[Free] Download New Latest (November) Juniper JN0-633 Actual Tests 41-50

Ensurepass

QUESTION 41

You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds.At which threshold will the bot clients no longer be classified as malicious?

 

A.

5000 hits in 60 seconds

B.

8000 hits in 60 seconds

C.

7500 hits in 60 seconds

D.

9999 hits in 60 seconds

 

Answer: B

Explanation:

Reference :

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security- swconfig-security/appddos-protection-overview.html

 

 

QUESTION 42

Click the Exhibit button.

 – Exhibit?

 

clip_image002

 – Exhibit —

 

You have configured an IDP policy as shown in the exhibit. The configuration commits successfully. Which traffic will be examined for attacks?

 

A.

only originating traffic from source to destination in a session

B.

only reply traffic from destination to source in a session

C.

both originating and reply traffic between hosts in a session

D.

recommended traffic between the source and destination hosts

 

Answer: C

 

 

Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos- security-swconfig-security/config-idp-ips-rulebase-section.html#config-idp-ips-rulebase- section

 

 

QUESTION 43

 

What are two AppSecure modules? (Choose two.)

 

A.

AppDoS

B.

AppFlow

C.

AppTrack

D.

AppNAT

 

Answer: AC

Explanation:

Reference :Page No 2 Figure 1

http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

 

 

QUESTION 44

You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices.

 

Which two statements about the new deployment are true? (Choose two.)

 

A.

The networks at the various sites must use NAT.

B.

The participating endpoints in the group VPN can belong to a chassis cluster.

C.

The networks at the various sites cannot use NAT.

D.

The participating endpoints in the group VPN cannot be part of a chassis cluster.

 

Answer: CD

Explanation:

Reference :http://www.thomas-

krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deplo yment_Guide_v1.2.pdf

 

 

QUESTION 45

What is a benefit of using a dynamic VPN?

 

 

 

 

 

A.

It provides a layer of redundancy on top of a point-to-point VPN mesh architecture.

B.

It eliminates the need for point-to-point VPN tunnels.

C.

It provides a way to grant VPN access on a per-user-group basis.

D.

It simplifies IPsec access for remote clients.

 

Answer: D

 

 

Reference:http://tutarticle.com/networking/benefits-of-dynamic-multipoint-vpn-dmvpn/

 

 

QUESTION 46

Click the Exhibit button.

 – Exhibit?

 

 

 

 

 

clip_image004

 – Exhibit —

 

In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other.What is causing this behavior?

 

 

 

 

 

A.

The interfaces must be in trunk mode.

B.

The interfaces need to be configured for Ethernet switching.

C.

The default security policy does not apply to transparent mode.

D.

A bridge domain has not been defined.

 

Answer: D

 

 

QUESTION 47

You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your customer’s network.Which two statements are true about this scenario? (Choose two.)

 

A.

The SRX device will serve as the softwire initiator and the customer CPE device will serve as the softwire concentrator.

B.

The SRX device will serve as the softwire concentrator and the customer CPE device will serve as the softwire initiator.

C.

The infrastructure network supporting the tunnel will be based on IPv4.

D.

The infrastructure network supporting the tunnel will be based on IPv6.

 

Answer: BD

 

 

Reference:http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ipv6-ds-lite- overview.html

 

 

QUESTION 48

Click the Exhibit button.

 – Exhibit?

 

 

 

 

 

clip_image006

 – Exhibit —

 

Referring to the topology shown in the exhibit, which two configuration tasks will allow Host A to telnet to the public IP address associated with Server B? (Choose two.)

 

A.

Configure transparent mode to bypass the NAT processing of Server B’s public IP address.

B.

Configure a stateless filter redirecting local traffic destined to Server B’s public IP address.

C.

Configure a destination NAT rule that matches local traffic destined to Server B’s public IP address.

D.

Configure a source NAT rule that matches local traffic destined to Server B’s public IP address.

 

Answer: CD

Explanation:

In this scenario wehave a host be accessible on the Internet by one address, but have it be translated to another address when it initiates connections out to the Internet.So we need to combine Source and destination NAT.

 

Reference:http://chimera.labs.oreilly.com/books/1234000001633/ch09.html#destination_na t

 

 

 

 

 

 

QUESTION 49

What are three advantages of group VPNs? (Choose three.)

 

A.

Supports any-to-any member connectivity.

B.

Provides redundancy with cooperative key servers.

C.

Eliminates the need for full mesh VPNs.

D.

Supports translating private to public IP addresses.

E.

Preserves original IP source and destination addresses.

 

Answer: ACE

Explanation:

Reference :http://www.thomas-

krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf

 

 

QUESTION 50

You are working as a security administrator and must configure a solution to protect against distributed botnet attacks on your company’s central SRX cluster.

 

How would you accomplish this goal?

 

A.

Configure AppTrack to inspect and drop traffic from the malicious hosts.

B.

Configure AppQoS to block the malicious hosts.

C.

Configure AppDoS to rate limit connections from the malicious hosts.

D.

Configure AppID with a custom application to block traffic from the malicious hosts.

 

Answer: C

Explanation:

Reference :Page No 2 Figure 1

http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

 

Free VCE & PDF File for Juniper JN0-633 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.