Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Juniper
  3. JN0-636

Juniper JN0-636 Exam (page: 4)
Juniper Security, Professional
Updated on: 25-Dec-2025

Viewing Page 4 of 24
JN0-636 PDF 115 Questions

Your company wants to use the Juniper Seclntel feeds to block access to known command and control servers, but they do not want to use Security Director to manage the feeds.
Which two Juniper devices work in this situation? (Choose two)

  1. EX Series devices
  2. MX Series devices
  3. SRX Series devices
  4. QFX Series devices

Answer(s): B,C

Explanation:

Juniper MX and SRX series devices support the integration of Seclntel feeds, which provide information about known command and control servers, for the purpose of blocking access to them. These devices can be configured to use the Seclntel feeds without the need for Security Director to manage the feeds.
EX series and QFX series devices are not capable of working in this situation, as they do not support the integration of Seclntel feeds.
According to the Juniper documentation, the two Juniper devices that work in this situation are MX Series devices and SRX Series devices. These devices can use the Juniper SecIntel feeds to block access to known command and control servers without using Security Director to manage the feeds. The Juniper SecIntel feeds are curated and verified threat intelligence data that are continuously collected from Juniper ATP Cloud, Juniper Threat Labs, and other sources. The SecIntel feeds include command and control IPs, URLs, certificate hashes, and domains that are used by attackers to control malware or maintain their connection to the network.
The MX Series devices and the SRX Series devices can subscribe to the SecIntel feeds by using the following steps:
Configure the SecIntel service on the device by specifying the SecIntel URL, the SecIntel policy, and the SecIntel license.
Configure the SecIntel policy on the device by specifying the SecIntel feeds, the SecIntel actions, and the SecIntel logging.
Apply the SecIntel policy to the security zones or the firewall policies on the device by using the secintel-policy option.
Once the SecIntel service is configured and applied, the MX Series devices and the SRX Series devices will receive the SecIntel feeds from Juniper ATP Cloud and use them to block the traffic from or to the command and control servers. The SecIntel service will also send the SecIntel logs to Juniper ATP Cloud or a third-party SIEM solution for further analysis and reporting. The following devices are not suitable or incorrect for this situation:
EX Series devices: EX Series devices are Ethernet switches that can integrate with SecIntel to block infected hosts at the switch port. However, they cannot use the SecIntel feeds to block command and control servers, as they do not support the SecIntel service or policy. QFX Series devices: QFX Series devices are Ethernet switches that can integrate with SecIntel to block infected hosts at the switch port. However, they cannot use the SecIntel feeds to block command and control servers, as they do not support the SecIntel service or policy.


Reference:

1: SecIntel Threat Intelligence 2: Configuring SecIntel Service 3: Configuring SecIntel Policy 4: Applying SecIntel Policy : [SecIntel Logging] : [SecIntel Integration with EX Series Switches] :
[SecIntel Integration with QFX Series Switches]



To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)

  1. cache lookup: to see if the file is seen already and known to be malicious
  2. antivirus scan: with a single vendor solution to see if the file contains any potential threats
  3. dynamic analysis: to see what happens if you execute the file in a real environment
  4. static analysis: to see what happens if you execute the file in a real environment

Answer(s): A,C

Explanation:

Juniper ATP Cloud performs cache lookup to see if the file is seen already and known to be malicious and dynamic analysis to see what happens if you execute the file in a real environment.

Cache lookup is one of the functions that Juniper ATP Cloud performs to analyze and detect malware. Cache lookup is the first step in the pipeline approach that Juniper ATP Cloud uses to examine files. Cache lookup checks whether the file has been seen before and whether it has a stored verdict in the database. If the file is known to be malicious, the verdict is returned to the SRX Series Firewall and the file is dropped. If the file is not found in the cache, the analysis continues with the other techniques.
Dynamic analysis is another function that Juniper ATP Cloud performs to analyze and detect malware. Dynamic analysis runs the file in a sandbox environment and observes its behavior and actions. Dynamic analysis can reveal the hidden or obfuscated functionality of malware, such as network connections, file modifications, registry changes, and process injections. Dynamic analysis can also detect zero-day threats and evasive malware that try to avoid static analysis.


Reference:

How is Malware Analyzed and Detected? | ATP Cloud | Juniper Networks



Exhibit



You are validating bidirectional traffic flows through your IPsec tunnel. The 4546 session represents traffic being sourced from the remote end of the IPsec tunnel. The 4547 session represents traffic that is sourced from the local network destined to the remote network.
Which statement is correct regarding the output shown in the exhibit?

  1. The remote gateway address for the IPsec tunnel is 10.20.20.2
  2. The session information indicates that the IPsec tunnel has not been established
  3. The local gateway address for the IPsec tunnel is 10.20.20.2
  4. NAT is being used to change the source address of outgoing packets

Answer(s): C

Explanation:

According to the output shown in the exhibit, which is a security flow session on an SRX Series device, the correct statement is that the local gateway address for the IPsec tunnel is 10.20.20.2. This is indicated by the line In: 10.20.20.2/2060 -> 10.20.20.1/3382, which shows that the source IP address of the incoming packet is 10.20.20.2, which is the local gateway address of the IPsec tunnel. The destination IP address of the incoming packet is 10.20.20.1, which is the remote gateway address of the IPsec tunnel.
The following statements are incorrect or not supported by the output:
The remote gateway address for the IPsec tunnel is 10.20.20.2. This is false, as explained above. The remote gateway address for the IPsec tunnel is 10.20.20.1, not 10.20.20.2. The session information indicates that the IPsec tunnel has not been established. This is false, as the output shows that there are two active sessions with the communication tag IPSec VPN: vpn1, which indicates that the IPsec tunnel has been established and is named vpn. NAT is being used to change the source address of outgoing packets. This is not supported by the output, as there is no indication of NAT being applied to the outgoing packets. The source IP address of the outgoing packet is 192.168.1.1, which is the same as the source IP address of the original packet. If NAT was being used, the source IP address of the outgoing packet would be different from the source IP address of the original packet.


