♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q51. Click the Exhibit button.
[edit security nat static rule-set 12] user@SRX2# show
from zone untrust; rule 1 {
match {
destination-address 192.168.1.1/32;
}
then { static-nat { prefix {
10.60.60.1/32;
}
}
}
}
Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.
What is the result of the communication?
A. The 192.168.0.1 address is translated to the 10.60.60.1 address.
B. The 10.60.60.1 address is translated to the 192.168.1.1 address.
C. No translation occurs.
D. The 192.168.0.1 address is translated to the 192.168.1.1 address.
Answer: B
Q52. Which problem is introduced by setting the terminal parameter on an IPS rule?
A. The SRX device will stop IDP processing for future sessions.
B. The SRX device might detect more false positives.
C. The SRX device will terminate the session in which the terminal rule detected the attack.
D. The SRX device might miss attacks.
Answer: D
Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-42464.html
Q53. When configuring AutoVPN, which two actions are required for an administrator to establish communication from the hub site to the spoke sites? (Choose two.)
A. Configure the next hop tunnel binding (NHTB).
B. Configure static routes from the hub to the spoke.
C. Configure a dynamic routing protocol such as BGP, OSPF, or RIP on the tunnel interfaces.
D. Create a multipoint secure tunnel interface on the hub device.
Answer: C,D
Q54. Click the Exhibit button.
user@host> show services application-identification application-system—cache Application System Cache Configurations:
Application-cache: off nested-application-cache: on cache-unknown-result: on
cache-entry-timeout: 3600 seconds
You are using the application identification feature on your SRX Series device. The help desk reports that users are complaining about slow Internet connectivity. You issue the command shown in the exhibit.
What must you do to correct the problem?
A. Modify the configuration with thedelete services application-identification no-application- system-cachecommand and commit the change.
B. Modify the configuration with thedelete services application-identification no-clear- application-system-cachecommand and commit the change.
C. Reboot the SRX Series device.
D. Modify the configuration with thedelete services application-identification no-application
–identificationcommand and commit the change.
Answer: B
Q55. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A's configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page.
What would cause this behavior on the SRX device in Company B's network?
A. DNS replication is enabled.
B. DNS doctoring is enabled.
C. DNS replication is disabled.
D. DNS doctoring is disabled.
Answer: D
Explanation: Reference:http://www.trapezenetworks.com/techpubs/en_US/junos12.2/topics/concept/dns-alg-nat-doctoring-overview.html
Q56. Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts to be able to reach the internal resource using the DNS name of the resource.
How do you accomplish this goal?
A. Implement proxy ARP.
B. Implement NAT-Traversal.
C. Implement NAT hairpinning.
D. Implement persistent NAT.
Answer: A
Explanation:
Reference :http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/prxy-arp-nat_srx.html
Q57. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose.
Which configuration will accomplish this task?
A. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.
B. Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
C. Using source NAT, translate traffic from Site1's addresses to 172.16.1.0/24, and translate traffic from Site2's addresses to 172.16.2.0/24.
D. Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
Answer: D
Explanation:
To examine bidirectional communication you need multiple packet filters, one for each direction.
Reference
http://my.safaribooksonline.com/book/networking/junos/9781449381721/security-policy/troubleshooting_security_policy_and_traf
Q58. Which two configuration statements are used to share interface routes between routing instances? (Choose two.)
A. export-rib
B. static rib-group
C. interface-routes rib-group
D. import-rib
Answer: C,D
Q59. Which statement is true regarding dual-stack lite?
A. The softwire is an IPv4 tunnel over an IPv6 network.
B. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.
C. The softwire concentrator (SC) decapsulates softwire packets.
D. SRX devices support the softwire concentrator and softwire initiator functionality.
Answer: C
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos/topics/concept/ipv6-ds-lite- overview.html
Q60. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A is using the Blue network and getting dropped by the SRX device.
Which action will resolve the issue?
A. Enable asyncronous-routing under the Blue zone.
B. Configure ge-0/0/1 to belong to the Red zone.
C. Disable RPF checking.
D. Disable TCP sequence checking.
Answer: B
Explanation: Reference:https://kb.juniper.net/InfoCenter/index?page=content&id=KB21046
