Exam Details
Exam questions are derived from the recommended training and the exam resources listed above. Pass/fail status is available immediately after taking the exam. The exam is only provided in English.
Exam Code JN0-636
Prerequisite Certification JNCIS-SEC
Exam Length 90 minutes
Exam Type 65 multiple-choice questions
Software Versions Junos OS 22.2 – SD 22.1
The Security enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIP-SEC, the professional-level certification in this track, is designed for networking professionals with advanced knowledge of the Juniper Networks Junos OS for SRX Series devices. The written exam verifies your understanding of advanced security technologies and related platform configuration and troubleshooting skills.
This track contains four certifications:
JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
JNCIS-SEC: Security, Specialist. For details, see JNCIS-SEC.
JNCIP-SEC: Security, Professional. For details, see the sections below.
JNCIE-SEC: Security, Expert. For details, see JNCIE-SEC.
Exam Preparation
We recommend the following resources to help you prepare for your exam. However, these resources aren’t required, and using them doesn’t guarantee you’ll pass the exam.
Recommended Training : Advanced Juniper Security
Exam Resources Industry/product knowledge Juniper TechLibrary
Additional Preparation Juniper Learning Portal
Exam Objectives
Here’s a high-level view of the skillset required to successfully complete the JNCIP-Sec certification exam.
Examkingdom Juniper JN0-636 Exam pdf,
Best Juniper JN0-636 Free downloads , Juniper JN0-636 Dumps at Certkingdom.com
| Exam Objective | Description |
| Firewall Filters | Describe the concepts, operation, or functionality of firewall filters. Selective packet processing Troubleshooting with firewall filters Filter-based forwarding Given a scenario, demonstrate how to configure, troubleshoot, or monitor firewall filters. |
| Troubleshooting Security Policy and Zones | Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones. Tools Logging/tracing Other outputs |
| Advanced Threat Protection | Describe the concepts, operation, or functionality of Juniper Advanced Threat Prevention (on-premises appliance or Cloudbased service). Collectors Custom rules Mitigation Given a scenario, demonstrate how to configure or monitor Juniper Advanced Threat Prevention. |
| Edge Security | Describe the concepts, operation, or functionality of edge security features. Hardware support Security Intelligence (SecIntel) Intrusion prevention system (IPS) Corero DDoS Mitigation Advanced threat prevention (ATP) |
| Compliance | Describe the concepts or operation of security compliance. Role-based access control (RBAC) Junos Space® Security Director Authentication, Authorization, and Accounting (AAA) and Security Assertion Markup Language (SAML) integration |
| Threat Mitigation | Describe the concepts, operation, or functionality of threat mitigation. Malware identification or mitigation Malicious lateral traffic identification or mitigation Zero trust microsegmentation Given a scenario, demonstrate how to configure or monitor threat mitigation. |
| Logical and Tenant Systems | Describe the concepts, operation, or functionality of the logical systems. Administrative roles Security profiles Logical systems (LSYS) communication Describe the concepts, operation, or functionality of the tenant systems. Master and tenant admins Tenant systems (TSYS) capacity |
| Layer 2 Security | Describe the concepts, operation, or functionality of Layer 2 security. Transparent mode Mixed mode Secure wire Media Access Control Security (MACsec) Given a scenario, demonstrate how to configure or monitor Layer 2 security. |
| Advanced Network Address Translation (NAT) | Describe the concepts, operation, or functionality of advanced NAT functionality. Persistent NAT Domain name system (DNS) doctoring IPv6 NAT Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced NAT scenarios. |
| Advanced IPsec | Describe the concepts, operation, or functionality of advanced IPsec applications. Remote access VPNs Hub-and-spoke VPNs Public Key Infrastructure (PKI) Auto Discovery VPNs (ADVPNs) Routing with IPsec Overlapping IP addresses Dynamic gateways IPsec class of service (CoS) Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced IPsec functionality. |
QUESTION 1
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url
https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output:
What is the problem in this scenario?
A. The device is directly enrolled with Juniper ATP Cloud.
B. The device is already enrolled with Policy Enforcer.
C. The SRX Series device does not have a valid license.
D. Junos Space does not have matching schema based on the
Answer: C
QUESTION 2
You are asked to deploy filter-based forwarding on your SRX Series device for incoming traffic sourced from the 10.10 100 0 network in this scenario, which three statements are correct? (Choose three.)
A. You must create a forwarding-type routing instance.
B. You must create and apply a firewall filter that matches on the source address 10.10.100.0 and then sends this traffic to your routing
C. You must create and apply a firewall filter that matches on the destination address 10 10.100.0 and then sends this traffic to your routing instance.
D. You must create a RIB group that adds interface routes to your routing instance.
E. You must create a VRF-type routing instance.
Answer: BCE
QUESTION 3
You are connecting two remote sites to your corporate headquarters site. You must ensure that all traffic is secured and sent directly between sites In this scenario, which VPN should be used?
A. IPsec ADVPN
B. hub-and-spoke IPsec VPN
C. Layer 2 VPN
D. full mesh Layer 3 VPN with EBGP
Answer: B
QUESTION 4
You are asked to detect domain generation algorithms
Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)
A. Define an advanced-anti-malware policy under [edit services].
B. Attach the security-metadata-streaming policy to a security
C. Define a security-metadata-streaming policy under [edit
D. Attach the advanced-anti-malware policy to a security policy.
Answer: AD
QUESTION 5
In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)
A. Send a custom message
B. Close the connection.
C. Drop the connection silently.
D. Quarantine the host.
Answer: CD