[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 81-90

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 81

Click the Exhibit button. You have been asked to block YouTube video streaming for internal users. You have implemented the configuration shown in the exhibit, however users are still able to stream videos. What must be modified to correct the problem?

 

clip_image002

 

A.

The application firewall rule needs to be applied to an IDP policy.

B.

You must create a custom application to block YouTube streaming.

C.

The application firewall rule needs to be applied to the security policy.

D.

You must apply the dynamic application to the security policy

 

Correct Answer: C

Explanation:

http://www.redelijkheid.com/blog/2013/5/10/configure-application-firewalling-on

 

 

QUESTION 82

Click the Exhibit button. Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP. Why did the session close?

 

clip_image004

 

A.

The application identification engine was unable to determine which application was in use, which caused the SRX device to close the session.

B.

The host with the IP address of 192.168.1.123 received a TCP segment with the FIN flag set from the host with the IP address of 65.197.244.218.

C.

The SRX device was unable to determine the user and role in the allotted time, which caused the session to close.

D.

The host with the IP address of 192.168.1.123 sent a TCP segment with the FIN flag set to the host with the IP address of 65.197.244.218.

 

Correct Answer: D

Explanation:

http://netscreen.com/techpubs/software/junos/junos92/syslog-messages/download/rt.pdf

 

 

QUESTION 83

Click the Exhibit button. Referring to the exhibit, the application firewall configuration fails to commit. What must you do to allow the configuration to commit?

 

clip_image006

 

A.

Each firewall rule set must only have one rule.

B.

A firewall rule set cannot mix dynamic applications and dynamic application groups.

C.

The action in the rules must be different than the action in the default rule.

D.

The action in the default rule must be set to deny.

 

Correct Answer: C

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/application-firewall-overview.html

 

 

 

 

QUESTION 84

Click the Exhibit button.

 

— Exhibit —

 

user@srx240< show route summary

 

Router ID.

 

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

 

Direct: 1 routes, 1 active

 

Local: 1 routes, 1 active

 

Static. 1 routes, 1 active

 

customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

 

Direct: 1 routes, 1 active

 

Local: 1 routes, 1 active

 

Static. 1 routes, 1 active

 

customer-B,inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

 

Direct: 1 routes, 1 active

 

Local: 1 routes, 1 active

 

OSPF. 1 routes, 1 active

 

Static. 1 routes, 1 active

 

customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

 

Direct: 2 routes, 2 active

 

Local: 2 routes, 2 active

 

Static. 1 routes, 1 active

 

— Exhibit —

 

In the output, how many user-configured routing instances have active routes?

 

A.

1

B.

2

C.

3

D.

4

 

Correct Answer: B

Explanation:

http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/command-summary/show-route-summary.html#jd0e185

 

 

QUESTION 85

Click the Exhibit button. TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A is using the Blue network and getting dropped by the SRX device. Which action will resolve the issue?

 

clip_image008

 

A.

Enable asyncronous-routing under the Blue zone.

B.

Configure ge-0/0/1 to belong to the Red zone.

C.

Disable RPF checking.

D.

Disable TCP sequence checking.

 

Correct Answer: B

Explanation:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21046

 

 

QUESTION 86

Click the Exhibit button. Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?

 

clip_image010

 

A.

source NAT

B.

static NAT

C.

filter-based forwarding

D.

source-based routing

 

Correct Answer: C

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical-systems-filter-based-forwarding.html

 

 

QUESTION 87

Click the Exhibit button. In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. While troubleshooting, you change your filter to forward all traffic to ISP1. However, no traffic is sent to ISP1. What is causing this behavior?

 

clip_image012

 

A.

The filter is applied to the wrong interface.

B.

The filter should use the next-hop action instead of the routing-instance action.

C.

The filter term does not have a required from statement.

D.

The filter term does not have the accept statement.

 

Correct Answer: A

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB24821

 

 

 

 

 

 

QUESTION 88

Click the Exhibit button. In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. However, your configuration is not producing the expected results. Part of the configuration is shown in the exhibit. When you run the show route table isp1 command, you do not see the default route listed. What is causing this behavior?

