[Free] 2018(Jan) EnsurePass Dumpsleader Juniper JN0-633 Dumps with VCE and PDF 21-30

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-633
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-633.html

Security, Professional (JNCIP-SEC)

Question No: 21

You are asked to establish a baseline for your company#39;s network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together. What are two ways to accomplish this goal? (Choose two.)

  1. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.

  2. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.

  3. Send SNMP traps with bandwidth usage to a central SNMP server.

  4. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

Answer: A,D Explanation:

AppTrack is used for visibility for application usage and bandwidth Reference: http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

Question No: 22

Which QoS function is supported in transparent mode?

A. 802.1p

  1. DSCP

  2. IP precedence

  3. MPLS EXP

Answer: A

Reference: http://chimera.labs.oreilly.com/books/1234000001633/ch06.html

Question No: 23

What are two intrusion protection mechanisms available on SRX Series Services Gateways? (Choose two.)

  1. routing update detection

  2. traffic anomaly detection

  3. NAT anomaly protection

  4. DoS protection

Answer: B,D Explanation:

Juniper IPS system prevents Traffic Anamoly detection and DoS/DDoS attacks. Reference: http://www.juniper.net/in/en/products-services/software/router-services/ips/

Question No: 24

Which statement is true about NAT?

  1. When you implement destination NAT, the router does not apply ALG services.

  2. When you implement destination NAT, the router skips source NAT rules for the initiating traffic flow.

  3. When you implement static NAT, each packet must go through a route lookup.

  4. When you implement static NAT, the router skips destination NAT rules for the initiating traffic flow.

Answer: D

Explanation: The NAT type determines the order in which NAT rules are processed. During the first packet processing for a flow, NAT rules are applied in the following order:

->Static NAT rules

->Destination NAT rules

->Route lookup

Reference : http://www.juniper.net/techpubs/software/junos-security/junos- security10.2/junos-security-swconfig-security/topic-42804.html

Question No: 25

Click the Exhibit button.

user@host# show interfaces ge-0/0/0 {

unit 1 {

family bridge { interface-mode trunk; vlan-id-list 20;

vlan-rewrite { translate 2 20;

}

}

}

}

Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)

  1. An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.

  2. An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.

  3. An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.

  4. An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.

Answer: C

Question No: 26

At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

  1. When traffic matches the active IDP policy.

  2. When traffic first matches an IDP rule with the terminal parameter.

  3. When traffic uses the application layer gateway.

  4. When traffic is established in the firewall session table.

Answer: A,B

Reference: http://books.google.co.in/books?id=2HSLsTJIgEQCamp;pg=PA814amp;lpg=PA814amp;dq=what tim e IPS rulebase inspects traffic on SRXamp;source=blamp;ots=_eDe_vLNBAamp;sig=1I4yX_S0O vkQVP-rqL273laMCyEamp;hl=enamp;sa=Xamp;ei=nqvzUfn1Is- rrAf71oHYBAamp;ved=0CC4Q6AEwAQ#v=onepageamp;q=what time IPS rulebase% 20inspects traffic on SRXamp;f=false

Question No: 27

You are asked to configure class of service (CoS) on an SRX device running in transparent mode. Which command would you use?

  1. set interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

  2. set class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

  3. set class-of-service interfaces ge-0/0/0 unit 0 classifiers ieee-802.1 priority-app

  4. set interfaces ge-0/0/0 unit 0 classifiers inet-precedence priority-app

Answer: C

Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB23234

Question No: 28

Click the Exhibit button.

