Juniper JN0-633 Dumps

Exam: Juniper Networks Certified Professional Security (JNCIP-SEC)

JN0-633 Premium VCE File
JN0-633.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified JN0-633 Exam Questions with 30-Days Free Updates
181 Questions & Answers
 $39.99

Play Juniper JN0-633 VCE files with Avanset VCE Simulator
 

Juniper JN0-633 Exam Tutorial

Showing 1-20 of 175 Questions   (Page 1 out of 9)


Question No : 1

Where does the AppSecure suite of functions occur in the security flow process on an SRX
Series device?

A. services
B. security policy
C. NAT
D. session initiation


Question No : 2

Click the Exhibit button.
-- Exhibit
Juniper JN0-633 question 2
-- Exhibit --
You must configure two SRX devices to enable bidirectional communications between the
two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and
172.16.2.0/24 networks to use for this purpose.
Which configuration will accomplish this task?

A. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.
B. Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
C. Using source NAT, translate traffic from Site1's addresses to 172.16.1.0/24, and translate traffic from Site2's addresses to 172.16.2.0/24.
D. Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.


Question No : 3

Somebody has inadvertently configured several security policies with application firewall
rule sets on an SRX device. These security policies are now dropping traffic that should be
allowed. You must find and remove the application firewall rule sets that are associated
with these policies. Which two commands allow you to view these associations? (Choose
two.)

A. show security policies
B. show services application-identification application-system-cache
C. show security application-firewall rule-set all
D. show security policies application-firewall


Question No : 4

You are working as a security administrator and must configure a solution to protect
against distributed botnet attacks on your company's central SRX cluster.
How would you accomplish this goal?

A. Configure AppTrack to inspect and drop traffic from the malicious hosts.
B. Configure AppQoS to block the malicious hosts.
C. Configure AppDoS to rate limit connections from the malicious hosts.
D. Configure AppID with a custom application to block traffic from the malicious hosts.


Question No : 5

Click the Exhibit button.
Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can
only communicate with IPv4.
Which feature would you use to permit communication between Host-1 and Host-2?

A. 6rd
B. DS-Lite
C. NAT46
D. NAT444


Question No : 6

Which statement is true regarding the dynamic VPN feature for Junos devices?

A. Only route-based VPNs are supported.
B. Aggressive mode is not supported.
C. Preshared keys for Phase 1 must be used.
D. It is supported on all SRX devices.


Question No : 7

You must ensure that your Layer 2 traffic is secured on your SRX Series device in
transparent mode.
What must be considered when accomplishing this task?

A. Layer 2 interfaces must use the ethernet-switching protocol family.
B. Security policies are not supported when operating in transparent mode.
C. Screens are not supported in your security zones with transparent mode.
D. You must reboot your device after configuring transparent mode.


Question No : 8

You have recently deployed a dynamic VPN. Some remote users are complaining that they
cannot authenticate through the SRX device at the corporate network. The SRX device
serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this
problem? (Choose two.)

A. The supported number of users has been exceeded for the applied license.
B. The users are connecting to the portal using Windows Vista.
C. The SRX device does not have the required user account definitions.
D. The SRX device does not have the required access profile definitions.


Question No : 9

You want to create a custom IDP signature for a new HTTP attack on your SRX device.
You have the exact string that identifies the attack. Which two additional elements do you
need to define your custom signature? (Choose two.)

A. service context
B. protocol number
C. direction
D. source IP address of the attacker


Question No : 10

Your company is providing multi-tenant security services on an SRX5800 cluster. You have
been asked to create a new logical system (LSYS) for a customer. The customer must be
able to access and manage new resources within their LSYS.
How do you accomplish this goal?

A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.
B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.
C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.
D. Create the new LSYS, then request the required resources from the customer, and create the required resources.


Question No : 11

Click the Exhibit button.
-- Exhibit --
[edit security]
user@srx# show idp

application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
-- Exhibit --
You are using AppDoS to protect your network against a bot attack, but noticed an
approved application has falsely triggered the configured IDP action of drop. You adjusted
your AppDoS configuration as shown in the exhibit. However, the approved traffic is still
dropped.
What are two reasons for this behavior? (Choose two.)

A. The approved traffic results in 50,000 HTTP GET requests per minute.
B. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.
C. The active IDP policy has not been defined in the security configuration.
D. The IDP action is still in effect due to the timeout configuration.


Question No : 12

You configured a custom signature attack object to match specific components of an
attack:
HTTP-request
Pattern .*\x90 90 90 90
Direction: client-to-server
Which client traffic would be identified as an attack?

