[Free] Download New Latest (November) Juniper JN0-633 Actual Tests 1-10

Ensurepass

QUESTION 1

Click the Exhibit button.

 – Exhibit?

 

clip_image002

 – Exhibit —

 

Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?

 

A.

source NAT

B.

static NAT

C.

filter-based forwarding

D.

source-based routing

 

Answer: C

 

 

Reference:http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical- systems-filter-based-forwarding.html

 

 

QUESTION 2

 

You have an existing group VPN established in your internal network using the group-id 1. You have been asked to configure a second group using the group-id 2. You must ensure that the key server for group 1 participates in group 2 but is not the key server for that group.Which statement is correct regarding the group configuration on the current key server for group 1?

 

A.

You must configure both groups at the [edit security ipsec vpn] hierarchy.

B.

You must configure both groups at the [edit security group-vpn member] hierarchy.

C.

You must configure both groups at the [edit security ike] hierarchy.

D.

You must configure both groups at the [edit security group-vpn] hierarchy.

 

Answer: D

 

 

Reference: http://www.jnpr.net/techpubs/en_US/junos11.4/information-products/topic- collections/security/software-all/security/index.html?topic-45791.html

 

 

QUESTION 3

You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the database fails to install.What are two reasons for the failure? (Choose two.)

 

A.

The file system on the SRX device has insufficient free space to install the database.

B.

The downloaded signature database is corrupt.

C.

The previous version of the database must be uninstalled first.

D.

The SRX device does not have the high memory option installed.

 

Answer: AB

Explanation:

We don’t need to uninstall the previous version to install a new license, as we can update the same. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491.

Also high memory option is licensed feature.

 

The only reason for failure is either there is no space left or downloaded file is corrupted due to incomplete download because of internet termination in between. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB23359

 

 

QUESTION 4

 

Which QoS function is supported in transparent mode?

 

A.

802.1p

B.

DSCP

C.

IP precedence

D.

MPLS EXP

 

Answer: A

 

 

Reference: http://chimera.labs.oreilly.com/books/1234000001633/ch06.html

 

 

QUESTION 5

You are asked to implement IPsec tunnels between your SRX devices located at various locations. You will use the public key infrastructure (PKI) to verify the identification of the endpoints.What are two certificate enrollment options available for this deployment? (Choose two.)

 

A.

Manually generating a PKCS10 request and submitting it to an authorized CA.

B.

Dynamically generating and sending a certificate request to an authorized CA using OCSP.

C.

Manually generating a CRL request and submitting that request to an authorized CA.

D.

Dynamically generating and sending a certificate request to an authorized CA using SCEP.

 

Answer: AD

 

 

Reference:Page 9

 

http://www.juniper.net/techpubs/en_US/junos/information-products/topic- collections/nce/pki-conf-trouble/configuring-and-troubleshooting-public-key- infrastructure.pdf

 

 

QUESTION 6

Click the Exhibit button.

 

 

 

 

 

clip_image004

 – Exhibit —

 

Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.

 

Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE.Policy lookup for Phase-1 [responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)

 

Feb 8 10:39:40 1.1.1.2:500 (Responder) <-> 2.2.2.2:500 { dbe1d0af – a4d6d829 f9ed3bba [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

 – Exhibit —

 

According to the log shown in the exhibit, you notice that the IPsec session is not establishing.

 

What are two reasons for this behavior? (Choose two.)

 

A.

mismatched preshared key

B.

mismatched proxy ID

C.

incorrect peer address

D.

mismatched peer ID

 

Answer: CD

Explanation:

If the peer was not matched with the peer ID, the line “Unable to find phase-1 policy as remote peer:192.168.1.60 is not recognized.” should be shown Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB10097&pmv=print

 

 

QUESTION 7

Your company has added a connection to a new ISP and you have been asked to send specific traffic to the new ISP. You have decided to implement filter-based forwarding. You have configured new routing instances with type forwarding. You must direct traffic into each instance.Which step would accomplish this goal?

 

 

 

 

 

A.

Add a firewall filter to the ingress interface that specifies the intended routing instance as the action.

B.

Create a routing policy to direct the traffic to the required forwarding instances.

C.

Configure the ingress and egress interfaces in each forwarding instance.

D.

Create a static default route for each ISP in inet.0, each pointing to a different forwarding instance.

 

Answer: A

Explanation:

Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

 

 

QUESTION 8

Which problem is introduced by setting the terminal parameter on an IPS rule?

 

A.

The SRX device will stop IDP processing for future sessions.

B.

The SRX device might detect more false positives.

C.

The SRX device will terminate the session in which the terminal rule detected the attack.

D.

The SRX device might miss attacks.

 

Answer: D

 

 

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.2/junos-secu
rity-swconfig-security/topic-42464.html

 

 

QUESTION 9

You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub.Which st0 interface configuration is correct for the hub device?

 

A.

[edit interfaces]

user@srx# show

st0 {

multipoint

unit 0 {

family inet {

address 10.10.10.1/24;

}

 

 

 

 

}

}

B.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

C.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

point-to-point;

family inet {

address 10.10.10.1/24;

}

}

}

D.

[edit interfaces]

user@srx# show

st0 {

unit 0 {

multipoint;

family inet {

address 10.10.10.1/24;

}

}

}

 

Answer: D

 

 

Reference: http://junos.com/techpubs/en_US/junos12.1/topics/example/ipsec-hub-and- spoke-configuring.html

 

 

QUESTION 10

At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

 

A.

When traffic matches the active IDP policy.

 

 

 

 

B.

When traffic first matches an IDP rule with the terminal parameter.

C.

When traffic uses the application layer gateway.

D.

When traffic is established in the firewall session table.

 

Answer: AB

 

 

Reference:

http://books.google.co.in/books?id=2HSLsTJIgEQC&pg=PA814&lpg=PA814&dq=what+tim e+IPS+rulebase+inspects+traffic+on+SRX&source=bl&ots=_eDe_vLNBA&sig=1I4yX_S0O vkQVP-rqL273laMCyE&hl=en&sa=X&ei=nqvzUfn1Is-

rrAf71oHYBA&ved=0CC4Q6AEwAQ#v=onepage&q=what%20time%20IPS%20rulebase% 20inspects%20traffic%20on%20SRX&f=false

 

Free VCE & PDF File for Juniper JN0-633 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.