Juniper JN0-635 問題集

質問 1：
Click the Exhibit button.

Referring to the exhibit, you have expanded the disk storage size in ESXi for your log collector from 500 GB to 600 GB. However, your log collector's disk size has not changed.
Given the scenario, which two statements are true? (Choose two.)
A. You must run a script from the console to expand the disk size.
B. You must re-run the log collector setup script to update the storage settings.
C. You must reboot the log collector for storage settings to be updated
D. The ESXi storage parameter is not associated with the Elasticsearch disk size parameter.
正解：A,C

質問 2：
Click the Exhibit button.
user @host> show bgp summary logical-system LSYS1
Groups : 11 Peers : 10 Down peers: 1
Table Tot. Paths Act Paths Suppressed History Damp State
Pending
inet.0 141 129 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.64.12 65008 11153 11459 0 26 3d
3:10:43 9/10/10/0 0/0/0/0
192.168.72.12 65009 11171 11457 0 26 3d
3:10:39 11/12/12/0 0/0/0/0
192.168.80.12 65010 9480 9729 0 27 3d
3:10:42 11/12/12/0 0/0/0/0
192.168.88.12 65011 11171 11457 0 25 3d
3:10:31 12/13/13/0 0/0/0/0
192.168.96.12 65012 9479 9729 0 26 3d
3:10:34 12/13/13/0 0/0/0/0
192.168.10.12 65013 111689 11460 0 27 3d
3:10:46 9/10/10/0 0/0/0/0
192.168.11.12 65014 111688 11458 0 25 3d
3:10:42 9/10/10/0 0/0/0/0
192.168.12.12 65015 111687 11457 0 25 3d
3:10:38 9/10/10/0 0/0/0/0
192.68.11.12 650168 9478 9729 0 25 3d
3:10:42 9/10/10/0 0/0/0/0
192.168.13.12 65017 111687 11457 0 27 3d
3:10:30 9/10/10/0 0/0/0/0
192.168.16.12 65017 111687 11457 0 27 1w3d2h
Connect
user@host> show interfaces ge-0/0/7.0 extensive
Logical interface ge-0/0/7.0 (Index 76) (SNMP ifIndex 548) (Generation
141)
...
Security: Zone: log
Allowed host-inbound traffic : bootp dns dhcp finger ftp tftp ident-
reset http https ike netconf
ping reverse-telnet reverse-ssh rloqin rpm rsh snmp
snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip
r2cp
Flow Statistics:
Flow Input statistics:
Self packets: 0
ICMP packets: 0
VPN packets: 0
Multicast packets: 0
Bytes permitted by policy: 0
Connections established: 0
Flow Output statistics:
Multicast packets: 0
Bytes permitted by policy: 0
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self pakets: 0
No minor session: 0
No more sessions: 589723
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 1685, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, F1ags: Is-Preferred Is-Primary
Destination: 10.5.123/24, Local: 10.5.123.3, Broadcast:
10.5.123.255, Generation: 156
Protocol multiservice, MTU: Unlimited, Generation: 1686, Route table: 0 Policer: Input: __default_arp_policer__
...
An SRX Series device has been configured with a logical system LSYS1.
One of the BGP peers is down.
Referring to the exhibit, which statement explains this problem?
A. The maximum number of allowed flows is set to low.
B. The allocated memory is not sufficient for this LSYS.
C. The LSYS license only allows up to ten BGP peerings.
D. The minimum number of flows is set to high.
正解：A

質問 3：
Which AppSecure feature identifies applications that are present in traffic?
A. AppFW
B. AppIDB. AppTrack
C. AppQoS
正解：B

質問 4：
You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic.
Which two statement are true in this scenario? (Choose two.)
A. Applying the filter will not achieve the desired result.
B. The filter should be applied as an output filter on the loopback interface.
C. Applying the filter will achieve the desired result.
D. The filter should be applied as an input filter on the loopback interface.
正解：A,D
解説: (Topexam メンバーにのみ表示されます)

質問 5：
You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)
A. Host inbound traffic must not be processed by the flow module
B. Host inbound traffic must be processed by the flow module
C. The SRX Series device can process both MPLS and IPsec with default traffic handling
D. A firewall filter must be configured to enable packet mode forwarding
正解：A,D
解説: (Topexam メンバーにのみ表示されます)

質問 6：
Which three roles or protocols are required when configuring an ADVPN? (Choose three.)
A. shortcut suggester
B. BGP
C. OSPF
D. shortcut partner
E. IKEv1
正解：A,C,D
解説: (Topexam メンバーにのみ表示されます)

質問 7：
Your manager has identified that employees are spending too much time posting on a social media site. You are asked to block user from posting on this site, but they should still be able to access any other site on the Internet.
In this scenario, which AppSecure feature will accomplish this task?
A. APpFW
B. APBR
C. AppTrack
D. AppQoS
正解：A

質問 8：
You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in this scenario?
A. 10 packets have been processed by the NAT rule.
B. The NAT rule will only translate two addresses at a time.
C. The NAT rule with translate the source and destination addresses.
D. The NAT rule in applied to the N/A routing instance.
正解：C