[Free] Download New Latest (November) Juniper JN0-633 Actual Tests 51-60

Ensurepass

QUESTION 51

 

You are asked to design a solution to verify IPsec peer reachability with data path forwarding.

 

Which feature would meet the design requirements?

 

A.

DPD over Phase 1 SA

B.

DPD over Phase 2 SA

C.

VPN monitoring over Phase 1 SA

D.

VPN monitoring over Phase 2 SA

 

Answer: D

Explanation:< /font>

Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS- VPN-monitor-in-IPSEC/td-p/176671

 

 

QUESTION 52 – Exhibit —

 

[edit]

 

user@srx# run show route

 

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

 

+ = Active Route, – = Last Active, * = Both

 

0.0.0.0/0 *[Static/5] 01:09:08

 

> to 172.18.1.1 via ge-0/0/3.0

 

10.210.14.128/27 *[Direct/0] 8w6d 15:43:09

 

> via ge-0/0/0.0

 

10.210.14.135/32 *[Local/0] 11w0d 06:43:04

 

Local via ge-0/0/0.0

 

172.18.1.0/30 *[Direct/0] 8w6d 15:43:01

 

> via ge-0/0/3.0

 

 

 

 

172.18.1.2/32 *[Local/0] 11w0d 06:43:03

 

Local via ge-0/0/3.0

 

172.19.1.0/24 *[Direct/0] 03:46:56

 

> via ge-0/0/1.0

 

172.19.1.1/32 *[Local/0] 03:46:56

 

Local via ge-0/0/1.0

 

172.20.105.0/24 *[Direct/0] 03:46:56

 

> via ge-0/0/4.105

 

172.20.105.1/32 *[Local/0] 03:46:56

 

Local via ge-0/0/4.105

 

192.168.30.1/32 *[Direct/0] 4d 03:44:41

 

> via lo0.0

 

fbf.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

 

+ = Active Route, – = Last Active, * = Both

 

0.0.0.0/0 *[Static/5] 00:00:11

 

> to 172.19.1.2 via ge-0/0/1.0

 

172.19.1.0/24 *[Direct/0] 00:00:11

 

> via ge-0/0/1.0

 

[edit]

 

user@srx# show routing-instances

 

fbf {

 

routing-options {

 

static {

 

route 0.0.0.0/0 next-hop 172.19.1.2;

 

}

 

 

 

 

}

 

}

 

[edit]

 

user@srx# show routing-options

 

interface-routes {

 

rib-group inet fbf-int;

 

}

 

static {

 

route 0.0.0.0/0 next-hop 172.18.1.1;

 

}

 

rib-groups {

 

fbf-int {

 

import-rib [ inet.0 fbf.inet.0 ];

 

import-policy fbf-pol;

 

}

 

}

 

[edit]

 

user@srx# show policy-options policy-statement fbf-pol

 

term 1 {

 

from interface ge-0/0/1.0;

 

to rib fbf.inet.0;

 

then accept;

 

}

 

term 2 {

 

then reject;

 

 

 

 

}

 – Exhibit —

 

Referring to the exhibit, you notice that filter-based forwarding is not working.

 

What is the reason for this behavior?

 

A.

The RIB group is configured incorrectly.

B.

The routing policy is configured incorrectly.

C.

The routing instance is configured incorrectly.

D.

The default static routes are configured incorrectly.

 

Answer: C

Explanation:

Bydefault, wehave a static route in a routing instancesendingthe default route to 172.19.1.2.Wewant to hijack traffic matching a particular filter and send the traffic to a different next-hop, 172.18.1.1. Weshouldcreate your rib group by importing FIRST the table belonging to your virtual router and SECOND the table for the forwarding instancethat has the next-hop specified.

 

Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

 

 

QUESTION 53

You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified.

 

Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)

 

A.

Enable heuristics to detect the encrypted traffic.

B.

Disable the application system cache.

C.

Use the junos:UNSPECIFIED-ENCRYPTED application signature.

D.

Use the junos:SPECIFIED-ENCRYPTED application signature.

