The Renew Guide To JN0-633 questions Jan 2017

High quality and great value regarding our Juniper JN0-633: 100% passing assure and funds back. If you use Exambibles Juniper Juniper exam practice supplies, we guarantee you wonderful achievement on your initial try. Or else, you will receive the full refund of your purchasing service fees. And you will take pleasure in free updated Juniper JN0-633 exam questions as well as answers within 120 days after buying.

2017 Jan JN0-633 exam engine

Q21. An SRX Series device is configured for inline tap mode. What will occur if Drop Packet is selected?

A. The SRX Series device drops a matching packet before it can reach its destination but does not close the connection.

B. The SRX Series device will ignore the action Drop Packet.

C. The SRX Series device closes the connection and sends an RST packet to both the client and the server.

D. The SRX Series device drops a matching packet associated with the connection, preventing traffic for the connection from reaching its destination.

Answer: D


Q22. Click the Exhibit button.

-- Exhibit --

[edit security idp] user@srx# show security-package {

url https://services.netscreen.com/cgi-bin/index.cgi; automatic {

start-time "2012-12-11.01:00:00 +0000";

interval 120; enable;

}

}

-- Exhibit --

You have configured your SRX device to download and install attack signature updates as shown in the exhibit. You discover that updates are not being downloaded.

What are two reasons for this behavior? (Choose two.)

A. No security policy is configured to allow the SRX device to contact the update server.

B. The SRX device does not have a DNS server configured.

C. The management zone interface does not have an IP address configured.

D. The SRX device has no Internet connectivity.

Answer: B,D

Explanation:

Configuration is correct. Only reason is that SRZ device is not able to connect to definition server.

Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491


Q23. You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. The tunnel is stable and up, and communications with remote devices on different subnets work without any issues.Which configuration setting would resolve this issue?

A. adding local-redirect at the [edit security nat] hierarchy

B. adding local-redirect at the [edit interfaces <interface-name>] hierarchy

C. adding proxy-arp at the [edit security nat] hierarchy

D. adding proxy-arp at the [edit interfaces <interface-name>] hierarchy

Answer: C

Explanation:

Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf


Q24. Click the Exhibit button.

-- Exhibit --

[edit forwarding-options] user@srx240# show packet-capture {

file filename my-packet-capture; maximum-capture-size 1500;

}

-- Exhibit --

Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.

Which firewall filter must you apply to the necessary interface to collect data for the packet

capture?

A. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then packet-mode;

}

term allow-all { then accept;

}

}

[edit firewall family inet]

B. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then {

count packet-capture;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

C. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then {

routing-instance packet-capture;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

D. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then { sample; accept;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

Answer: D


Q25. Your company provides managed services for two customers. Each customer has been segregated within its own routing instance on your SRX device. Customer A and customer B inform you that they need to be able to reach certain hosts on each other's network.

Which two configuration settings would be used to share routes between these routing instances? (Choose two.)

A. routing-group

B. instance-import

C. import-rib

D. next-table

Answer: B,D

Explanation:

Reference :http://aconaway.com/2013/03/02/junos-logical-tunnel-interfaces-with-virtual- routers/


Updated JN0-633 practice exam:

Q26. In which situation is NAT proxy NDP required?

A. when translated addresses belong to the same subnet as the ingress interface

B. when filter-based forwarding and static NAT are used on the same interface

C. when working with static NAT scenarios

D. when the security device operates in transparent mode

Answer: C

Explanation:

WhenIP addressesarein the same subnet of the ingressinterface,NAT proxy ARPconfigured

Reference :http://www.juniper.net/techpubs/en_US/junos12.1x44/information- products/pathway-pages/security/security-nat.pdf

Reference :http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html


Q27. Click the Exhibit button.

user@host# run show security flow session

Session ID: 28, Policy name: allow/5, Timeout: 2, Valid

In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40

Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.

Referring to the exhibit, what is causing this problem?

A. The traffic is originated with incorrect IP address from the customer.

B. The traffic is translated with the incorrect IP address for the HTTP server.

C. The traffic is translated with the incorrect port number for the HTTP server.

D. The traffic is originated with the incorrect port number from the customer.

Answer: C


Q28. Which feature is used for layer 2 bridging on an SRX Series device?

A. route mode

B. packet mode

C. transparent mode

D. MPLS mode

Answer: C


Q29. You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network.

Which two statements are true in this scenario? (Choose two.)

A. You must add at least one PKI certificate.

B. Junos does not support more than 5000 sessions in this scenario.

C. You must enable SSL decoding.

D. You must enable SSL inspection.

Answer: C,D


Q30. In the IPS packet processing flow on an SRX Series device, when does application identification occur?

A. before fragmentation processing

B. after protocol decoding

C. before SSL decryption

D. after attack signature matching

Answer: A



see more JN0-633 dumps