[Free] Download New Latest (November) Juniper JN0-632 Actual Tests Topic 1, Volume A part 01

Ensurepass

QUESTION 1  (Topic 1)

 

What are two valid chassis cluster implementations? (Choose two.)

 

A.

active/active

B.

online/offline

C.

active/passive

D.

passive/passive

 

Answer: AC

 

 

Explanation: There are only two options: active/active and active/passive. See reference.

Reference:

 

http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfig- security/activeactive-full-mesh-chassis-cluster-scenario.html

 

http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfig- security/activepassive-chassis-cluster-scenario.html

 

 

QUESTION 2  (Topic 1)

 

You are concerned about the latency introduced in processing packets through the IPS signature database and want to configure the SRX Series device to minimize latency. You decide to configure inline tap mode.

 

Which two statements are true? (Choose two)

 

A.

When packets pass through for firewall inspection, they are not copied to the IPS module.

B.

Packets passing through the firewall module are copied to the IPS module for processing as the packets continue through the forwarding process.

C.

Traffic that exceeds the processing capacity of the IPS module will be dropped.

D.

Traffic that exceeds the processing capacity of the IPS module will be forwarded without being inspected by the IPS module.

 

Answer: BD

 

 

Explanation: Inline Tap mode is supported in 10.2. It will have a positive impact on

 

 

 

 

 

performance and will only be supported in dedicated mode. The processing will essentially be the same as it is in dedicated inline mode, however instead of flowd simply placing the packet in the IDPD queue to be processed, it will make a copy of the packet, put that in the queue, and forward on the original packet without waiting for IDPD to perform the inspection. This will mean that the IDP will not be a bottleneck in performance. The one limitation around this feature is that some attacks may be able to pass through the SRX without being blocked such as single packet attacks. However, even though the single packet attacks may not be blocked, most attacks will be blocked, and even in the case that an attack is let through the SRX can still close down the session and even send TCP resets if it is a TCP protocol and the Close Connection option is set.

 

 

QUESTION 3  (Topic 1)

 

Click the Exhibit button

 

clip_image002

 

Your company uses a custom-built application that uses RSH. You have configured a new application definition to support it on your SRX Series device as shown in the exhibit, and you applied the application to the relevant security policy. After you commit the configuration, users report that they can no longer interact with remote devices.

 

What is causing the problem?

 

A.

The source-port parameter is missing.

B.

The inactivity timeout value is too low

C.

The application-protocol parameter is missing

D.

The protocol parameter is incorrect.

 

Answer: C

 

 

 

 

Explanation:

http://www.juniper.net/techpubs/en_US/junos10.3/topics/usage-guidelines/services- configuring-application-protocol-properties.html?searchid=1320265916617

 

 

QUESTION 4  (Topic 1)

 

Your corporate network consists of a central office and four branch offices. You are responsible for coming up with an effective solution to provide secure connectivity between the sites.

 

Which solution meets the requirements?

 

A.

Implement firewall filters on each device.

B.

Implement an HTTPS-based mesh between all sites.

C.

Implement secure routing policies.

D.

Implement a hub-and-spoke VPN.

 

Answer: D

 

 

Reference:

 

http://www.juniper.net/techpubs/en_US/junos11.2/topics/example/vpn-hub-spoke- topologies-one-interface.html

 

 

QUESTION 5  (Topic 1)

 

You have correctly implemented a SIP Application Layer Gateway (ALG) on your company’s SRX Series device to support SIP traffic on the network. However, after committing the configuration, users report that they are having problems making calls. Other traffic is property flowing through the device, and calls that do not pass through the SRX Series device have no issues.

 

Which action will help identify the problem?

 

A.

Configure trace options for the SIP Application Layer Gateway (ALG).

 

 

 

 

B.

Configure the security policy to log SIP traffic events.

C.

Configure trace options for the security policy.

D.

Monitor traffic for the ingress interface, checking for SIP packet corruption.

