[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 51-60

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 51

You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices. Regarding this scenario, which statement is correct?

 

A.

The NHTB table must be statically defined.

B.

The NHTB table is automatically created during Phase 2.

C.

The NHTB table is automatically created during Phase 1.

D.

The NHTB table must be imported from each spoke.

 

Correct Answer: A

Explanation:

http://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke-nhtb- example-configuring.html

 

 

QUESTION 52

You have recently deployed a dynamic VPN. Some remote users are complaining that they cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this problem? (Choose two.)

 

A.

The supported number of users has been exceeded for the applied license.

B.

The users are connecting to the portal using Windows Vista.

C.

The SRX device does not have the required user account definitions.

D.

The SRX device does not have the required access profile definitions.

 

Correct Answer: AD

Explanation:

https://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/syslog-messages/index.html?jd0e28566.html

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16477

QUESTION 53

You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. The tunnel is stable and up, and communications with remote devices on different subnets work without any issues. Which configuration setting would resolve this issue?

 

A.

adding local-redirect at the [edit security nat] hierarchy

B.

adding local-redirect at the [edit interfaces <interface-name>] hierarchy

C.

adding proxy-arp at the [edit security nat] hierarchy

D.

adding proxy-arp at the [edit interfaces <interface-name>] hierarchy

 

Correct Answer: C

Explanation:

http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf

 

 

QUESTION 54

Your company is using a dynamic VPN configuration on their SRX device. Your manager asks you to enforce password expiration policies for all VPN users. Which authentication method meets the requirement?

 

A.

local password database

B.

TACACS+

C.

RADIUS

D.

LDAP

 

Correct Answer: D

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB17423&actp=RSS

 

 

QUESTION 55

You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN. Which configuration will accomplish this task?

 

A.

[edit security ike]

user@srx# show

policy policy-1 {

mode main;

proposal-set standard;

pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA }

gateway my-gateway {

ike-policy policy-1;

address 10.10.10.2;

dead-peer-detection;

external-interface ge-0/0/1;

}

B
.

[edit security ipsec]

user@srx# show

policy policy-1 {

proposal-set standard;

}

vpn my-vpn {

bind-interface st0.0;

dead-peer-detection;

ike {

gateway my-gateway;

ipsec-policy policy-1;

}

establish-tunnels immediately;

}

C.

[edit security ike]

user@srx# show

policy policy-1 {

mode main;

proposal-set standard;

pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA }

gateway my-gateway {

ike-policy policy-1;

address 10.10.10.2;

vpn-monitor;

external-interface ge-0/0/1;

}

D.

[edit security ipsec]

user@srx# show

policy policy-1 {

proposal-set standard;

}

vpn my-vpn {

bind-interface st0.0;

vpn-monitor;

ike {

gateway my-gateway;

ipsec-policy policy-1;

}

establish-tunnels immediately;

}

 

Correct Answer: D

Explanation:

https://www.juniper.net/techpubs/en
_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?topic-59092.html

 

 

QUESTION 56

You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub. Which st0 interface configuration is correct for the hub device?

 

A.

[edit interfaces]

user@srx# show

st0 {

multipoint

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

B.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

C.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

point-to-point;

family inet {

address 10.10.10.1/24;

}

}

}

D.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

multipoint;

family inet {

address 10.10.10.1/24;

}

}

}

 

Correct Answer: D

Explanation:

http://junos.com/techpubs/en_US/junos12.1/topics/example/ipsec-hub-and-spoke- configuring.html

 

 

QUESTION 57

You have an existing group VPN established in your internal network using the group-id 1. You have been asked to configure a second group using the group-id 2. You must ensure that the key server for group 1 participates in group 2 but is not the key server for that group. Which statement is correct regarding the group configuration on the current key server for group 1?

 

A.

You must configure both groups at the [edit security ipsec vpn] hierarchy.

B.

You must configure both groups at the [edit security group-vpn member] hierarchy.

C.

You must configure both groups at the [edit security ike] hierarchy.

D.

You must configure both groups at the [edit security group-vpn] hierarchy.

 

Correct Answer: D

Explanation:

http://www.jnpr.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/security/index.html?topic-45791.html

 

 

 

 

 

QUESTION 58

What are the three types of attack objects used in an IPS engine? (Choose three.)

 

A.

signature

B.

chargen

C.

compound

D.

component

E.

anomaly

 

Correct Answer: ACE

Explanation:

http://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion-detection-prevention-idp-rulebase-attack-object-using.html

 

 

QUESTION 59

At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

 

A.

When traffic matches the active IDP policy.

B.

When traffic first matches an IDP rule with the terminal parameter.

C.

When traffic uses the application layer gateway.

D.

When traffic is established in the firewall session table.

 

Correct Answer: AB

Explanation:

http://books.google.co.in/books?id=2HSLsTJIgEQC&pg=PA814&lpg=PA814&dq=what+time+IPS+ rulebase+inspects+traffic+on+SRX&source=bl&ots=_eDe_vLNBA&sig=1I4yX_S0OvkQVP- rqL273laMCyE&hl=en&sa=X&ei=nqvzUfn1Is-rrAf71oHYBA&ved=0CC4Q6AEwAQ#v=onepage&q=what%20time%20IPS%20rulebase%20inspects%20traffic%20on%20SRX&f=false

 

 

QUESTION 60

Which three match condition objects are required when creating IPS rules? (Choose three.)

 

A.

attack objects

B.

address objects

C.

terminal objects

D.

IP action objects

E.

zone objects

 

Correct Answer: ABE

Explanation:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-42453.html#understand-rule-match-cond-section

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.