Want to know Testking JN0-633 Exam practice test features? Want to lear more about Juniper Security, Professional (JNCIP-SEC) certification experience? Study Tested Juniper JN0-633 answers to Updated JN0-633 questions at Testking. Gat a success with an absolute guarantee to pass Juniper JN0-633 (Security, Professional (JNCIP-SEC)) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q31. You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub.Which st0 interface configuration is correct for the hub device?
A. [edit interfaces] user@srx# show st0 {
multipoint unit 0 { family inet {
address 10.10.10.1/24;
}
}
}
B. [edit interfaces] user@srx# show st0 {
unit 0 { family inet {
address 10.10.10.1/24;
}
}
}
C. [edit interfaces] user@srx# show st0 {
unit 0 {
point-to-point; family inet {
address 10.10.10.1/24;
}
}
}
D. [edit interfaces] user@srx# show st0 {
unit 0 { multipoint; family inet {
address 10.10.10.1/24;
}
}
}
Answer: D
Explanation: Reference: http://junos.com/techpubs/en_US/junos12.1/topics/example/ipsec-hub-and-spoke-configuring.html
Q32. You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds.At which threshold will the bot clients no longer be classified as malicious?
A. 5000 hits in 60 seconds
B. 8000 hits in 60 seconds
C. 7500 hits in 60 seconds
D. 9999 hits in 60 seconds
Answer: B
Explanation: Reference :
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html
Q33. You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
A. Load your Web server’s private key in the IDP configuration.
B. Load your Web server’s public key in the IDP configuration.
C. Generate a root certificate on the SRX Series device for your Web servers.
D. Specify the number of sessions in the SSL sensor configuration.
Answer: A,D
Q34. You are asked to establish a hub-and-spoke IPsec VPN using your SRX Series device as the hub. All of your spoke devices are third-party devices.
Which statement is correct?
A. You must create a policy-based VPN on the hub device when peering with third-party devices.
B. You must always peer using loopback addresses when using non-Junos devices as your spokes.
C. You must statically configure the next-hop tunnel binding table entries for each of the third-party spoke devices.
D. You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.
Answer: C
Q35. In which situation is NAT proxy NDP required?
A. when translated addresses belong to the same subnet as the ingress interface
B. when filter-based forwarding and static NAT are used on the same interface
C. when working with static NAT scenarios
D. when the security device operates in transparent mode
Answer: C
Explanation:
WhenIP addressesarein the same subnet of the ingressinterface,NAT proxy ARPconfigured
Reference :http://www.juniper.net/techpubs/en_US/junos12.1x44/information- products/pathway-pages/security/security-nat.pdf
Reference :http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html
Q36. You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security policies and perform other various configurations.Where would you configure a Layer 3 interface to meet this requirement?
A. fxp0.0
B. vlan.1
C. irb.1
D. ge-0/0/0.0
Answer: C
Reference: http://safetynet.trapezenetworks.com/techpubs/en_US/junos12.1/information-products/topic-collections/security/software-all/layer-2/index.html?topic-52755.html
Q37. What are three techniques to mark DSCP values on an SRX Series device? (Choose three.)
A. IDP attack action-based DSCP rewriters
B. 802.11Q
C. VLAN rewrite
D. ALG-based DSCP rewriters
E. Layer 7 application-based DSCP rewriters.
Answer: A,D,E
Q38. Click the Exhibit button.
-- Exhibit --
user@srx> show security flow session
Session ID.7724, Policy namE.default-permit/4, Timeout: 2 In: 1.1.70.6/17 --> 100.0.0.1/2326;icmp, IF.ge-0/0/3
Out: 10.1.10.5/2326 --> 1.1.70.6/17;icmp, IF.ge-0/0/2
Session ID.18408, Policy namE.default-permit/4, Timeout: 2 In: 10.1.10.5/64513 --> 1.1.70.6/512;icmp, IF.ge-0/0/2.0 Out: 1.1.70.6/512 --> 100.0.0.1/64513;icmp, IF.ge-0/0/3.10
-- Exhibit --
A user has reported a traffic drop issue between a host with the 10.1.10.5 internal IP address and a host with the 1.1.70.6 IP address. The traffic transits an SRX240 acting as a NAT translator. You are investigating the issue on the SRX240 using the output shown in the exhibit.
Regarding this scenario, which two statements are true? (Choose two.)
A. The sessions shown indicate interface-based NAT processing.
B. The sessions shown indicate static NAT processing.
C. ICMP traffic is passing in both directions.
D. ICMP traffic is passing in one direction.
Answer: B,C
Q39. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other.What is causing this behavior?
A. The interfaces must be in trunk mode.
B. The interfaces need to be configured for Ethernet switching.
C. The default security policy does not apply to transparent mode.
D. A bridge domain has not been defined.
Answer: D
Q40. What is the default action for an SRX device in transparent mode to determine the outgoing interface for an unknown destination MAC address?
A. Perform packet flooding.
B. Send an ARP query.
C. Send an ICMP packet with a TTL of 1.
D. Perform a traceroute request.
Answer: A
Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-interfaces-and-routing/understand-l2-forwarding-tables-section.html