[Free] Download New Latest (November) Juniper JN0-633 Actual Tests 11-20

Ensurepass

QUESTION 11

You want to configure in-band management of an SRX device in transparent mode.

 

Which command is required to enable this functionality?

 

A.

set interfaces irb unit 1 family inet address

B.

set interfaces vlan unit 1 family inet address

C.

set interfaces ge-0/0/0 unit 0 family inet address

D.

set interfaces ge-0/0/0 unit 0 family bridge address

 

Answer: A

 

 

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB23823

 

 

QUESTION 12

Click the Exhibit button.

 – Exhibit?

 

clip_image002

 

 

 

  – Exhibit —

 

Based on the output shown in the exhibit, what are two results? (Choose two.)

 

A.

The output shows source NAT.

B.

The output shows des
tination NAT.

C.

The port information is changed.

D.

The port information is unchanged.

 

Answer: BD

 

 

Reference:http://junos.com/techpubs/software/junos-security/junos-security10.2/junos- security-cli-reference/index.html?show-security-flow-session.html

 

 

QUESTION 13

You are asked to change the configuration of your company’s SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remain available to users.Which two methods will accomplish this goal? (Choose two.)

 

A.

Enable the HTTP ALG.

B.

Implement a firewall filter for Web traffic.

C.

Use an IDP policy to inspect the Web traffic.

D.

Configure an application firewall rule set.

 

Answer: BD

 

 

Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them.ALGs are typically employedto support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)

 

IDP policy defines the rule for defining the type of traffic permittedon network(http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/enable-idp-security-policy-section.html)

 

 

QUESTION 14

 

Given the following session output:

 

Session ID., Policy namE.default-policy-00/2, StatE.Active, Timeout: 1794, Valid

 

In: 2001:660:1000:8c00::b/1053 –> 2001:660:1000:9002::aafe/80;tcp, IF.reth0.0, Pkts: 4, Bytes: 574

 

Out: 192.168.203.10/80 –> 192.168.203.1/24770;tcp, IF.reth1.0, Pkts: 3, Bytes:

 

Which statement is correct about the security flow session output?

 

A.

This session is about to expire.

B.

NAT64 is used.

C.

Proxy NDP is used for this session.

D.

The IPv4 Web server runs services on TCP port 24770.

 

Answer: B

Explanation:

Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391

 

 

QUESTION 15

Click the Exhibit button.

 – Exhibit —

 

[edit security]

 

user@srx# show

 

idp {

 

idp-policy NewPolicy {

 

rulebase-exempt {

 

rule 1 {

 

description AllowExternalRule;

 

match {

 

source-address any;

 

 

 

 

destination-address

 

}

 

}

 

}

 

}

 

}

 – Exhibit —

 

You are performing the initial IDP installation on your new SRX device. You have configured the IDP exempt rulebase as shown in the exhibit, but the commit is not successful.

 

Referring to the exhibit, what solves the issue?

 

A.

You must configure the destination zone match.

B.

You must configure the IPS exempt accept action.

C.

You must configure the IPS rulebase.

D.

You must configure the IPS engine flow action to ignore.

 

Answer: C

 

 

Reference:http://jncie-sec.exactnetworks.net/2013/01/srx-idp-overview-initial-setup.html

 

 

QUESTION 16

You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority.Regarding this scenario, which statement is correct?

 

A.

You can use SCEP to accomplish this behavior.

B.

You can use OCSP to accomplish this behavior.

C.

You can use CRL to accomplish this behavior.

D.

You can use SPKI to accomplish this behavior.

 

Answer: A

 

 

Reference: Page 9

 

 

 

 

http://www.juniper.net/techpubs/en_US/junos/information-products/topic- collections/nce/pki-conf-trouble/configuring-and-troubleshooting-public-key- infrastructure.pdf

 

 

QUESTION 17

Which statement is true regarding the dynamic VPN feature for Junos devices?

 

A.

Only route-based VPNs are supported.

B.

Aggressive mode is not supported.

C.

Preshared keys for Phase 1 must be used.

D.

It is supported on all SRX devices.

 

Answer: C

 

 

Reference:http://www.juniper.net/techpubs/en_US/junos12.1×45/information- products/pathway-pages/security/security-vpn-dynamic.pdf

 

 

QUESTION 18

Referring to the following output, which command would you enter in the CLI to produce this result?

 

Pic2/1

 

Ruleset Application Client-to-server Rate(bps) Server-to-client Rate(bps)

 

http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200

 

http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200

 

ftp-App-QoS FTP ftp-C2S 100 ftp-C2S 100

 

A.

show class-of-service interface ge-2/1/0

B.

show interface flow-statistics ge-2/1/0

C.

show security flow statistics

D.

show class-of-service applications-traffic-control statistics rate-limiter

 

 

 

 

 

Answer: D

Explanation:

Reference

:http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/reference/command- summary/show-class-of-service-application-traffic-control-statistics-rate-limiter.html

 

 

QUESTION 19

What are two network scanning methods? (Choose two.)

 

A.

SYN flood

B.

ping of death

C.

ping sweep

D.

UDP scan

 

Answer: CD

Explanation:

The question is about the network scanning. So correct answers are ping sweep and UDP scan as both are port scanning types.

 

Reference:URL:http://althing.cs.dartmouth.edu/local/Network_Scanning_Techniques.pdf

 

 

QUESTION 20

You configured a custom signature atta
ck object to match specific components of an attack:

 

HTTP-request

 

Pattern .*x90 90 90 … 90

 

Direction: client-to-server

 

Which client traffic would be identified as an attack?

 

A.

HTTP GET .*x90 90 90 … 90

 

 

 

 

B.

HTTP POST .*x90 90 90 … 90

C.

HTTP GET .*x909090 … 90

D.

HTTP POST .*x909090 … 90

 

Answer: A

 

 

Reference: http://www.juniper.net/techpubs/en_US//idp/topics/task/configuration/intrusion- detection-prevention-signature-attack-object-creating-nsm.html

 

Free VCE & PDF File for Juniper JN0-633 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.