Proper study guides for Renew Juniper Security, Professional (JNCIP-SEC) certified begins with Juniper JN0-633 preparation products which designed to deliver the Guaranteed JN0-633 questions by making you pass the JN0-633 test at your first time. Try the free JN0-633 demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q81. Click the Exhibit button.
Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.
Referring to the exhibit, which statement is true?
A. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.
B. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.
C. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.
D. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.
Answer: C
Q82. Which problem is introduced by setting the terminal parameter on an IPS rule?
A. The SRX device will stop IDP processing for future sessions.
B. The SRX device might detect more false positives.
C. The SRX device will terminate the session in which the terminal rule detected the attack.
D. The SRX device might miss attacks.
Answer: D
Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-42464.html
Q83. Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature.
Which command would you use to accomplish this task?
A. show security idp attack detail
B. show security idp attack table
C. show security idp memory
D. show security idp counters
Answer: B
Q84. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You have been asked to block YouTube video streaming for internal users. You have implemented the configuration shown in the exhibit, however users are still able to stream videos.
What must be modified to correct the problem?
A. The application firewall rule needs to be applied to an IDP policy.
B. You must create a custom application to block YouTube streaming.
C. The application firewall rule needs to be applied to the security policy.
D. You must apply the dynamic application to the security policy
Answer: C
Explanation: Reference:http://www.redelijkheid.com/blog/2013/5/10/configure-application-firewalling-on
Q85. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You have configured an IDP policy as shown in the exhibit. The configuration commits successfully. Which traffic will be examined for attacks?
A. only originating traffic from source to destination in a session
B. only reply traffic from destination to source in a session
C. both originating and reply traffic between hosts in a session
D. recommended traffic between the source and destination hosts
Answer: C
Explanation: Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/config-idp-ips-rulebase-section.html#config-idp-ips-rulebase- section
Q86. Click the Exhibit button.
user@host> show log message
Feb4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast>
Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:
Feb4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 –
> (null) <Up Broadcast Multicast>
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPNto-spoke-1 from 192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:
to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:
10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH
username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID:ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:11,[0..7]=0.0.0.0/0)
Feb4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539, ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:
to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:
Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,
XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)
Feb4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local: 192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available,
Remote Not-Available, VR-ID: 0
Referring to the exhibit, which statement is correct?
A. The phase 1 security association for theto-spoke-3VPN is failing.
B. The phase 2 security association for theto-spoke-1VPN is failing.
C. The phase 2 security association for theto-spoke-3VPN is failing.
D. The phase 1 security association for theto-spoke-2VPN is failing.
Answer: B
Q87. You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
A. Load your Web server’s private key in the IDP configuration.
B. Load your Web server’s public key in the IDP configuration.
C. Generate a root certificate on the SRX Series device for your Web servers.
D. Specify the number of sessions in the SSL sensor configuration.
Answer: A,D
Q88. Click the Exhibit button.
[edit security nat static rule-set 12] user@SRX2# show
from zone untrust; rule 1 {
match {
destination-address 192.168.1.1/32;
}
then { static-nat { prefix {
10.60.60.1/32;
}
}
}
}
Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.
What is the result of the communication?
A. The 192.168.0.1 address is translated to the 10.60.60.1 address.
B. The 10.60.60.1 address is translated to the 192.168.1.1 address.
C. No translation occurs.
D. The 192.168.0.1 address is translated to the 192.168.1.1 address.
Answer: B
Q89. You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices.Regarding this scenario, which statement is correct?
A. The NHTB table must be statically defined.
B. The NHTB table is automatically created during Phase 2.
C. The NHTB table is automatically created during Phase 1.
D. The NHTB table must be imported from each spoke.
Answer: A
Explanation: Referencehttp://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke- nhtb-example-configuring.html
Q90. A branch SRX Series device in flow mode is forwarding between two virtual routers using a paired set of logical tunnel interfaces. You have a server connected to one virtual router and the client is on the other virtual router.
How many security policies are needed to connect from the client to the server across the logical tunnel link?
A. 0
B. 2
C. 3
D. 1
Answer: D