[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 101-110

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 101

Click the Exhibit button.

 

— Exhibit —

 

[edit security idp]

 

user@srx# show | no-more

 

idp-policy basic {

 

rulebase-ips {

rule 1 {

 

match {

 

from-zone untrust;

 

source-address any;

 

to-zone trust;

 

destination-address any;

 

application default;

 

attacks {

 

custom-attacks data-inject;

 

}

 

}

 

then {

 

action {

 

recommended;

 

}

 

notification {

 

log-attacks;

 

}

 

}

 

}

 

}

 

}

 

active-policy basic;

 

custom-attack data-inject {

 

recommended-action close;

 

severity critical;

 

attack-type {

 

signature {

 

context mssql-query;

 

pattern “SELECT * FROM accounts”;

 

direction client-to-server;

 

}

 

}

 

}

 

— Exhibit —

 

You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you want to improve the efficiency and performance of your IDP.

 

Which two commands should you use? (Choose two.)

 

A.

set custom attack data-inject recommended-action drop

B.

set custom-attack data-inject attack-type signature protocol-binding tcp

C.

set idp-policy basic rulebase-ips rule 1 match destination-address webserver

D.

set idp-policy basic rulebase-ips rule 1 match application any

 

Correct Answer: BC

 

 

QUESTION 102

Click the Exhibit button. Referring to the exhibit, a pair of SRX3600s is in an active/passive chassis cluster configured for transparent mode. Which type of traffic would traverse the secondary SRX3600 (node 1)?

 

clip_image002

 

A.

all traffic including non-IP traffic

B.

any IP traffic

C.

only TCP and UDP traffic

D.

only BPDU traffic

 

Correct Answer: D

 

 

QUESTION 103

Click the Exhibit button. You receive complaints from users that their Web browsing sessions keep dropping prematurely. Upon investigation, you find that the IDP policy shown in the exhibit is detecting the users’ sessions as HTTP:WIN-CMD:WIN-CMD-EXE attacks, even though their sessions are not actual attacks. You must allow these sessions but still inspect for all other relevant attacks. How would you configure your SRX device to meet this goal?

 

clip_image004

 

A.

Create a new security policy that allows HTTP for all users and does not apply IDP.

B.

Modify the security policy to add an application exception.

C.

Modify the IDP policy to delete this particular attack from the IDP rulebase.

D.

Modify the IDP policy to add an exempt rulebase rule to not inspect for this attack.

 

Correct Answer: D

 

QUESTION 104

Click the Exhibit button. In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other. What is causing this behavior?

 

clip_image006

 

A.

The interfaces must be in trunk mode.

B.

The interfaces need to be configured for Ethernet switching.

C.

The default security policy does not apply to transparent mode.

D.

A bridge domain has not been defined.

 

Correct Answer: D

 

 

 

 

QUESTION 105

Click the Exhibit button.

 

— Exhibit —

 

user@srx# show security datapath-debug

 

capture-file pkt-cap-file format pcap size 5m;

 

action-profile {

 

pkt-cap-profile {

 

event np-ingress {

 

packet-dump;

 

}

 

}

 

}

 

packet-filter pkt-filter {

 

action-profile pkt-capture;

 

source-prefix 1.2.3.4/32;

 

}

 

— Exhibit —

 

You want to capture transit traffic passing through your SRX3600. You add the configuration shown in the exhibit but do not see entries added to the capture file.

 

What is causing the problem?

 

A.

You are missing the configuration set security datapath-debug maximum-capture-size 1500.

B.

You are missing the configuration set security datapath-debug packet-filter pkt-filter destination- prefix 5.6.7.8/32.

C.

You must start the capture from operational mode with the command request security datapath- debug capture start.

D.

You must start the capture from operational mode with the command monitor start capture.

 

Correct Answer: C

 

 

 

 

 

 

 

 

 

QUESTION 106

Click the Exhibit button. Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent issues with their connection. Referring to the exhibit, what is the problem?

 

clip_image008

 

A.

The tunnel is down due to a configuration change.

B.

The do-not-fragment bit is copied to the tunnel header.

C.

The MSS option on the SYN packet is set to 1300.

D.

The TCP SYN check option is disabled for tunnel
traffic.

 

Correct Answer: B

 

 

QUESTION 107

Click the Exhibit button.

 

— Exhibit —

 

CID-0:RT: flow process pak fast ifl 71 in_ifp ge-0/0/5.0

 

CID-0:RT: ge-0/0/5.0:10.0.0.2/55892->192.168.1.2/80, tcp, flag 2 syn

 

CID-0:RT: find flow: table 0x5a386c90, hash 50728(0xffff), sa 10.0.0.2, da 192.168.1.2, sp 55892, dp 80, proto 6, tok 7

 

CID-0:RT: no session found, start first path. in_tunnel – 0x0, from_cp_flag – 0

 

CID-0:RT: flow_first_create_session

 

CID-0:RT: flow_first_in_dst_nat: in <ge-0/0/5.0>, out <N/A> dst_adr 192.168.1.2, sp 55892, dp 80

 

CID-0:RT: chose interface ge-0/0/5.0 as incoming nat if.

