High value of JN0-633 practice test materials and rapidshare for Juniper certification for examinee, Real Success Guaranteed with Updated JN0-633 pdf dumps vce Materials. 100% PASS Security, Professional (JNCIP-SEC) exam Today!
2021 Oct JN0-633 free practice exam
Q91. Which configurable SRX Series device feature allows you to capture transit traffic?
A. syslog
B. traceoptions
C. packet-capture
D. archival
Answer: B
Q92. You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified.
Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)
A. Enable heuristics to detect the encrypted traffic.
B. Disable the application system cache.
C. Use the junos:UNSPECIFIED-ENCRYPTED application signature.
D. Use the junos:SPECIFIED-ENCRYPTED application signature.
Answer: A,C
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/encrypted-p2p-heuristics-detection.html
Q93. What are three techniques to mark DSCP values on an SRX Series device? (Choose three.)
A. IDP attack action-based DSCP rewriters
B. 802.11Q
C. VLAN rewrite
D. ALG-based DSCP rewriters
E. Layer 7 application-based DSCP rewriters.
Answer: A,D,E
Q94. An external host is attacking your network. The host sends an HTTP request to a Web server, but does not include the version of HTTP in the request.
Which type of attack is being performed?
A. signature-based attack
B. application identification
C. anomaly
D. fingerprinting
Answer: C
Explanation: Reference;https://services.netscreen.com/restricted/sigupdates/nsm-updates/HTML/HTTP%3AINVALID%3AMSNG-HTTP-VER.html
Q95. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
Referring to the exhibit, a pair of SRX3600s is in an active/passive chassis cluster configured for transparent mode. Which type of traffic would traverse the secondary SRX3600 (node 1)?
A. all traffic including non-IP traffic
B. any IP traffic
C. only TCP and UDP traffic
D. only BPDU traffic
Answer: D
Replace JN0-633 question:
Q96. Which two statements are true about persistent NAT? (Choose two.)
A. Thepermit target-host-portstatement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.
B. Thepermit target-hoststatement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.
C. Port overloading must be enabled for Interface-based persistent NAT.
D. Port overloading must be disabled for Interface-based persistent NAT.
Answer: B,D
Q97. You are asked to ensure traffic from your executive staff does not use the same ISP connection as your other traffic.
Which three actions are required to accomplish this task? (Choose three)
A. Create a firewall filter to match this traffic and send this traffic to the routing instance.
B. Create a routing instance and define the type asno-forwarding.
C. Assign the outgoing interface to theno-forwardinginstance.
D. Create a routing instance and define the type asforwarding.
E. Create a RIB group to share routes between the main instance and the routing instance.
Answer: A,D,E
Q98. You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN.Which configuration will accomplish this task?
A. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; dead-peer-detection;
external-interface ge-0/0/1;
}
B. [edit security ipsec] user@srx# show
policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; dead-peer-detection; ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
C. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; vpn-monitor;
external-interface ge-0/0/1;
}
D. [edit security ipsec] user@srx# show policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; vpn-monitor;
ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
Answer: D
Explanation: Reference: https://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?topic- 59092.html
Q99. You have an existing group VPN established in your internal network using the group-id 1. You have been asked to configure a second group using the group-id 2. You must ensure that the key server for group 1 participates in group 2 but is not the key server for that group.Which statement is correct regarding the group configuration on the current key server for group 1?
A. You must configure both groups at the [edit security ipsec vpn] hierarchy.
B. You must configure both groups at the [edit security group-vpn member] hierarchy.
C. You must configure both groups at the [edit security ike] hierarchy.
D. You must configure both groups at the [edit security group-vpn] hierarchy.
Answer: D
Explanation: Reference: http://www.jnpr.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/security/index.html?topic-45791.html
Q100. You are asked to merge the corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX device serves as the gateway for each network.Which solution allows you to merge the two networks without adjusting the current address assignments?
A. source NAT
B. persistent NAT
C. double NAT
D. NAT444
Answer: C
Explanation:
Reference :http://class10e.com/juniper/what-should-you-do-to-meet-the-requirements/