{primarynode0}[edit security idp idp-policy test-ips-policy] user@host# show

rulebase-ips { rule r1 { match {

source-address any; attacks {

predefined-attack-groups “HTTP – All”;

}

}

then { action {

drop-packet;

}

}

terminal;

}

rule r2 { match {

source-address 172.16.0.0/12; attacks {

predefined-attack-groups “FTP – All”;

}

then { action { no-action;

}

}

}

rule r3 { match {

source-address 172.16.0.0/12; attacks {

predefined-attack-groups “TELNET – All”;

}

}

then { action { no-action;

}

}

}

rule r4 { match {

source-address any; attacks {

predefined-attack-groups “FTP – All”;

}

}

then { action {

drop-packet;

}

}

}

}

A user with IP address 172.301.100 initiates an FTP session to a host with IP address 10.100.1.50 through an SRX Series device and is subject to the IPS policy shown in the exhibit.

If the user tries to execute the cd ~root command, which statement is correct?

  1. The FTP command will be denied with the offending packet dropped and the session will be closed by the SRX device.

  2. The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be inspected by the IPS policy.

  3. The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS policy.

  4. The FTP command will be allowed to execute but any other attacks executed during the session will be inspected.

Answer: D

Question No: 29

A security administrator has configured an IPsec tunnel between two SRX devices. The devices are configured with OSPF on the st0 interface and an external interface destined to the IPsec endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and down. Which action would resolve this issue?

  1. Create a firewall filter on the st0 interface to permit IP protocol 89.

  2. Configure the IPsec tunnel to accept multicast traffic.

  3. Create a /32 static route to the IPsec endpoint through the external interface.

  4. Increase the OSPF metric of the external interface.

Answer: C

Reference: http://packetsneverlie.blogspot.in/2013/03/route-based-ipsec-vpn-with-ospf.html

Question No: 30

Click the Exhibit button.

userehost# run show route

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

= Active Route, – = Last Active, * = Both

0.0.0.0/0 *[Static/5] 00:05:06

gt; to 172.16.1.1 via ge-0/0/1.0 172.16.1.0/24 *[Direct/O] 00:05:06

gt; via ge-0/0/1.0

172.16.1.3/32 *[Local/0] 00:05:07

Local via ge-0/0/1.0 192.168.200.2/32 *[Local/0] 00:05:07

Reject

vr-a.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) = Active Route, – = Last Active, * = Both

192.168.1.0/24 *[Direct/0] 00:01:05

gt; via ge-0/0/2.0

192.168.1.1/32 *[Local/0] 00:01:05

Local via ge-0/0/2.0

vr-b.inet.0: 2 destinations, 2 routes (2 active, 0 holddcwn, 0 hidden) = Active Route, – = Last Active, * = Both

192.168.1.0/24 *[Direct/O] 00:01:05

gt; via go-0/0/3.0

192.168.1.1/32 *[Local/0] 00:01:05

Local via ge-0/0/3.0

User 1 will access Server 1 using IP address 10.2.1.1. You need to ensure that return traffic is able to reach User 1 from Server 1.

Referring to the exhibit, which two configurations allow this communication (Choose two.)

  1. [edit security nat static] user@host# show

    rule-set server-nat { from zone [ untrust ]; rule 1 {

    match {

    destination-address 10.2.1.1/32;

    }

    then { static-nat { prefix {

    192.168.1.2/32;

    }

    }

    }

    }

    }

  2. [edit security nat static] user@host# show

    rule-set server-nat {

    from zone [ junos-host untrust ]; rule 1 {

    match {

    destination-address 10.2.1.1/32;

    }

    then { static-nat { prefix {

    192.168.1.2/32;

    routing-instance vr-b;

    }

    }

    }

    }

    }

  3. [edit security nat static] user@host# show

    rule-set server-nat { from zone untrust; rule 1 {

    match {

    destination-address 10.2.1.1/32;

    }

    then { static-nat { prefix {

    192.168.1.2/32;

    routing-instance vr-a;

    }

    }

    }

    }

    }

  4. [edit security nat static] user@host# show

rule-set in {

from zone untrust; to zone cust-a; rule overload { match {

source-address 0.0.0.0/0;

}

then { source-nat { interface;

}

}

}

}

Answer: B

100% Ensurepass Free Download!
Download Free Demo:JN0-633 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-633 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-633 Latest Exam (Jan 2018) and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.