Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Juniper
  3. JN0-636

Juniper JN0-636 Exam (page: 4)
Juniper Security, Professional
Updated on: 12-Feb-2026

Viewing Page 4 of 24
JN0-636 PDF 115 Questions

Your company wants to use the Juniper Seclntel feeds to block access to known command and control servers, but they do not want to use Security Director to manage the feeds.
Which two Juniper devices work in this situation? (Choose two)

  1. EX Series devices
  2. MX Series devices
  3. SRX Series devices
  4. QFX Series devices

Answer(s): B,C

Explanation:

Juniper MX and SRX series devices support the integration of Seclntel feeds, which provide information about known command and control servers, for the purpose of blocking access to them. These devices can be configured to use the Seclntel feeds without the need for Security Director to manage the feeds.
EX series and QFX series devices are not capable of working in this situation, as they do not support the integration of Seclntel feeds.
According to the Juniper documentation, the two Juniper devices that work in this situation are MX Series devices and SRX Series devices. These devices can use the Juniper SecIntel feeds to block access to known command and control servers without using Security Director to manage the feeds. The Juniper SecIntel feeds are curated and verified threat intelligence data that are continuously collected from Juniper ATP Cloud, Juniper Threat Labs, and other sources. The SecIntel feeds include command and control IPs, URLs, certificate hashes, and domains that are used by attackers to control malware or maintain their connection to the network.
The MX Series devices and the SRX Series devices can subscribe to the SecIntel feeds by using the following steps:
Configure the SecIntel service on the device by specifying the SecIntel URL, the SecIntel policy, and the SecIntel license.
Configure the SecIntel policy on the device by specifying the SecIntel feeds, the SecIntel actions, and the SecIntel logging.
Apply the SecIntel policy to the security zones or the firewall policies on the device by using the secintel-policy option.
Once the SecIntel service is configured and applied, the MX Series devices and the SRX Series devices will receive the SecIntel feeds from Juniper ATP Cloud and use them to block the traffic from or to the command and control servers. The SecIntel service will also send the SecIntel logs to Juniper ATP Cloud or a third-party SIEM solution for further analysis and reporting. The following devices are not suitable or incorrect for this situation:
EX Series devices: EX Series devices are Ethernet switches that can integrate with SecIntel to block infected hosts at the switch port. However, they cannot use the SecIntel feeds to block command and control servers, as they do not support the SecIntel service or policy. QFX Series devices: QFX Series devices are Ethernet switches that can integrate with SecIntel to block infected hosts at the switch port. However, they cannot use the SecIntel feeds to block command and control servers, as they do not support the SecIntel service or policy.


Reference:

1: SecIntel Threat Intelligence 2: Configuring SecIntel Service 3: Configuring SecIntel Policy 4: Applying SecIntel Policy : [SecIntel Logging] : [SecIntel Integration with EX Series Switches] :
[SecIntel Integration with QFX Series Switches]



To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)

  1. cache lookup: to see if the file is seen already and known to be malicious
  2. antivirus scan: with a single vendor solution to see if the file contains any potential threats
  3. dynamic analysis: to see what happens if you execute the file in a real environment
  4. static analysis: to see what happens if you execute the file in a real environment

Answer(s): A,C

Explanation:

Juniper ATP Cloud performs cache lookup to see if the file is seen already and known to be malicious and dynamic analysis to see what happens if you execute the file in a real environment.

Cache lookup is one of the functions that Juniper ATP Cloud performs to analyze and detect malware. Cache lookup is the first step in the pipeline approach that Juniper ATP Cloud uses to examine files. Cache lookup checks whether the file has been seen before and whether it has a stored verdict in the database. If the file is known to be malicious, the verdict is returned to the SRX Series Firewall and the file is dropped. If the file is not found in the cache, the analysis continues with the other techniques.
Dynamic analysis is another function that Juniper ATP Cloud performs to analyze and detect malware. Dynamic analysis runs the file in a sandbox environment and observes its behavior and actions. Dynamic analysis can reveal the hidden or obfuscated functionality of malware, such as network connections, file modifications, registry changes, and process injections. Dynamic analysis can also detect zero-day threats and evasive malware that try to avoid static analysis.


Reference:

How is Malware Analyzed and Detected? | ATP Cloud | Juniper Networks



Exhibit



You are validating bidirectional traffic flows through your IPsec tunnel. The 4546 session represents traffic being sourced from the remote end of the IPsec tunnel. The 4547 session represents traffic that is sourced from the local network destined to the remote network.
Which statement is correct regarding the output shown in the exhibit?