 

CID-0:RT:flow_first_rule_dst_xlatE. DST no-xlatE. 0.0.0.0(0) to 192.168.1.2(80)

 

CID-0:RT:flow_first_routinG. vr_id 0, call flow_route_lookup(): src_ip 10.0.0.2, x_dst_ip 192.168.1.2, in ifp ge-0/0/5.0, out ifp N/A sp 55892, dp 80, ip_proto 6, tos 10

 

CID-0:RT:Doing DESTINATION addr route-lookup

 

CID-0:RT: routed (x_dst_ip 192.168.1.2) from LAN (ge-0/0/5.0 in 0) to ge-0/0/1.0, Next-hop: 172.16.32.1

 

CID-0:RT:flow_first_policy_searcH. policy search from zone LAN-> zone WAN (0x0,0xda540050,0x50)

 

CID-0:RT:Policy lkup: vsys 0 zone(7:LAN) -> zone(6:WAN) scope:0

 

CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6

 

CID-0:RT:Policy lkup: vsys 0 zone(5:Unknown) -> zone(5:Unknown) scope:0

 

CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6

 

CID-0:RT: app 6, timeout 1800s, curr ageout 20s

 

CID-0:RT: packet dropped, denied by policy

 

C
ID-0:RT: denied by policy default-policy-00(2), dropping pkt

 

CID-0:RT: packet dropped, policy deny.

 

CID-0:RT: flow find session returns error.

 

CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1)

 

CID-0:RT:jsf sess close notify

 

CID-0:RT:flow_ipv4_del_flow: sess , in hash 32

 

— Exhibit —

 

A host is not able to communicate with a Web server.

 

Based on the logs shown in the exhibit, what is the problem?

 

A.

A policy is denying the traffic between these two hosts.

B.

A session has not been created for this flow.

C.

A NAT policy is translating the address to a private address.

D.

The session table is running out of resources.

Correct Answer: A

 

 

QUESTION 108

Click the Exhibit button. Referring to the exhibit, which two statements are true? (Choose two.)

 

clip_image010

 

A.

Packets may get fragmented.

B.

The tunnel automatically fragments packets based on MTU discovery.

C.

The Phase 2 association will never expire.

D.

The Phase 2 association will expire without traffic.

 

Correct Answer: AD

 

 

QUESTION 109

Click the Exhibit button.

 

— Exhibit —

 

user@srx> show security flow session

 

Session ID. 7724, Policy namE. default-permit/4, Timeout: 2

 

In: 1.1.70.6/17 –> 100.0.0.1/2326;icmp, IF. ge-0/0/3

 

Out: 10.1.10.5/2326 –> 1.1.70.6/17;icmp, IF. ge-0/0/2

 

Session ID. 18408, Policy namE. default-permit/4, Timeout: 2

 

In: 10.1.10.5/64513 –> 1.1.70.6/512;icmp, IF. ge-0/0/2.0

 

Out: 1.1.70.6/512 –> 100.0.0.1/64513;icmp, IF. ge-0/0/3.10

 

— Exhibit —

 

A user has reported a traffic drop issue between a host with the 10.1.10.5 internal IP address and a host with the 1.1.70.6 IP address. The traffic transits an SRX240 acting as a NAT translator. You are investigating the issue on the SRX240 using the output shown in the exhibit.

 

Regarding this scenario, which two statements are true? (Choose two.)

 

A.

The sessions shown indicate interface-based NAT processing.

B.

The sessions shown indicate static NAT processing.

C.

ICMP traffic is passing in both directions.

D.

ICMP traffic is passing in one direction.

 

Correct Answer: BC

 

 

QUESTION 110

Click the Exhibit button.

 

— Exhibit —

 

[edit forwarding-options]

 

user@srx240# show

 

packet-capture {

 

file filename my-packet-capture;

 

maximum-capture-size 1500;

 

}

 

— Exhibit —

 

Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.

 

Which firewall filter must you apply to the necessary interface to collect data for the packet capture?

 

A.

user@srx240# show

filter pkt-capture {

term pkt-capture-term {

from {

protocol tcp;

port ssh;

}

then packet-mode;

}

term allow-all {

then accept;

}

}

[edit firewall family inet]

B.

user@srx240# show

filter pkt-capture {

term pkt-capture-term {

from {

protocol tcp;

port ssh;

}

then {

count packet-capture;

}

}

term allow-all {

then accept;

}

}

[edit firewall family inet]

C.

user@srx240# show

filter pkt-capture {

term pkt-capture-term {

from {

protocol tcp;

port ssh;

}

then {

routing-instance packet-capture;

}

}

term allow-all {

then accept;

}

}

[edit firewall family inet]

D.

user@srx240# show

filter pkt-capture {

term pkt-capture-term {

from {

protocol tcp;

port ssh;

}

then {

sample;

accept;

}

}

term allow-all {

then accept;

}

}

[edit firewall family inet]

 

Correct Answer: D

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.