NEW QUESTION NO: 1
After downloading the new IPS attack database, the installation of the new database fails.
What caused this condition?
A. The new attack database no longer contained an attack entry that was in use.
B. Some of the new attack entries were already in use and had to be deactivated before installation.
C. The new attack database was revoked between the time it was downloaded and installed.
D. The new attack database was too large for the device on which it was being installed.
Answer: A

NEW QUESTION NO: 2
You have configured a log collector VM and Security Director. System logging is enabled on a branch SRX
Series device, but security logs do not appear in the monitor charts.
How would you solve this problem?
A. Configure a security policy to forward logs to the collector.
B. Configure application identification on the SRX Series device.
C. Configure J-Flow on the SRX Series device.
D. Configure security logging on the SRX Series device.
Answer: D

NEW QUESTION NO: 3
Click the Exhibit button.

You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior,
you notice that you have a session that matches all of the rules in your IPS policy.
In this scenario, which action would be taken?
A. ignore-connection
B. close-client-and-server
C. drop packet
D. no-action
Answer: D

NEW QUESTION NO: 4
You are using the integrated user firewall feature on an SRX Series device.
Which three parameters are stored in the Active Directory authentication table? (Choose three.)
A. MAC address
B. password
C. username
D. IP address
E. group mapping
Answer: C,D,E

NEW QUESTION NO: 5
Which AppSecure feature identifies applications that are present in traffic?
A. AppFW
B. AppTrack
C. AppID
D. AppQoS
Answer: C

NEW QUESTION NO: 6
Click the Exhibit button.

Referring to the exhibit, you have configured a Sky ATP policy to inspect user traffic. However, you have
noticed that encrypted traffic is not being inspected.
In this scenario, what must you do to solve this issue?
A. Change the policy to inspect HTTPS traffic.
B. Configure the SSL forward proxy feature.
C. Configure the PKI feature.
D. Change the policy to inspect TLS traffic.
Answer: B

NEW QUESTION NO: 7
Click the Exhibit button.

You have configured integrated user firewall on the SRX Series devices in your network. However, you
noticed that no users can access the servers that are behind the SRX Series devices.
Referring to the exhibit, what is the problem?
A. The Kerberos service is not configured correctly on the Active Directory server.
B. There are no authentication entries in the SRX Series device for the users.
C. The security policy on the SRX Series device is configured incorrectly.
D. The SAML service is not configured correctly on the Active Directory server.
Answer: C
Explanation/Reference:

NEW QUESTION NO: 8
Which three components are part of the AppSecure services suite? (Choose three.)
A. Sky ATP
B. Web filtering
C. AppFW
D. AppQoS
E. IDP
Answer: C,D,E

NEW QUESTION NO: 9
The Software-Defined Secure Networks Policy Enforcer contains which two components? (Choose two.)
A. SRX Series device
B. Policy Controller
C. Sky ATP
D. Feed Connector
Answer: B,D

NEW QUESTION NO: 10
Your network includes SRX Series devices configured with AppSecure.
Which two statements regarding the application identification engine are true? (Choose two.)
A. If the packets entering the engine match a known application, then processing continues.
B. If the packets entering the engine match a known application, then processing stops.
C. Applications are only matched in traffic flows associated with client-to-server sessions.
D. Applications are matched in traffic flows associated with client-to-server and server-to-client sessions.
Answer: B,D

NEW QUESTION NO: 11
Click the Exhibit button.

A customer submits a service ticket complaining that access to http://www.example.com/ has been
blocked.
Referring to the log message shown in the exhibit, why was access blocked?
A. The user/role permissions were exceeded.
B. The URI matched a profile entry.
C. All illegal source port was utilized.
D. There was a website category infraction.
Answer: B

NEW QUESTION NO: 12
Click the Exhibit button.

Which statement explains the current state value of the command output shown in the exhibit?
A. The user-to-address mapping was successfully read from the domain controller event logs, and an
entry was added to the authentication table witch currently resides on the Routing Engine.
B. A valid response was received from a domain PC probe, and the user is a valid domain user
programmed in the PFE.
C. An invalid response was received from a domain PC probe, and the user is an invalid domain user.
D. A probe event generated an entry in the authentication table, but no probe response has been received
from the domain PC.
Answer: B

NEW QUESTION NO: 13
Click the Exhibit button.

Referring to the configuration shown in the exhibit, which statement explains why traffic matching the IDP
signature DNS:OVERFLOW:TOO-LONG-TCP-MSGis not being stopped by the SRX Series device?
A. The IDP policy idp-pol1is not configured as active.
B. The IDP rule r1 has an action of ignore-connection.
C. The security policy dmz-pol1has an action of permit.
D. The IDP rule r2 has an ip-actionvalue of notify.
Answer: A

NEW QUESTION NO: 14
Which two statements about enabling MACsec using static CAK security mode keys are true? (Choose
two.)
A. CAK secures the data plane traffic.
B. CAK secures the control plane traffic.
C. SAK secures the data plane traffic.
D. SAK secures the control plane traffic.
Answer: B,C

NEW QUESTION NO: 15
What is the required when deploying a log collector in Junos Space?
A. a shared log file directory on the log collector
B. the IP address of interface eth1 on the log collector
C. root user access to the log collector
D. a distributed deployment of the log collector nodes
Answer: C

NEW QUESTION NO: 16
Your manager has identified that employees are spending too much time posting on a social media site.
You are asked to block user from posting on this site, but they should still be able to access any other site
on the Internet.
In this scenario, which AppSecure feature will accomplish this task?
A. AppQoS
B. APBR
C. AppTrack
D. APpFW
Answer: D

NEW QUESTION NO: 17
You have implemented APBR on your SRX Series device and are verifying that your changes are working
properly. You notice that when you start the application for the first time, it does not follow the expected
path.
What are two reasons that would cause this behavior? (Choose two.)
A. The application system cache has been disabled.
B. The application system cache does not have an entry for the first session.
C. The application system cache already has an entry for this application.
D. The advanced policy-based routing is applied to the ingress zone and must be moved to the egress
zone.
Answer: A,B

NEW QUESTION NO: 18
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)
A. The device cannot pass Layer 2 and Layer 3 traffic at the same time.
B. The device can pass Layer 2 and Layer 3 traffic at the same time.
C. You can secure inter-VLAN traffic with a security policy on this device.
D. You can secure intra-VLAN traffic with a security policy on this device.
Answer: B,C

NEW QUESTION NO: 19
Which IDP rule configuration will send an RST to any new session that meets the action criteria?
A. action close-client-and-server
B. ip-action close
C. ip-action block
D. action drop-connection
Answer: B

NEW QUESTION NO: 20
Click the Exhibit button.

Two hosts on the same subnet are connected to an SRX340 using interfaces ge-0/0/4 and ge-0/0/5. The
two hosts can communicate with each other, but they cannot communicate with hosts outside of their
subnet.
Referring to the exhibit, which three actions would you take to solve this problem? (Choose three.)
A. Reboot the SRX340.
B. Set the SRX340 to Ethernet switching mode.
C. Configure a security policy to permit the traffic.
D. Remove the irb.0 interface from the L2 zone.
E. Add the ge-0/0/4 and ge-0/0/5 interfaces to the L2 zone.
Answer: A,B,C

https://www.examslabs.com/Juniper/JNCIP/best-JN0-634-exam-dumps.html