JN0-634 JNCIP-SEC Exam Objectives

Posted by

This list provides a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.

Application-Aware Security Services
Security Director Logging and Reporting
Sky ATP
Unified Threat Management (UTM)
Intrusion Prevention System (IPS)
Software Defined Secure Networks (SDSN)
User Firewall
Layer 2 Security

Application-Aware Security Services
Describe the concepts, operation, or functionality of AppSecure
Application identification
Custom Applications
Application Signatures
Application Tracking
AppQoS
AppFirewall
Given a scenario, demonstrate how to configure or monitor AppSecure

Security Director Logging and Reporting
Describe the concepts, operation, or functionality of Security Director logging and reporting
Security Director logging and reporting Installation
Security policy design and application
Analyzing data
Given a scenario, demonstrate how to configure or monitor Security Director logging and reporting information

Sky ATP
Describe the concepts, operation, or functionality of Sky ATP
Functions and processing flow
Analysis and actions
Monitoring and reporting
Given a scenario, demonstrate how to configure or monitor Sky ATP

Unified Threat Management (UTM)
Describe the concepts, operation, or functionality of UTM
Processing order
Content Filtering
Anti-virus
Anti-Spam
Web filtering
Given a scenario, demonstrate how to configure or monitor UTM functions

Intrusion Prevention System (IPS)
Describe the concepts, operation, or functionality of IPS
Processing order
Signatures
Policy
Templates
Given a scenario, demonstrate how to configure or monitor IPS functions

Software Defined Secure Networks (SDSN)
Describe the concepts, operation, or functionality of SDSN
SDSN fundamentals
Policy Enforcer
SDSN components
Given a scenario, demonstrate how to configure or monitor SDSN deployments

User Firewall

Describe the concepts, operation, or functionality of the user firewall
Integrated user firewall
User firewall implementation
Authentication sources
Given a scenario, demonstrate how to configure or monitor the user firewall

Layer 2 Security
Describe the concepts, operation, or functionality of Layer 2 security
Transparent mode
Mixed mode
Secure wire
MacSec
Given a scenario, demonstrate how to configure or monitor Layer 2 security


QUESTION 2 – (Topic 1)
In the IPS packet processing flow on an SRX Series device, when does application identification occur?

A. before fragmentation processing
B. after protocol decoding
C. before SSL decryption
D. after attack signature matching

Answer: A


QUESTION 4 – (Topic 1)
Click the Exhibit button.
user@host> monitor traffic interface ge-0/0/3
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/3, capture size 96 bytes
Reverse lookup for 172.168.3.254 failed (check DNS reachability). Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lockups on IP addresses.
19:24:16.320907 In arp who-has 172.168.3.254 tell 172.168.3.1 19.24:17.322751 In arp who has 172.168.3.254 tell 172.168.3.1 19.24:18.328895 In arp who-has 172.168.3.254 tell 172.168.3.1
19.24:18.332956 In arn who has 172.168.3.254 tell 172.168.3.1
A new server has been set up in your environment. The administrator suspects that the firewall is blocking the traffic from the new server. Previously existing servers in the VLAN are working correctly. After reviewing the logs, you do not see any traffic for the new server.
Referring to the exhibit, what is the cause of the problem?

A. The server is in the wrong VLAN.
B. The server has been misconfigured with the wrong IP address.
C. The firewall has been misconfigured with the incorrect routing-instance.
D. The firewall has a filter enabled to block traffic from the server.

Answer: C


QUESTION 5 – (Topic 1)
Click the Exhibit button.
— Exhibit —
CID-0:RT: flow process pak fast ifl 71 in_ifp ge-0/0/5.0
CID-0:RT: ge-0/0/5.0:10.0.0.2/55892->192.168.1.2/80, tcp, flag 2 syn
CID-0:RT: find flow: table 0x5a386c90, hash 50728(0xffff), sa 10.0.0.2, da 192.168.1.2, sp 55892, dp 80, proto 6, tok 7
CID-0:RT: no session found, start first path. in_tunnel – 0x0, from_cp_flag – 0 CID-0:RT: flow_first_create_session
CID-0:RT: flow_first_in_dst_nat: in <ge-0/0/5.0>, out <N/A> dst_adr 192.168.1.2, sp 55892, dp 80
CID-0:RT: chose interface ge-0/0/5.0 as incoming nat if. CID-0:RT:flow_first_rule_dst_xlatE. DST no-xlatE. 0.0.0.0(0) to 192.168.1.2(80)
CID-0:RT:flow_first_routinG. vr_id 0, call flow_route_lookup(): src_ip 10.0.0.2, x_dst_ip 192.168.1.2, in ifp ge-0/0/5.0, out ifp N/A sp 55892, dp 80, ip_proto 6, tos 10
CID-0:RT:Doing DESTINATION addr route-lookup
CID-0:RT: routed (x_dst_ip 192.168.1.2) from LAN (ge-0/0/5.0 in 0) to ge-0/0/1.0, Next-hop: 172.16.32.1
CID-0:RT:flow_first_policy_searcH. policy search from zone LAN-> zone WAN (0x0,0xda540050,0x50)
CID-0:RT:Policy lkup: vsys 0 zone(7:LAN) -> zone(6:WAN) scope:0
CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6
CID-0:RT:Policy lkup: vsys 0 zone(5:Unknown) -> zone(5:Unknown) scope:0 CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6
CID-0:RT: app 6, timeout 1800s, curr ageout 20s CID-0:RT: packet dropped, denied by policy
CID-0:RT: denied by policy default-policy-00(2), dropping pkt CID-0:RT: packet dropped, policy deny.
CID-0:RT: flow find session returns error. CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1) CID-0:RT:jsf sess close notify CID-0:RT:flow_ipv4_del_flow: sess , in hash 32 — Exhibit —
A host is not able to communicate with a Web server.
Based on the logs shown in the exhibit, what is the problem?

A. A policy is denying the traffic between these two hosts.
B. A session has not been created for this flow.
C. A NAT policy is translating the address to a private address.
D. The session table is running out of resources.

Answer: A


QUESTION 6 – (Topic 1)
Your management has a specific set of Web-based applications that certain employees are allowed to use.
Which two SRX Series device features would be used to accomplish this task? (Choose two.)
A. UserFW
B. IDP
C. AppFW
D. firewall filter

Answer: C


QUESTION 7 – (Topic 1)
You configured a custom signature attack object to match specific components of an attack:
HTTP-request
Pattern .*\x90 90 90 … 90
Direction: client-to-server
Which client traffic would be identified as an attack?

A. HTTP GET .*\x90 90 90 … 90
B. HTTP POST .*\x90 90 90 … 90
C. HTTP GET .*x909090 … 90
D. HTTP POST .*x909090 … 90

Answer: A
Reference: https://www.juniper.net/techpubs/en_US//idp/topics/task/configuration/intrusion-detection-prevention-signature-attack-object-creating-nsm.html

 

Click here to view complete Q&A of JN0-634 exam
Certkingdom Review
, Certkingdom JN0-634 PDF

 

MCTS Training, MCITP Trainnig

 

Best Juniper JN0-634 Certification, Juniper JN0-634 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]

Leave a Reply

Your email address will not be published. Required fields are marked *