♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q31. What are three advantages of group VPNs? (Choose three.)
A. Supports any-to-any member connectivity.
B. Provides redundancy with cooperative key servers.
C. Eliminates the need for full mesh VPNs.
D. Supports translating private to public IP addresses.
E. Preserves original IP source and destination addresses.
Answer: A,C,E
Explanation:
Reference :http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf
Q32. HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets locally on the SRX240. Which configuration would you use to enable this capture?
A. [edit security flow] user@srx# show traceoptions {
file dump;
flag basic-datapath;
}
B. [edit security] user@srx# show application-tracking { enable;
}
flow { traceoptions { file dump;
flag basic-datapath;
}
}
C. [edit firewall filter capture term one] user@srx# show
from {
source-address { 1.1.1.1;
}
destination-address { 2.2.2.2;
}
protocol tcp;
}
then {
port-mirror; accept;
}
D. [edit firewall filter capture term one] user@srx# show
from {
source-address { 1.1.1.1;
}
destination-address { 2.2.2.2;
}
protocol tcp;
}
then { sample; accept;
}
Answer: D
Explanation: Reference:http://khurramkhalid.wordpress.com/2012/05/22/packet-capture-on-srx-devices/
Q33. What are the three types of attack objects used in an IPS engine? (Choose three.)
A. signature
B. chargen
C. compound
D. component
E. anomaly
Answer: A,C,E
Explanation: Reference:http://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion-detection-prevention-idp-rulebase-attack-object-using.html
Q34. You are asked to allow access to an external application for an internal host subject to address translation. The application requires multiple sessions initiated from the internal host and expects all the sessions to originate from the same source IP address.
Which Junos feature meets this objective?
A. destination NAT with address persistence
B. source NAT with address persistence
C. static NAT with port translation
D. interface-based persistent NAT
Answer: B
Q35. Click the Exhibit button.
[edit security idp-policy test] user@host# show
rulebase-ips { rule R3 { match {
source-address any; destination-address any; attacks {
predefined-attacks FTP:USER:ROOT;
}
}
then { action {
recommended;
}
}
terminal;
}
rule R4 { match {
source-address any; destination-address any; attacks {
predefined-attacks HTTP:HOTMAIL:FILE-UPLOAD;
}
}
then { action {
recommended;
}
}
}
}
You have just committed the new IDP policy shown in the exhibit. However, you notice no action is taken on traffic matching the R4 IDP rule.
Which two actions will resolve the problem? (Choose two.)
A. Change the R4 rule to match on a predefined attack group.
B. Insert the R4 rule above the R3 rule.
C. Delete theterminalstatement from the R3 rule.
D. Change the IPS rulebase to an exempt rulebase.
Answer: C
Q36. Click the Exhibit button.
-- Exhibit -- security { nat { destination {
pool Web-Server { address 10.0.1.5/32;
}
rule-set From-Internet { from zone Untrust;
rule To-Web-Server { match {
source-address 0.0.0.0/0; destination-address 172.16.1.7/32;
}
then {
destination-nat pool Web-Server;
}
}
}
}
}
zones {
security-zone Untrust { address-book {
address Web-Server-External 172.16.1.7/32; address Web-Server-Internal 10.0.1.5/32;
}
interfaces { ge-0/0/0.0;
}
}
security-zone DMZ { address-book {
address Web-Server-External 172.16.1.7/32; address Web-Server-Internal 10.0.1.5/32;
}
interfaces { ge-0/0/1.0;
}
}
}
}
-- Exhibit --
You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address 192.168.1.1.
How do you accomplish this goal?
A. Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].
B. Change the address Web-Server-Ext objects to be address-set objects that include both addresses.
C. Change the destination address under [edit security nat destination rule-set From- Internet rule To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.
D. Create a new rule for the new address in the [edit security nat destination rule-set From- Internet] hierarchy.
Answer: D
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security- source-and-destination-nat-translation-configuring.html
Q37. Which feature is used for layer 2 bridging on an SRX Series device?
A. route mode
B. packet mode
C. transparent mode
D. MPLS mode
Answer: C
Q38. You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the database fails to install.What are two reasons for the failure? (Choose two.)
A. The file system on the SRX device has insufficient free space to install the database.
B. The downloaded signature database is corrupt.
C. The previous version of the database must be uninstalled first.
D. The SRX device does not have the high memory option installed.
Answer: A,B
Explanation:
We don’t need to uninstall the previous version to install a new license, as we can update the same. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491. Also high memory option is licensed feature.
The only reason for failure is either there is no space left or downloaded file is corrupted due to incomplete download because of internet termination in between. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB23359
Q39. Click the Exhibit button.
-- Exhibit -- [edit security]
user@srx# show idp
…
application-ddos Webserver { service http;
connection-rate-threshold 1000; context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
}
}
-- Exhibit --
You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.
What are two reasons for this behavior? (Choose two.)
A. The approved traffic results in 50,000 HTTP GET requests per minute.
B. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.
C. The active IDP policy has not been defined in the security configuration.
D. The IDP action is still in effect due to the timeout configuration.
Answer: A,D
Explanation: Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against
Q40. Click the Exhibit button.
-- Exhibit --
user@srx240< show route summary Router ID.
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active
StatiC.1 routes, 1 active
customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active StatiC.1 routes, 1 active
customer-B.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active OSPF.1 routes, 1 active StatiC.1 routes, 1 active
customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
Direct: 2 routes, 2 active
Local: 2 routes, 2 active StatiC.1 routes, 1 active
-- Exhibit --
In the output, how many user-configured routing instances have active routes?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/command-summary/show-route-summary.html#jd0e185