[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 31-40

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 31

Which statement is true about NAT?

 

A.

When you implement destination NAT, the router does not apply ALG services.

B.

When you implement destination NAT, the router skips source NAT rules for the initiating traffic flow.

C.

When you implement static NAT, each packet must go through a route lookup.

D.

When you implement static NAT, the router skips destination NAT rules for the initiating traffic flow.

 

Correct Answer: D

Explanation:

The NAT type determines the order in which NAT rules are processed. During the first packet processing for a flow, NAT rules are applied in the following order:

Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos- security-swconfig-security/topic-42804.html

 

 

QUESTION 32

You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able to reach the Web server using its DNS name. External users receive an error message from their browser. Which action would solve this problem?

 

A.

Modify the security policy.

B.

Disable Web filtering.

C.

Use destination NAT instead of static NAT.

D.

Use DNS doctoring.

 

Correct Answer: D

Explanation:

http://www.networker.co.in/2013/03/dns-doctoring.html

 

 

QUESTION 33

Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

 

A.

DNS ALG

B.

dns-doctoring stanza

C.

name-server

D.

static NAT

 

Correct Answer: AD

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1×44/information-products/pathway-pages/security/security-alg-dns.pdf

 

 

QUESTION 34

You want to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, without the internal resource having previously sent packets to the external hosts. Which configuration setting will accomplish this goal?

 

A.

persistent-nat permit target-host

B.

persistent-nat permit any-remote-host

C.

persistent-nat permit target-host-port

D.

address-persistent

 

Correct Answer: B

Explanation:

http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/understand-persistent-nat-section.html

 

 

QUESTION 35

Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts to be able to reach the internal resource using the DNS name of the resource. How do you accomplish this goal?

 

A.

Implement proxy ARP.

B.

Implement NAT-Traversal.

C.

Implement NAT hairpinning.

D.

Implement persistent NAT.

 

Correct Answer: A

Explanation:

http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/prxy-arp-nat_srx.html

 

 

QUESTION 36

You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports. Which type of persistent NAT is required?

 

A.

any-remote-host

B.

target-host

C.

target-host-port

D.

remote-host

 

Correct Answer: B

Explanation:

http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/understand-persistent-nat-section.html

 

 

QUESTION 37

You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)

 

A.

virtual routing instance

B.

forwarding instance

C.

static NAT

D.

persistent NAT

 

Correct Answer: AC

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286

 

 

QUESTION 38

You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500. How would you resolve this problem?

 

A.

Enable NAT-T.

B.

Disable NAT-T.

C.

Disable PAT.

D.

Enable PAT.

 

Correct Answer: B

Explanation:

NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue.

 

Reference: https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFj AJ&url=http%3A%2F%2Fchimera.labs.oreilly.com%2Fbooks%2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNgssixHtCBoNBnw&sig2=iKzzP NQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk

 

 

QUESTION 39

Given the following session output:

 

Session ID. , Policy name. default-policy-00/2, State. Active, Timeout: 1794, Valid

 

In: 2001:660:1000:8c00::b/1053 –> 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4, Bytes:

Out: 192.168.203.10/80 –> 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:

 

Which statement is correct about the security flow session output?

 

A.

This session is about to expire.

B.

NAT64 is used.

C.

Proxy NDP is used for this session.

D.

The IPv4 Web server runs services on TCP port 24770.

 

Correct Answer: B

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391

 

 

QUESTION 40

You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices. Which two statements about the new deployment are true? (Choose two.)

 

A.

The networks at the various sites must use NAT.

B.

The participating endpoints in the group VPN can belong to a chassis cluster.

C.

The networks at the various sites cannot use NAT.

D.

The participating endpoints in the group VPN cannot be part of a chassis cluster.

 

Correct Answer: CD

Explanation:

http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_ Group_VPN_Juniper_SRX.pdf

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_ Guide_v1.2.pdf

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.