Reference:

1: show security flow session - Technical Documentation - Support - Juniper Networks



Exhibit



Which two statements are correct about the output shown in the exhibit? (Choose two.)

  1. The packet is silently discarded.
  2. The packet is part of an existing session.
  3. The packet is part of a new session.
  4. The packet is explicitly rejected.

Answer(s): A,C

Explanation:

The packet is silently discarded because the traceoptions output shows that the packet is dropped with the flag flow_spu_drop, which indicates that the packet is dropped by the SPU without sending any response to the sender. The traceoptions output also shows the reason for the drop as "no session found, start first path. in_tunnel - 0, from_cp_flag - 0" which means that the packet does not match any existing session and is not part of a tunnel or a control plane traffic. The packet is part of a new session because the traceoptions output shows that the packet is the first packet of a TCP connection with the flag flow_tcp_syn, which indicates that the packet has the SYN flag set. The traceoptions output also shows that the packet is processed in the first path packet flow with the message "no session found, start first path" which means that the packet is initiating a new session.


Reference:

traceoptions (Security Flow) | Junos OS | Juniper Networks [SRX] How to interpret Flow TraceOptions output for NAT troubleshooting



You are asked to provide single sign-on (SSO) to Juniper ATP Cloud.
Which two steps accomplish this goal? (Choose two.)

  1. Configure Microsoft Azure as the service provider (SP).
  2. Configure Microsoft Azure as the identity provider (IdP).
  3. Configure Juniper ATP Cloud as the service provider (SP).
  4. Configure Juniper ATP Cloud as the identity provider (IdP).

Answer(s): B,C

Explanation:

To provide single sign-on (SSO) to Juniper ATP Cloud, you need to configure the following:
Microsoft Azure as the identity provider (IdP): This allows users to authenticate to Juniper ATP Cloud using their Azure credentials.
Juniper ATP Cloud as the service provider (SP): This allows Juniper ATP Cloud to accept the authentication from Microsoft Azure and provide SSO access to the users. Configuring Microsoft Azure as the service provider (SP) and Juniper ATP Cloud as the identity provider (IdP) are not the correct steps to provide SSO, as the roles are reversed.



Viewing Page 4 of 24



Share your comments for Juniper JN0-636 exam with other users:

Blessious Phiri 8/12/2023 11:56:00 AM

its getting more technical
Anonymous


Jeanine J 7/11/2023 3:04:00 PM

i think these questions are what i need.
UNITED STATES


Aderonke 10/23/2023 2:13:00 PM

helpful assessment
UNITED KINGDOM


Tom 1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?
KOREA REPUBLIC OF


Vinit N. 8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.
UNITED STATES


Sanyog Deshpande 9/14/2023 7:05:00 AM

good practice
UNITED STATES


Tyron 9/8/2023 12:12:00 AM

so far it is really informative
Anonymous


beast 7/30/2023 2:22:00 PM

hi i want it please please upload it
Anonymous


Mirex 5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions
Anonymous


exampei 8/7/2023 8:05:00 AM

please upload c_tadm_23 exam
TURKEY


Anonymous 9/12/2023 12:50:00 PM

can we get tdvan4 vantage data engineering pdf?
UNITED STATES


Aish 10/11/2023 5:51:00 AM

want to clear the exam.
INDIA


Smaranika 6/22/2023 8:42:00 AM

could you please upload the dumps of sap c_sac_2302
INDIA


Blessious Phiri 8/15/2023 1:56:00 PM

asm management configuration is about storage
Anonymous


Lewis 7/6/2023 8:49:00 PM

kool thumb up
UNITED STATES


Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Terry 5/24/2023 4:41:00 PM

i can practice for exam
Anonymous


Emerys 7/29/2023 6:55:00 AM

please i need this exam.
Anonymous


Goni Mala 9/2/2023 12:27:00 PM

i need the dump
Anonymous


Lenny 9/29/2023 11:30:00 AM

i want it bad, even if cs6 maybe retired, i want to learn cs6
HONG KONG


MilfSlayer 12/28/2023 8:32:00 PM

i hate comptia with all my heart with their "choose the best" answer format as an argument could be made on every question. they say "the "comptia way", lmao no this right here boys is the comptia way 100%. take it from someone whos failed this exam twice but can configure an entire complex network that these are the questions that are on the test 100% no questions asked. the pbqs are dead on! nice work
Anonymous


Swati Raj 11/14/2023 6:28:00 AM

very good materials
UNITED STATES


Ko Htet 10/17/2023 1:28:00 AM

thanks for your support.
Anonymous


Philippe 1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
CANADA


Sam 8/31/2023 10:32:00 AM

not bad but you question database from isaca
MALAYSIA


Brijesh kr 6/29/2023 4:07:00 AM

awesome contents
INDIA


JM 12/19/2023 1:22:00 PM

answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
UNITED STATES


Neo 7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
SOUTH AFRICA


Bilal 8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
Anonymous


John 11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?
UNITED STATES


Biswa 11/20/2023 8:50:00 AM

refresh db knowledge
Anonymous


Shalini Sharma 10/17/2023 8:29:00 AM

interested for sap certification
JAPAN


ethan 9/24/2023 12:38:00 PM

could you please upload practice questions for scr exam ?
HONG KONG


vijay joshi 8/19/2023 3:15:00 AM

please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
Anonymous