[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 111-120

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 111

Which configuration statement would allow the SRX Series device to match a signature only on the first match, and not subsequent signature matches in a connection?

 

A.

user@host# set security idp idp-policy test rulebase-ips rule 1 then action recommended

B.

user@host# set security idp idp-policy test rulebase-ips rule 1 then action ignore-connection

C.

user@host# set security idp idp-policy test rulebase-ips rule 1 then action no-action

D.

user@host# set security idp idp-policy test rulebase-ips rule 1 then action drop-connection

 

Correct Answer: B

 

 

QUESTION 112

Which two statements are true about persistent NAT? (Choose two.)

 

A.

The permit target-host-port statement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.

B.

The permit target-host statement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.

C.

Port overloading must be enabled for Interface-based persistent NAT.

D.

Port overloading must be disabled for Interface-based persistent NAT.

 

Correct Answer: BD

 

 

QUESTION 113

You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode. What must be considered when accomplishing this task?

 

A.

Layer 2 interfaces must use the ethernet-switching protocol family.

B.

Security policies are not supported when operating in transparent mode.

C.

Screens are not supported in your security zones with transparent mode.

D.

You must reboot your device after configuring transparent mode.

 

Correct Answer: D

 

 

QUESTION 114

As an SRX administrator, you must find all encrypted sessions on an SRX Series device. Which command would you use to accomplish this task?

 

A.

show security flow session tunnel

B.

show security ike tunnel-map

C.

show security ike security-associations

D.

show security flow session encrypted

 

Correct Answer: D

 

 

 

QUESTION 115

You want to query User Group membership directly using the integrated user firewall services from an Active Directory controller to an SRX Series device. Which two actions are required? (Choose two.)

 

A.

Configure the LDAP base distinguished name.

B.

Connect the SRX Series device and the MAG Series device in an enforcer configuration.

C.

Configure a domain name, the username and password of the domain, and the name and IP address of the domain controller in the domain.

D.

Configure the Access Control Service on the MAG Series device for local user authentication and verify that authentication information is transferred between the devices.

 

Correct Answer: AC

 

 

QUESTION 116

Click the Exhibit button.

 

user@host# show interfaces

 

ge-0/0/0 {

 

unit 1 {

 

family bridge {

 

interface-mode trunk;

 

vlan-id-list 20;

 

vlan-rewrite {

 

translate 2 20;

 

}

 

}

 

}

 

}

 

Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)

 

A.

An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.

B.

An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.

C.

An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.

D.

An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.

 

Correct Answer: CD

 

 

 

 

 

QUESTION 117

Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over SSH?

 

A.

Use a VLAN interface.

B.

Use the loopback interface.

C.

Use a logical interface.

D.

Use an irb interface.

 

Correct Answer: D

 

 

QUESTION 118

Click the Exhibit button. Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can only communicate with IPv4. Which feature would you use to permit communication between Host-1 and Host-2?

 

A.

6rd

B.

DS-Lite

C.

NAT46

D.

NAT444

 

Correct Answer: B

 

 

QUESTION 119

Click the Exhibit button

 

[edit security]

 

user@host# show policies

 

global {

 

policy new-policy {

 

match {

 

source-address any;

 

destination-address any;

 

application junos-https;

 

}

 

then {

 

permit {

 

application-services {

 

application-firewall {

 

rule-set appfw;

}

 

}

 

}

 

}

 

}

 

}

 

[edit security]

 

user@host# show application-firewall

 

rule-sets appfw {

 

rule 1 {

 

match {

 

dynamic-application junos:SSL;

 

}

 

then {

 

permit;

 

}

 

}

 

rule 2 {

 

match {

 

dynamic-application junos:HTTP;

 

}

 

then {

 

reject;

 

}

 

}

 

default-rule {

 

permit;

 

}

 

}

 

Referring to the exhibit, which two statements are correct? (Choose two.)

 

A.

HTTP traffic is permitted.

B.

HTTP traffic is dropped.

C.

HTTPS traffic is permitted.

D.

HTTPS traffic is dropped.

 

Correct Answer: BC

 

 

QUESTION 120

Click the Exhibit button.

 

user@host> show log message

 

Feb4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast>

 

Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:

 

192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,

 

[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

 

Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type:

 

dynamic, Traffic-selector:

 

Feb4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 ?

 

> (null) <Up Broadcast Multicast>

 

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:

 

192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,

 

[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

 

Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type:

 

dynamic, Traffic-selector:

 

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from

 

192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:

 

to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:

 

10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH

 

username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector

 

local ID:ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID:

 

ipv4_subnet(any:11,[0..7]=0.0.0.0/0)

 

Feb4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539,

 

ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0

 

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway:

 

192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0,

 

[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

 

Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type:

 

dynamic, Traffic-selector:

 

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:

 

192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0,

 

[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

 

Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type:

 

dynamic, Traff
ic-selector:

 

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from

 

192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:

 

to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:

 

Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,

 

XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-

 

selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector

 

remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)

 

Feb4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No

 

proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local:

 

192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available,

 

Remote Not-Available, VR-ID: 0

 

Referring to the exhibit, which statement is correct?

 

A.

The phase 1 security association for the to-spoke-3 VPN is failing.

B.

The phase 2 security association for the to-spoke-1 VPN is failing.

C.

The phase 2 security association for the to-spoke-3 VPN is failing.

D.

The phase 1 security association for the to-spoke-2 VPN is failing.

 

Correct Answer: B

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.