JN0-635 Security Professional (JNCIP-SEC) Questions and Answers

You have configured static NAT for a webserver in your DMZ. Both internal and external users can reach the webserver using the webserver’s IP address. However, only internal users can reach the webserver using the webserver’s DNS name. When external users attempt to reach the webserver using the webserver’s DNS name, an error message is received.

Which action would solve this problem?

Click the Exhibit button.

Referring to the exhibit, which three types of traffic would be examined by the IPS policy between Switch-1 and Switch-2? (Choose three.)

According to the log shown in the exhibit, you notice the IPsec session is not establishing.

What is the reason for this behavior?

Which two log format types are supported by the JATP appliance? (Choose two.)

You issue the command shown in the exhibit.

Which policy will be active for the identified traffic?

Click the Exhibit button.

Your company has purchased a competitor and now must connect the new network to the existing one. The competitor’s gateway device is receiving its ISP address using DHCP. Communication between the two sites must be secured; however, obtaining a static public IP address for the new site gateway is not an option at this time. The company has several requirements for this solution:

• A site-to-site IPsec VPN must be used to secure traffic between the two sites;
• The IKE identity on the new site gateway device must use the hostname option; and
• Internet traffic from each site should exit through its local Internet connection.

The configuration shown in the exhibit has been applied to the new site’s SRX, but the secure tunnel is not working.

In this scenario, what configuration change is needed for the tunnel to come up?

You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of CoS on the intermediate routers.

What will satisfy this requirement?

Exhibit.

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.

Which two commands will solve this problem? (Choose two.)

Click the Exhibit button.

Referring to the exhibit, you are attempting to enable IPsec power mode to improve IPsec VPN performance. However, you are unable to use IPsec power mode.

What is the problem?

You have designed the firewall filter shown in the exhibit to limit SSH control traffic to yours SRX Series device without affecting other traffic.

Which two statement are true in this scenario? (Choose two.)