 

Answer: AC

 

 

Reference:http://www.juniper.net/tech
pubs/en_US/junos12.1×44/topics/concept/encrypted- p2p-heuristics-detection.html

 

 

 

 

 

 

QUESTION 54

Click the Exhibit button.

 – Exhibit?

 

clip_image002

 – Exhibit —

 

In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. However, your configuration is not producing the expected results. Part of the configuration is shown in the exhibit. When you run the show route table isp1 command, you do not see the default route listed.

 

What is causing this behavior?

 

A.

The autonomous system number is incorrect, which is preventing the device from

 

 

 

 

receiving a default route from ISP1.

B.

The device is not able to resolve the next-hop.

C.

The isp1 routing instance is configured with an incorrect instance-type.

D.

The show route table isp1 command does not display the default route unless you add the exact 0.0.0.0/0 option.

 

Answer: B

 

 

Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

 

 

QUESTION 55

You are asked to configure class of service (CoS) on an SRX device running in transparent mode. Which command would you use?

 

A.

set interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

B.

set class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

C.

set class-of-service interfaces ge-0/0/0 unit 0 classifiers ieee-802.1 priority-app

D.

set interfaces ge-0/0/0 unit 0 classifiers inet-precedence priority-app

 

Answer: C

 

 

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB23234

 

 

QUESTION 56

Click the Exhibit button.

 – Exhibit —

 

[edit security idp]

 

user@srx# show

 

security-package {

 

url https://services.netscreen.com/cgi-bin/index.cgi;

 

automatic {

 

 

 

 

start-time “2012-12-11.01:00:00 +0000”;

 

interval 120;

 

enable;

 

}

 

}

 – Exhibit —

 

You have configured your SRX device to download and install attack signature updates as shown in the exhibit. You discover that updates are not being downloaded.

 

What are two reasons for this behavior? (Choose two.)

 

A.

No security policy is configured to allow the SRX device to contact the update server.

B.

The SRX device does not have a DNS server configured.

C.

The management zone interface does not have an IP address configured.

D.

The SRX device has no Internet connectivity.

 

Answer: BD

Explanation:

Configuration is correct. Only reason is that SRZ device is not able to connect to definition server.

Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491

 

 

QUESTION 57

Click the Exhibit button.

 – Exhibit?

 

 

 

 

 

clip_image004

 – Exhibit —

 

In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. While troubleshooting, you change your filter to forward all traffic to ISP1. However, no traffic is sent to ISP1.

 

What is causing this behavior?

 

A.

The filter is applied to the wrong interface.

B.

The filter should use the next-hop action instead of the routing-instance action.

C.

The filter term does not have a required from statement.

D.

The filter term does not have the accept statement.

 

Answer: A

 

 

Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB24821

 

 

 

 

 

 

QUESTION 58

Which statement is true about Layer 2 zones when implementing transparent mode security?

 

A.

All interfaces in the zone must be configured with the protocol family mpls.

B.

All interfaces in the zone must be configured with the protocol family inet.

C.

All interfaces in the zone must be configured with the protocol family bridge.

D.

All interfaces in the zone must be configured with the protocol family inet6.

 

Answer: C

Explanation:

Reference (page no 12) http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-layer2-bridging-transparent-mode.pdf

 

 

QUESTION 59

You are asked to apply individual upload and download bandwidth limits to YouTube traffic.

 

Where in the configuration would you create the necessary bandwidth limits?

 

A.

under the [edit security application-firewall] hierarchy

B.

under the [edit security policies] hierarchy

C.

under the [edit class-of-service] hierarchy

D.

under the [edit firewall policer <policer-name>] hierarchy

 

Answer: D

Explanation:

Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth- uploading-downloading-polcier/td-p/146666

 

 

QUESTION 60

You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able

 

 

 

 

to reach the Web server using its DNS name. External users receive an error message from their browser.

 

Which action would solve this problem?

 

A.

Modify the security policy.

B.

Disable Web filtering.

C.

Use destination NAT instead of static NAT.

D.

Use DNS doctoring.

 

Answer: D

Explanation:

Reference :http://www.networker.co.in/2013/03/dns-doctoring.html

 

Free VCE & PDF File for Juniper JN0-633 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-633 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.