Want to know Pass4sure JN0-633 Exam practice test features? Want to lear more about Juniper Security, Professional (JNCIP-SEC) certification experience? Study Free Juniper JN0-633 answers to Latest JN0-633 questions at Pass4sure. Gat a success with an absolute guarantee to pass Juniper JN0-633 (Security, Professional (JNCIP-SEC)) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q41. You want to configure in-band management of an SRX device in transparent mode. Which command is required to enable this functionality?
A. set interfaces irb unit 1 family inet address
B. set interfaces vlan unit 1 family inet address
C. set interfaces ge-0/0/0 unit 0 family inet address
D. set interfaces ge-0/0/0 unit 0 family bridge address
Answer: A
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB23823
Q42. You are asked to design a solution to verify IPsec peer reachability with data path forwarding.
Which feature would meet the design requirements?
A. DPD over Phase 1 SA
B. DPD over Phase 2 SA
C. VPN monitoring over Phase 1 SA
D. VPN monitoring over Phase 2 SA
Answer: D
Explanation:
Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS-VPN-monitor-in-IPSEC/td-p/176671
Q43. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?
A. source NAT
B. static NAT
C. filter-based forwarding
D. source-based routing
Answer: C
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical-systems-filter-based-forwarding.html
Q44. What is a secure key management protocol used by IPsec?
A. AH
B. ESP
C. TCP
D. IKE
Answer: D
Q45. You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN.Which configuration will accomplish this task?
A. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; dead-peer-detection;
external-interface ge-0/0/1;
}
B. [edit security ipsec] user@srx# show
policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; dead-peer-detection; ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
C. [edit security ike] user@srx# show policy policy-1 { mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$URiqPFnCBIc5QIcylLXUjH"; ## SECRET-DATA
}
gateway my-gateway { ike-policy policy-1; address 10.10.10.2; vpn-monitor;
external-interface ge-0/0/1;
}
D. [edit security ipsec] user@srx# show policy policy-1 { proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0; vpn-monitor;
ike {
gateway my-gateway; ipsec-policy policy-1;
}
establish-tunnels immediately;
}
Answer: D
Explanation: Reference: https://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?topic- 59092.html
Q46. You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
A. Load your Web server’s private key in the IDP configuration.
B. Load your Web server’s public key in the IDP configuration.
C. Generate a root certificate on the SRX Series device for your Web servers.
D. Specify the number of sessions in the SSL sensor configuration.
Answer: A,D
Q47. The IPsec VPN on your SRX Series device establishes both the Phase 1 and Phase 2 security associations. Users are able to pass traffic through the VPN. During peak VPN usage times, users complain about decreased performance. Network connections outside of the VPN are not seriously impacted.
Which two actions will resolve the problem? (Choose two.)
A. Lower the MTU size on the interface to reduce the likelihood of packet fragmentation.
B. Verify that NAT-T is not disabled in the properties of the phase 1 gateway.
C. Lower the MSS setting in the security flow stanza for IPsec VPNs.
D. Verify that the PKI certificate used to establish the VPN is being properly verified using either the CPL or OCSP.
Answer: A,C
Q48. Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature.
Which command would you use to accomplish this task?
A. show security idp attack detail
B. show security idp attack table
C. show security idp memory
D. show security idp counters
Answer: B
Q49. You have a group IPsec VPN established with a single key server and five client devices. Regarding this scenario, which statement is correct?
A. There is one unique Phase 1 security association and five unique Phase 2 security associations used for this group.
B. There is one unique Phase 1 security association and one unique Phase 2 security association used for this group.
C. There are five unique Phase 1 security associations and five unique Phase 2 security associations used for this group.
D. There are five unique Phase 1 security associations and one unique Phase 2 security association used for this group.
Answer: D
Explanation:
Reference :http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf
Q50. Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able to access and manage new resources within their LSYS.
How do you accomplish this goal?
A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.
B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.
C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.
D. Create the new LSYS, then request the required resources from the customer, and create the required resources.
Answer: A
Explanation:
Reference
http://www.juniper.net/techpubs/en_US/junos12.1/topics/task/configuration/logical-system-security-user-lsys-overview-configuring.html