[Free] Download New Latest (November) Juniper JN0-633 Actual Tests 61-70

Ensurepass

QUESTION 61

You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack.Which two additional elements do you need to define your custom signature? (Choose two.)

 

A.

service context

B.

protocol number

C.

direction

D.

source IP address of the attacker

 

Answer: AC

 

 

Reference: http://rtoodtoo.net/2011/09/22/how-to-write-srx-idp-custom-attacksignature/

 

 

QUESTION 62

What are two intrusion protection mechanisms available on SRX Series Services Gateways? (Choose two.)

 

A.

routing update detection

B.

traffic anomaly detection

C.

NAT anomaly protection

D.

DoS protection

 

 

 

 

 

Answer: BD

Explanation:

Juniper IPS system prevents Traffic Anamoly detection and DoS/DDoS attacks.

 

Reference: http://www.juniper.net/in/en/products-services/software/router-services/ips/

 

 

QUESTION 63

Your company’s network has seen an increase in Facebook-related traffic. You have been asked to restrict the amount of Facebook-related traffic to less than 100 Mbps regardless of congestion.

 

What are three components used to accomplish this task? (Choose three.)

 

A.

IDP policy

B.

application traffic control

C.

application firewall

D.

security policy

E.

application signature

 

Answer: BDE

Explanation:

An IDP policy defines how your device handles the networktraffic.It will not limit the rate. Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos- security-swconfig-security/idp-policy-overview-section.html)

 

Application Firewallenforces protocol and policy control at Layer 7. It inspects the actual content of the payload and ensures that it conforms to the policy, rather thanlimiting the rate.

 

Reference:http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/concept/application -firewall-overview.html

 

 

QUESTION 64

You are using logical systems to segregate customers. You have a requirement to enable

 

 

 

 

communication between the logical systems.What are two ways to accomplish this goal? (Choose two.)

 

A.

Use a shared DMZ zone to connect the logical systems together.

B.

Use a virtual tunnel (vt-) interface to connect the logical systems together.

C.

Use an external cable to connect the ports from the two logical systems.

D.

Use an interconnect LSYS to connect the logical systems together.

 

Answer: CD

Explanation:

Reference :http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic- collections/security/software-all/logical-systems-config/index.html?topic-53861.html

 

 

QUESTION 65

You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN.Which configuration will accomplish this task?

 

A.

[edit security ike]

user@srx# show

policy policy-1 {

mode main;

proposal-set standard;

pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA }

gateway my-gateway {

ike-policy policy-1;

address 10.10.10.2;

dead-peer-detection;

external-interface ge-0/0/1;

}

B.

[edit security ipsec]

user@srx# show

policy policy-1 {

proposal-set standard;

}

vpn my-vpn {

bind-interface st0.0;

dead-peer-detection;

ike {

gateway my-gateway;

 

 

 

 

ipsec-policy policy-1;

}

establish-tunnels immediately;

}

C.

[edit security ike]

user@srx# show

policy policy-1 {

mode main;

proposal-set standard;

pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA }

gateway my-gateway {

ike-policy policy-1;

address 10.10.10.2;

vpn-monitor;

external-interface ge-0/0/1;

}

D.

[edit security ipsec]

user@srx# show

policy policy-1 {

proposal-set standard;

}

vpn my-vpn {

bind-interface st0.0;

vpn-monitor;

ike {

gateway my-gateway;

ipsec-policy policy-1;

}

establish-tunnels immediately;

}

 

Answer: D

 

 

Reference: https://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic- collections/security/software-all/monitoring-and-troubleshootin
g/index.html?topic- 59092.html

 

 

QUESTION 66

You want requests from the same internal transport address to be mapped to the same external transport address. Only internal hosts can initialize the session.

 

 

 

 

Which Junos configuration setting supports the requirements?

 

A.

any-remote-host

B.

target-host

C.

source-host

D.

address-persistent

 

Answer: D

Explanation:

Reference :http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos- security-swconfig-security/understand-persistent-nat-section.html

 

 

QUESTION 67

Click the Exhibit button.

 – Exhibit?

 

clip_image002

 – Exhibit —

 

TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A is using the Blue network and getting dropped by the SRX device.

 

Which action will resolve the issue?

 

A.

Enable asyncronous-routing under the Blue zone.

 

 

 

 

B.

Configure ge-0/0/1 to belong to the Red zone.

C.

Disable RPF checking.

D.

Disable TCP sequence checking.

 

Answer: B

 

 

Reference:https://kb.juniper.net/InfoCenter/index?page=content&id=KB21046

 

 

QUESTION 68

Click the Exhibit button.

 – Exhibit?

 

clip_image004

 – Exhibit —

 

You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose.

 

Which configuration will accomplish this task?

 

A.

Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.

B.

Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1’s addresses, and translate traffic destined to 172.16.2.0/24 to Site2’s addresses.

C.

Using source NAT, translate traffic from Site1’s addresses to 172.16.1.0/24, and translate traffic from Site2’s addresses to 172.16.2.0/24.

D.

Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1’s addresses, and translate traffic destined to 172.16.2.0/24 to Site2’s addresses.

 

Answer: D

Explanation:

To examine bidirectional communication you need multiple packet filters, one for each

 

 

 

 

 

direction.

Reference

:http://my.safaribooksonline.com/book/networking/junos/9781449381721/security- policy/troubleshooting_security_policy_and_traf

 

 

QUESTION 69

Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

 

A.

DNS ALG

B.

dns-doctoring stanza

C.

name-server

D.

static NAT

 

Answer: AD

Explanation:

Reference :http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-alg-dns.pdf

 

 

QUESTION 70

Click the Exhibit button.

 – Exhibit —

 

security {

 

nat {

 

destination {

 

pool Web-Server {

 

address 10.0.1.5/32;

 

}

 

rule-set From-Internet {

 

 

 

 

from zone Untrust;

 

rule To-Web-Server {

 

match {

 

source-address 0.0.0.0/0;

 

destination-address 172.16.1.7/32;

 

}

 

then {

 

destination-nat pool Web-Server;

 

}

 

}

 

}

 

}

 

}

 

zones {

 

security-zone Untrust {

 

address-book {

 

address Web-Server-External 172.16.1.7/32;

 

address Web-Server-Internal 10.0.1.5/32;

 

}

 

interfaces {

 

ge-0/0/0.0;

 

}

 

}

 

security-zone DMZ {

 

address-book {

 

address Web-Server-External 172.16.1.7/32;

 

 

 

 

address Web-Server-Internal 10.0.1.5/32;

 

}

 

interfaces {

 

ge-0/0/1.0;

 

}

 

}

 

}

 

}

 – Exhibit —

 

You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address 192.168.1.1.

 

How do you accomplish this goal?

 

A.

Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].

B.

Change the address Web-Server-Ext objects to be address-set objects that include both addresses.

C.

Change the destination address under [edit security nat destination rule-set From- Internet rule To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.

D.

Create a new rule for the new address in the [edit security nat destination rule-set From- Internet] hierarchy.

 

Answer: D

 

 

Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security- source-and-destination-nat-translation-configuring.html

 

Free VCE & PDF File for Juniper JN0-633 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

 

This entry was posted in JN0-633 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.