  1. The remote gateway address for the IPsec tunnel is 10.20.20.2
  2. The session information indicates that the IPsec tunnel has not been established
  3. The local gateway address for the IPsec tunnel is 10.20.20.2
  4. NAT is being used to change the source address of outgoing packets

Answer(s): C

Explanation:

According to the output shown in the exhibit, which is a security flow session on an SRX Series device, the correct statement is that the local gateway address for the IPsec tunnel is 10.20.20.2. This is indicated by the line In: 10.20.20.2/2060 -> 10.20.20.1/3382, which shows that the source IP address of the incoming packet is 10.20.20.2, which is the local gateway address of the IPsec tunnel. The destination IP address of the incoming packet is 10.20.20.1, which is the remote gateway address of the IPsec tunnel.
The following statements are incorrect or not supported by the output:
The remote gateway address for the IPsec tunnel is 10.20.20.2. This is false, as explained above. The remote gateway address for the IPsec tunnel is 10.20.20.1, not 10.20.20.2. The session information indicates that the IPsec tunnel has not been established. This is false, as the output shows that there are two active sessions with the communication tag IPSec VPN: vpn1, which indicates that the IPsec tunnel has been established and is named vpn. NAT is being used to change the source address of outgoing packets. This is not supported by the output, as there is no indication of NAT being applied to the outgoing packets. The source IP address of the outgoing packet is 192.168.1.1, which is the same as the source IP address of the original packet. If NAT was being used, the source IP address of the outgoing packet would be different from the source IP address of the original packet.


Reference:

1: show security flow session - Technical Documentation - Support - Juniper Networks



Exhibit



Which two statements are correct about the output shown in the exhibit? (Choose two.)

  1. The packet is silently discarded.
  2. The packet is part of an existing session.
  3. The packet is part of a new session.
  4. The packet is explicitly rejected.

Answer(s): A,C

Explanation:

The packet is silently discarded because the traceoptions output shows that the packet is dropped with the flag flow_spu_drop, which indicates that the packet is dropped by the SPU without sending any response to the sender. The traceoptions output also shows the reason for the drop as "no session found, start first path. in_tunnel - 0, from_cp_flag - 0" which means that the packet does not match any existing session and is not part of a tunnel or a control plane traffic. The packet is part of a new session because the traceoptions output shows that the packet is the first packet of a TCP connection with the flag flow_tcp_syn, which indicates that the packet has the SYN flag set. The traceoptions output also shows that the packet is processed in the first path packet flow with the message "no session found, start first path" which means that the packet is initiating a new session.


Reference:

traceoptions (Security Flow) | Junos OS | Juniper Networks [SRX] How to interpret Flow TraceOptions output for NAT troubleshooting



You are asked to provide single sign-on (SSO) to Juniper ATP Cloud.
Which two steps accomplish this goal? (Choose two.)

  1. Configure Microsoft Azure as the service provider (SP).
  2. Configure Microsoft Azure as the identity provider (IdP).
  3. Configure Juniper ATP Cloud as the service provider (SP).
  4. Configure Juniper ATP Cloud as the identity provider (IdP).

Answer(s): B,C

Explanation:

To provide single sign-on (SSO) to Juniper ATP Cloud, you need to configure the following:
Microsoft Azure as the identity provider (IdP): This allows users to authenticate to Juniper ATP Cloud using their Azure credentials.
Juniper ATP Cloud as the service provider (SP): This allows Juniper ATP Cloud to accept the authentication from Microsoft Azure and provide SSO access to the users. Configuring Microsoft Azure as the service provider (SP) and Juniper ATP Cloud as the identity provider (IdP) are not the correct steps to provide SSO, as the roles are reversed.



Viewing Page 4 of 24



Share your comments for Juniper JN0-636 exam with other users:

Timi 8/19/2023 5:30:00 PM

my first attempt
UNITED KINGDOM


Blessious Phiri 8/13/2023 10:32:00 AM

very explainable
Anonymous


m7md ibrahim 5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis
Anonymous


Tehu 5/25/2023 12:25:00 PM

hi i need see questions
Anonymous


Ashfaq Nasir 1/17/2024 1:19:00 AM

best study material for exam
Anonymous


Roberto 11/27/2023 12:33:00 AM

very interesting repository
ITALY


Nale 9/18/2023 1:51:00 PM

american history 1
Anonymous


Tanvi 9/27/2023 4:02:00 AM

good level of questions
Anonymous


Boopathy 8/17/2023 1:03:00 AM

i need this dump kindly upload it
Anonymous


s_123 8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified
Anonymous


Blessious Phiri 8/15/2023 3:38:00 PM

excellent topics covered
Anonymous


Manasa 12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers
Anonymous


Not Robot 5/14/2023 5:33:00 PM

are these comments real
Anonymous


kriah 9/4/2023 10:44:00 PM

please upload the latest dumps
UNITED STATES


ed 12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
UNITED STATES


Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA


Sanjay 8/15/2023 10:22:00 AM

informative for me.
UNITED STATES


Tom 12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"
JAPAN


Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND


AJ 7/13/2023 8:33:00 AM

great to find this website, thanks
UNITED ARAB EMIRATES