[Free] 2017(Jan) Ensurepass Pass4sure Juniper JN0-633 Real Test 91-100

Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 91

Click the Exhibit button. You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit. What are three configuration requirements? (Choose three.)

 

clip_image002

 

A.

Disable SYN checking.

B.

Enable IPv6 flow mode.

C.

Configure proxy ARP.

D.

Configure stateless filtering.

E.

Configure proxy NDP.

 

Correct Answer: BCE

Explanation:

http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf

 

 

QUESTION 92

Click the Exhibit button. Referring to the topology shown in the exhibit, which two configuration tasks will allow Host A to telnet to the public IP address associated with Server B? (Choose two.)

 

clip_image004

A.

Configure transparent mode to bypass the NAT processing of Server B’s public IP address.

B.

Configure a stateless filter redirecting local traffic destined to Server B’s public IP address.

C.

Configure a
destination NAT rule that matches local traffic destined to Server B’s public IP address.

D.

Configure a source NAT rule that matches local traffic destined to Server B’s public IP address.

 

Correct Answer: CD

Explanation:

In this scenario we have a host be accessible on the Internet by one address, but have it be translated to another address when it initiates connections out to the Internet.So we need to combine Source and destination NAT.

Reference: http://chimera.labs.oreilly.com/books/1234000001633/ch09.html#destination_nat

 

 

QUESTION 93

Click the Exhibit button. You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose. Which configuration will accomplish this task?

 

clip_image006

 

A.

Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.

B.

Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1’s addresses, and translate traffic destined to 172.16.2.0/24 to Site2’s addresses.

C.

Using source NAT, translate traffic from Site1’s addresses to 172.16.1.0/24, and translate traffic from Site2’s addresses to 172.16.2.0/24.

D.

Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1’s addresses, and translate traffic destined to 172.16.2.0/24 to Site2’s addresses.

 

Correct Answer: D

Explanation:

To examine bidirectional communication you need multiple packet filters, one for each direction.

Reference: http://my.safaribooksonline.com/book/networking/junos/9781449381721/security-policy/troubleshooting_security_policy_and_traf

 

 

QUESTION 94

Click the Exhibit button. Based on the output shown in the exhibit, what are two results? (Choose two.)

 

clip_image008

 

A.

The output shows source NAT.

B.

The output shows destination NAT.

C.

The port information is changed.

D.

The port information is unchanged.

 

Correct Answer: BD

Explanation:

http://junos.com/techpubs/software/junos-security/junos-security10.2/junos-security-cli-reference/index.html?show-security-flow-session.html

 

 

QUESTION 95

Click the Exhibit button.

 

— Exhibit —

 

security {

 

nat {

 

destination {

 

pool Web-Server {

 

address 10.0.1.5/32;

 

}

 

rule-set From-Internet {

 

from zone Untrust;

 

rule To-Web-Server {

 

match {

 

source-address 0.0.0.0/0;

 

destination-address 172.16.1.7/32;

 

}

 

then {

 

destination-nat pool Web-Server;

 

}

 

}

 

}

 

}

 

}

 

zones {

 

security-zone Untrust {

address-book {

 

address Web-Server-External 172.16.1.7/32;

 

address Web-Server-Internal 10.0.1.5/32;

 

}

 

interfaces {

 

ge-0/0/0.0;

 

}

 

}

 

security-zone DMZ {

 

address-book {

 

address Web-Server-External 172.16.1.7/32;

 

address Web-Server-Internal 10.0.1.5/32;

 

}

 

interfaces {

 

ge-0/0/1.0;

 

}

 

}

 

}

 

}

 

— Exhibit —

 

You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address 192.168.1.1.

 

How do you accomplish this goal?

 

A.

Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].

B.

Change the address Web-Server-Ext objects to be address-set objects that include both addresses.

C.

Change the destination address under [edit security nat destination rule-set From-Internet rule To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.

D.

Create a new rule for the new address in the [edit security nat destination rule-set From-Internet] hierarchy.

 

Correct Answer: D

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security-source-and-destination-nat-translation-configuring.html

 

 

QUESTION 96

Click the Exhibit button. According to the log shown in the exhibit, you notice that the IPsec session is not establishing. What are two reasons for this behavior? (Choose two.)

 

clip_image010

 

A.

mismatched preshared key

B.

mismatched proxy ID

C.

incorrect peer address

D.

mismatched peer ID

 

Correct Answer: CD

Explanation:

If the peer was not matched with the peer ID, the line “Unable to find phase-1 policy as remote peer:192.168.1.60 is not recognized.” should be shown

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB10097&pmv=print

 

 

QUESTION 97

Click the Exhibit button. An attacker is using a nonstandard port for HTTP for reconnaissance into your network. Referring to the exhibit, which two statements are true? (Choose two.)

 

clip_image012

 

A.

The IPS engine will not detect the application due to the nonstandard port.

B.

The IPS engine will detect the application regardless of the nonstandard port.

C.

The IPS engine will perform application identification until the session is established.

D.

The IPS engine will perform application identification until it processes the first 256 bytes of the packet.

 

Correct Answer: BD

Explanation:

https://www.juniper.net/techpubs/en_US/idp/topics/example/simple/intrusion-detection- prevention-idp-rulebase-default-service-usage.html

 

 

QUESTION 98

Click the Exhibit button. You have configured an IDP policy as shown in the exhibit. The configuration commits successfully. Which traffic will be examined for attacks?

 

clip_image014

 

A.

only originating traffic from source to destination in a session

B.

only reply traffic from destination to source in a session

C.

both originating and reply traffic between hosts in a session

D.

recommended traffic between the source and destination hosts

 

Correct Answer: C

Explanation:

http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/config-idp-ips-rulebase-section.html#config-idp-ips-rulebase-section

 

 

QUESTION 99

Click the Exhibit button.

 

— Exhibit —

 

[edit security]

 

user@srx# show

 

idp {

 

idp-policy NewPolicy {

 

rulebase-exempt {

 

rule 1 {

 

description AllowExternalRule;

 

match {

 

source-address any;

 

destination-address

 

}

 

}

 

}

 

}

 

}

 

— Exhibit —

 

You are performing the initial IDP installation on your new SRX device. You have configured the IDP exempt rulebase as shown in the exhibit, but the commit is not successful.

 

Referring to the exhibit, what solves the issue?

 

A.

You must configure the destination zone match.

B.

You must configure the IPS exempt accept action.

C.

You must configure the IPS rulebase.

D.

You must configure the IPS engine flow action to ignore.

 

Correct Answer: C

Explanation:

http://jncie-sec.exactnetworks.net/2013/01/srx-idp-overview-initial-setup.html

 

QUESTION 100

Click the Exhibit button.

 

— Exhibit —

 

[edit security idp]

 

user@sr
x# show

 

security-package {

 

url https://services.netscreen.com/cgi-bin/index.cgi;

 

automatic {

 

start-time “2012-12-11.01:00:00 +0000”;

 

interval 120;

 

enable;

 

}

 

}

 

— Exhibit —

 

You have configured your SRX device to download and install attack signature updates as shown in the exhibit. You discover that updates are not being downloaded.

 

What are two reasons for this behavior? (Choose two.)

 

A.

No security policy is configured to allow the SRX device to contact the update server.

B.

The SRX device does not have a DNS server configured.

C.

The management zone interface does not have an IP address configured.

D.

The SRX device has no Internet connectivity.

 

Correct Answer: BD

Explanation:

Configuration is correct. Only reason is that SRZ device is not able to connect to definition server.

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Real Tests (2017) and tagged , , , , , , , , , , , , , . Bookmark the permalink.