to allow for logical tunnel interfaces
B. There is no GRE tunnel between the tenant system and master system allowing SSH traffic
C. There is no VPLS switch on the tenant system containing a peer It-0/0/0 interface
D. The SRX1500 device does not support more than two logical interfaces per tenant system
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 4：
You are asked to merge to corporate network with the network from a recently acquired company.
Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX Series device servers as the gateway for each network.
Which solution allows you to merge the two networks without modifying the current address assignments?
A. persistent NAT
B. source NAT
C. NAT46
D. double NAT
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 5：
You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption.
Upon enabling the decryption, you notice sessions are not decrypted.
Which action resolves the problem?
A. Replace the server SSL certificate to use the public address.
B. Increase the SSLsession-id-cache-timeoutvalue to any value greater than 5000 seconds.
C. Reboot the SRX Series device.
D. Enable the IDPsensor-configurationdetector to detect address translation.
正解：D

質問 6：
Click the Exhibit button.

Your organization requests that you direct Facebook traffic out a different link to ensure that the bandwidth for critical applications is protected.
Referring to the exhibit, which forwarding instance will be used on your SRX Series device?
A. R3
B. R2
C. inet.0
D. R1
正解：B

質問 7：
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)
A. The link is not protected against man-in-the-middle attacks
B. Data is transmitted across the link in plaintext
C. Data is transmitted across the link in cyphertext
D. The link is protected against man-in-the-middle attacks
正解：A,C

質問 8：
The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device.
In this scenario, which two statements related to the feature are true? (Choose two.)
A. This feature does not capture transit traffic.
B. This feature captures ICMP traffic to and from the SRX Series device.
C. This feature is supported on both branch and high-end SRX Series devices.
D. This feature is supported on high-end SRX Series devices only.
正解：A,C
解説: (Topexam メンバーにのみ表示されます)