 

clip_image014

 

A.

The autonomous system number is incorrect, which is preventing the device from receiving a default route from ISP1.

B.

The device is not able to resolve the next-hop.

C.

The isp1 routing instance is configured with an incorrect instance-type.

D.

The show route table isp1 command does not display the default route unless you add the exact 0.0.0.0/0 option.

 

Correct Answer: B

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

 

 

QUESTION 89

Click the Exhibit button.

 

— Exhibit —

 

[edit]

 

user@srx# run show route

 

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

 

+ = Active Route, – = Last Active, * = Both

0.0.0.0/0 *[Static/5] 01:09:08

 

> to 172.18.1.1 via ge-0/0/3.0

 

10.210.14.128/27 *[Direct/0] 8w6d 15:43:09

 

> via ge-0/0/0.0

 

10.210.14.135/32 *[Local/0] 11w0d 06:43:04

 

Local via ge-0/0/0.0

 

172.18.1.0/30 *[Direct/0] 8w6d 15:43:01

 

> via ge-0/0/3.0

 

172.18.1.2/32 *[Local/0] 11w0d 06:43:03

 

Local via ge-0/0/3.0

 

172.19.1.0/24 *[Direct/0] 03:46:56

 

> via ge-0/0/1.0

 

172.19.1.1/32 *[Local/0] 03:46:56

 

Local via ge-0/0/1.0

 

172.20.105.0/24 *[Direct/0] 03:46:56

 

> via ge-0/0/4.105

 

172.20.105.1/32 *[Local/0] 03:46:56

 

Local via ge-0/0/4.105

 

192.168.30.1/32 *[Direct/0] 4d 03:44:41

 

> via lo0.0

 

fbf.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

 

+ = Active Route, – = Last Active, * = Both

 

0.0.0.0/0 *[Static/5] 00:00:11

 

> to 172.19.1.2 via ge-0/0/1.0

 

172.19.1.0/24 *[Direct/0] 00:00:11

 

> via ge-0/0/1.0

 

[edit]

 

user@srx# show routing-instances

 

fbf {

routing-options {

 

static {

 

route 0.0.0.0/0 next-hop 172.19.1.2;

 

}

 

}

 

}

 

[edit]

 

user@srx# show routing-options

 

interface-routes {

 

rib-group inet fbf-int;

 

}

 

static {

 

route 0.0.0.0/0 next-hop 172.18.1.1;

 

}

 

rib-groups {

 

fbf-int {

 

import-rib [ inet.0 fbf.inet.0 ];

 

import-policy fbf-pol;

 

}

 

}

 

[edit]

 

user@srx# show policy-options policy-statement fbf-pol

 

term 1 {

 

from interface ge-0/0/1.0;

 

to rib fbf.inet.0;

 

then accept;

 

}

term 2 {

 

then reject;

 

}

 

— Exhibit —

 

Referring to the exhibit, you notice that filter-based forwarding is not working.

 

What is the reason for this behavior?

 

A.

The RIB group is configured incorrectly.

B.

The routing policy is configured incorrectly.

C.

The routing instance is configured incorrectly.

D.

The default static routes are configured incorrectly.

 

Correct Answer: C

Explanation:

By default, we have a static route in a routing instance sending the default route to 172.19.1.2. We want to hijack traffic matching a particular filter and send the traffic to a different next- hop, 172.18.1.1. Weshould create your rib group by importing FIRST the table belonging to your virtual router and SECOND the table for the forwarding instance that has the next-hop specified.

 

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

 

 

QUESTION 90

Click the Exhibit button. Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A’s configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page. What would cause this behavior on the SRX device in Company B’s network?

 

clip_image016

 

A.

DNS replication is enabled.

B.

DNS doctoring is enabled.

C.

DNS replication is disabled.

D.

DNS doctoring is disabled.

 

Correct Answer: D

Explanation:

http://www.trapezenetworks.com/techpubs/en_US/junos12.2/topics/concept/dns-alg-nat-doctoring-overview.html

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.