A.
B.
C.
D.


Question No : 13

Click the Exhibit button.
user@host> show interfaces routing-instance all ge* terse
InterfaceAdmin Link Proto Local Instance
ge-0/0/0.0 up up inet 172.16.12.205/24 default
ge-0/0/1.0 up up inet 5.0.0.5/24
iso A
ge-0/0/2.0 up up inet 25.0.0.5/24
iso B
user@host> show security flow session
Session ID: 82274, Policy name: default-policy-00/2, Timeout: 1770, Valid
In: 5.0.0.25/61935 --> 25.0.0.25/23;tcp, If: ge-0/0/1.0, Pkts: 31, Bytes: 1781
Out: 25.0.0.25/23 --> 5.0.0.25/61935;tcp, If: ge-0/0/2.0, Pkts: 23, Bytes: 1452
Total sessions: 3
user@host> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, + = Both
0.0.0.0/0 *[Static/5] 04:08:52
> to 172.16.12.1 via ge-0/0/0.0
172.16.12.0/24 *[Direct/0] 04:08:52
via ge-0/0/0.0
172.16.12.205/32 *[Local/0] 4w4d 23:04:29
Loca1 via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 14:37:35, metric 1
MultiRecv

A. inet.0: 4 destinations, 4 routes {4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5.0.0.0/24 5 *[Direct/0] 00:05:04 > via ge-0/0/1.0 5.0.0.5/32 *[Local/0] 00:05:04 Local via ge-0/0/1.0 25.0.0.0/24 *[Direct/0] 00:02:37 > via ge-0/0/2.0
B. inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5.0.0.25/32 *[Static/5] 00:02:38 to table A.inet.0 25.0.0.0/24 *[Direct/0] 00:02:37 > via ge-0/0/2.0 25.0.0.5/32 *[Local/0] 00:02:37 Local via ge-0/0/2.0 Which statement is true about the outputs shown in the exhibit?
C. The routing instances A and B are connected using an lt interface.
D.
E.
F. The routing instances A and B are connected using a vt interface.


Question No : 14

Microsoft has altered the way their Web-based Hotmail application works. You want to
update your application firewall policy to correctly identify the altered Hotmail application.
Which two steps must you take to modify the application? (Choose two.)

A. user@srx> request services application-identification application copy junos:HOTMAIL
B. user@srx> request services application-identification application enable junos:HOTMAIL
C. user@srx# edit services custom application-identification my:HOTMAIL
D. user@srx# edit services application-identification my:HOTMAIL


Question No : 15

Click the Exhibit button.
-- Exhibit
Juniper JN0-633 question 15
-- Exhibit --
Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent
issues with their connection.
Referring to the exhibit, what is the problem?

A. The tunnel is down due to a configuration change.
B. The do-not-fragment bit is copied to the tunnel header.
C. The MSS option on the SYN packet is set to 1300.
D. The TCP SYN check option is disabled for tunnel traffic.


Question No : 16

Which statement is true about NAT?

A. When you implement destination NAT, the router does not apply ALG services.
B. When you implement destination NAT, the router skips source NAT rules for the initiating traffic flow.
C. When you implement static NAT, each packet must go through a route lookup.
D. When you implement static NAT, the router skips destination NAT rules for the initiating traffic flow.


Question No : 17

You are asked to implement a Dynamic IPsec VPN on your new SRX240. You are required
to facilitate up to 5 simultaneous users.
Which two statements must be considered when accomplishing the task?

A. You must acquire at least three additional licenses.
B. Your devices must be in a chassis cluster.
C. You must be a policy-based VPN.
D. You must use main mode for your IKE phase 1 policy.


Question No : 18

You have been asked to configure traffic to flow between two virtual routers (VRs) residing
on two unique logical systems (LSYSs) on the same SRX5800.
How would you accomplish this task?

A. Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.
B. Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.
C. Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.
D. Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.


Question No : 19

You want to route traffic between two newly created virtual routers without the use of
logical systems using the configuration options on the SRX5800.
Which two methods of forwarding, between virtual routers, would you recommend?
(Choose two.)

A. Use a static route to forward traffic across virtual routers using the next-table option. Enable the return route by using a RIB group.
B. Create static routes in each virtual router using the next-table command.
C. Use a RIB group to share the internal routing protocol routes from the master routing instance. D. Connect a direct cable between boo physical interfaces, one in each virtual router and use static routes with the next-hop command.


Question No : 20

You have an existing group VPN established in your internal network using the group-id 1.
You have been asked to configure a second group using the group-id 2. You must ensure
that the key server for group 1 participates in group 2 but is not the key server for that
group. Which statement is correct regarding the group configuration on the current key
server for group 1?

A. You must configure both groups at the [edit security ipsec vpn] hierarchy.
B. You must configure both groups at the [edit security group-vpn member] hierarchy.
C. You must configure both groups at the [edit security ike] hierarchy.
D. You must configure both groups at the [edit security group-vpn] hierarchy.


Showing 1-20 of 175 Questions   (Page 1 out of 9)

JN0-633 Training Products

JN0-633 Premium File

  • 181 Questions & Answers
  • Instant Download
  • $39.99

Site Search:

Close

Close
SPECIAL OFFER: GET 30% OFF

Exam-Labs PREMIUM Files

Get 30% Discount on all Exam-Labs.com PREMIUM files!



Enter Your Email Address to Receive Your 30% Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.