 

Answer: A

 

 

Explanation: Troubleshooting this issue may be done by enabling the following trace options:set security traceoptions file <filename> eg. sip-trace-detailset security traceoptions flag allset security alg sip traceoptions flag all extensiveset security flow traceoptions file <filename>set security flow traceoptions flag allset security flow traceoptions packet-filter 1 source-port 5060set security flow traceoptions packet-filter 1 destination-port 5060 Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.0/junos-security-cli-reference/id-83758.html

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21406&actp=search&viewlocale =en_US&searchid=1320325662928#

 

 

QUESTION 6  (Topic 1)

 

Your new employer has contacted you because the company’s Web servers located at the DM2 (dmz zone) are not reachable from the Internet (untrust zone). After examining the configuration from the previous administrator, you determine that the problem must be with the NAT configuration. The servers have the internal IP addresses 172.14 14 9/24 and

Q1

14.14 10/24.

 

Which NAT configuration will correct the problem?

 

 

 

 

 

clip_image004

 

 

 

 

 

A.

Option A

B.

Option B

C.

Option C

D.

Option D

 

Answer: D

 

 

Reference: http://www.juniper.net/techpubs/en_US/junos11.2/topics/example/nat-security- destination-address-port-translation-configuring.html

 

 

QUESTION 7  (Topic 1)

 

Two High End SRX Series devices are configured in a chassis cluster, but interchassis communication is problematic and intermittent. Node 0 has SPCs located in slots 1, 2, 5, and 10 and has IOCs located in slots 3 and

 

A.

Node 1 has SPCs located in slots 13, 14, 18, and 22 and has IOCs located in slots 15 and 16.

 

What is causing the interchassis communication issues?

 

 

A.The IOCs must be placed in the first two slots on each node.

B.

The SPCs must all be placed in consecutive slots on each node.

C.

The IOC slots being used do not align between nodes,

D.

The SPC slots being used do not align between nodes.

 

Answer: D

 

 

Explanation: Both SRX devices are required to have the same number and location of SPCs and Network Processing Cards (NPCs). This is required because the SPUs talk to their peer SPU in the same FPC and PIC location.

 

Reference: Reference: O’Reilly. Junos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, James Quinn, August 2010, p. 543.

 

 

QUESTION 8  (Topic 1)

 

Click the Exhibit button.

 

 

 

 

 

You are configuring a hub-and-spoke VPN in your company network Connectivity between

 

 

 

 

the branches and company headquarters is not working.

 

Referring to the configuration excerpt shown in the exhibit, which statement is correct?

 

A.

The st0 interface has a wrong interface type.

B.

Static routes are missing that point to the remote branch sites.

C.

The preshared keys between the branch sites and the headquarters do not match.

D.

This VPN type is not supported with policy-based IPSec VPNs.

 

Answer: D

 

 

Explanation: Policy-based VPNs are primarily used for simple site-to-site VPNs and for remote access VPNs. For more hub-and-spoke, route-based VPNs should be used.

 

 

QUESTION 9  (Topic 1)

 

Access to a Web server is being severely interrupted after configuring SCREEN parameters. The intent of the IT group was to alleviate the mitigation of SYN flood attacks by dropping connections aggressively if the number of SYN packets to the server exceeded 1000 packets per second.

 

Which two SCREEN settings will resolve the issue? (Choose two.)

 

 

 

 

 

A.

Option A

 

 

 

 

< p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">B.

Option B

C.

Option C

D.

Option D

 

Answer: CD

 

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.0/junos-security-swconfig-security/id-68220.html#id-68220

 

 

QUESTION 10  (Topic 1)

 

Click the Exhibit button

 

clip_image006

 

In the exhibit, a site-to-site IPSec tunnel between the chassis cluster and the remote SRX240 device will not establish. The chassis cluster and the remote SRX240 device are using their loopback interfaces tor IPSec tunnel termination.

 

What is causing the problem?

 

A.

Site-to-site IPSec VPNs are not supported on a chassis cluster; a GRE tunnel must be

 

 

 

 

used instead.

B.

Loopback interface IPSec tunnel termination is not supported on high-end SRX Series chassis clusters; use the reth0 interface instead.

C.

Site-to-site IPSec VPNs between high-end SRX Series chassis clusters and branch SRX devices are not supported. The SRX240 device must be replaced with a high-end SRX device

D.

Loopback interface IPSec tunnel termination within a chassis cluster must have PFS enabled Configure PFS on both ends of the IPSec tunnel.

 

Answer: B

 

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.1/junos-security-swconfig-security/topic-43738.html

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14371

 

Free VCE & PDF File for Juniper JN0-632 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-632 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.