♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q21. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit.
What are three configuration requirements? (Choose three.)
A. Disable SYN checking.
B. Enable IPv6 flow mode.
C. Configure proxy ARP.
D. Configure stateless filtering.
E. Configure proxy NDP.
Answer: B,C,E
Explanation: Reference:http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf
Q22. You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)
A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic
Answer: A,B,C
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
Q23. You are asked to implement the AppFW feature on an SRX Series device. Which three tasks must be performed to make the feature work? (Choose three.)
A. Configure a firewall filter that includes the application-firewall policy.
B. Install an IPS license.
C. Install an AppSecure license.
D. Configure a security policy that includes the application-firewall policy.
E. Configure an application-firewall policy.
Answer: C,D,E
Q24. Click the Exhibit button.
user@host# run show security flow session
Session ID: 28, Policy name: allow/5, Timeout: 2, Valid
In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40
Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.
Referring to the exhibit, what is causing this problem?
A. The traffic is originated with incorrect IP address from the customer.
B. The traffic is translated with the incorrect IP address for the HTTP server.
C. The traffic is translated with the incorrect port number for the HTTP server.
D. The traffic is originated with the incorrect port number from the customer.
Answer: C
Q25. You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN.Which configuration will accomplish this task?
A. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; dead-peer-detection;
external-interface ge-0/0/1;
}
B. [edit security ipsec] user@srx# show
policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; dead-peer-detection; ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
C. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; vpn-monitor;
external-interface ge-0/0/1;
}
D. [edit security ipsec] user@srx# show policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; vpn-monitor;
ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
Answer: D
Explanation: Reference: https://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?topic- 59092.html
Q26. Your company's network has seen an increase in Facebook-related traffic. You have been asked to restrict the amount of Facebook-related traffic to less than 100 Mbps regardless of congestion.
What are three components used to accomplish this task? (Choose three.)
A. IDP policy
B. application traffic control
C. application firewall
A. D. security policy
E. application signature
Answer: B,D,E
Explanation:
An IDP policy defines how your device handles the networktraffic.It will not limit the rate. Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/idp-policy-overview-section.html)
Application Firewallenforces protocol and policy control at Layer 7. It inspects the actual content of the payload and ensures that it conforms to the policy, rather thanlimiting the rate.
Reference:http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/application-firewall-overview.html
Q27. You have a group IPsec VPN established with a single key server and five client devices. Regarding this scenario, which statement is correct?
A. There is one unique Phase 1 security association and five unique Phase 2 security associations used for this group.
B. There is one unique Phase 1 security association and one unique Phase 2 security association used for this group.
C. There are five unique Phase 1 security associations and five unique Phase 2 security associations used for this group.
D. There are five unique Phase 1 security associations and one unique Phase 2 security association used for this group.
Answer: D
Explanation:
Reference :http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf
Q28. You have an existing group VPN established in your internal network using the group-id 1. You have been asked to configure a second group using the group-id 2. You must ensure that the key server for group 1 participates in group 2 but is not the key server for that group.Which statement is correct regarding the group configuration on the current key server for group 1?
A. You must configure both groups at the [edit security ipsec vpn] hierarchy.
B. You must configure both groups at the [edit security group-vpn member] hierarchy.
C. You must configure both groups at the [edit security ike] hierarchy.
D. You must configure both groups at the [edit security group-vpn] hierarchy.
Answer: D
Explanation: Reference: http://www.jnpr.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/security/index.html?topic-45791.html
Q29. Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)
A. IRB
B. bridge domain
C. interface family bridge
D. interface family ethernet-switching
Answer: B,C
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21421
Q30. Click the Exhibit button.
-- Exhibit --
[edit security idp] user@srx# show security-package {
url https://services.netscreen.com/cgi-bin/index.cgi; automatic {
start-time "2012-12-11.01:00:00 +0000";
interval 120; enable;
}
}
-- Exhibit --
You have configured your SRX device to download and install attack signature updates as shown in the exhibit. You discover that updates are not being downloaded.
What are two reasons for this behavior? (Choose two.)
A. No security policy is configured to allow the SRX device to contact the update server.
B. The SRX device does not have a DNS server configured.
C. The management zone interface does not have an IP address configured.
D. The SRX device has no Internet connectivity.
Answer: B,D
Explanation:
Configuration is correct. Only reason is that SRZ device is not able to connect to definition server.
Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491