Your success in Juniper JN0-633 is our sole target and we develop all our JN0-633 braindumps in a way that facilitates the attainment of this target. Not only is our JN0-633 study material the best you can find, it is also the most detailed and the most updated. JN0-633 Practice Exams for Juniper JNCIP JN0-633 are written to the highest standards of technical accuracy.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Juniper JN0-633 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/JN0-633-exam-dumps.html
Q71. Click the Exhibit button.
user@host> monitor traffic interface ge-0/0/3
verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay. Address resolution timeout is 4s.
Listening on ge-0/0/3, capture size 96 bytes
Reverse lookup for 172.168.3.254 failed (check DNS reachability). Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lockups on IP addresses.
19:24:16.320907 In arp who-has 172.168.3.254 tell 172.168.3.1 19.24:17.322751 In arp
who has 172.168.3.254 tell 172.168.3.1 19.24:18.328895 In arp who-has 172.168.3.254 tell
172.168.3.1
19.24:18.332956 In arn who has 172.168.3.254 tell 172.168.3.1
A new server has been set up in your environment. The administrator suspects that the firewall is blocking the traffic from the new server. Previously existing servers in the VLAN are working correctly. After reviewing the logs, you do not see any traffic for the new server.
Referring to the exhibit, what is the cause of the problem?
A. The server is in the wrong VLAN.
B. The server has been misconfigured with the wrong IP address.
C. The firewall has been misconfigured with the incorrect routing-instance.
D. The firewall has a filter enabled to blocktrafficfrom the server.
Answer: C
Q72. You are asked to change the configuration of your company's SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remain available to users.Which two methods will accomplish this goal? (Choose two.)
A. Enable the HTTP ALG.
B. Implement a firewall filter for Web traffic.
C. Use an IDP policy to inspect the Web traffic.
D. Configure an application firewall rule set.
Answer: B,D
Explanation: Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them.ALGs are typically employedto support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)
IDP policy defines the rule for defining the type of traffic permittedon network(http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/enable-idp-security-policy-section.html)
Q73. You are asked to ensure that your IPS engine blocks attacks. You must ensure that your system continues to drop additional malicious traffic without additional IPS processing for up to 30 minutes. You must ensure that the SRX Series device does send a notification packet when the traffic is dropped.
Which statement is correct?
A. Use the IP-Block action.
B. Use the Drop Packet action.
C. Use the Drop Connection action.
D. Use the IP-Close action.
Answer: D
Q74. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
Referring to the exhibit, a pair of SRX3600s is in an active/passive chassis cluster configured for transparent mode. Which type of traffic would traverse the secondary SRX3600 (node 1)?
A. all traffic including non-IP traffic
B. any IP traffic
C. only TCP and UDP traffic
D. only BPDU traffic
Answer: D
Q75. Your management has a specific set of Web-based applications that certain employees are allowed to use.
Which two SRX Series device features would be used to accomplish this task? (Choose two.)
A. UserFW
B. IDP
C. AppFW
D. firewall filter
Answer: C
Q76. Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate under a common IT security policy. You have been asked to facilitate communication between these VRs. Which two methods will accomplish this task? (Choose two.)
A. Use instance-import to share the routes between the two VRs.
B. Create logical tunnel interfaces to interconnect the two VRs.
C. Use a physical connection between VR-A and VR-B to interconnect them.
D. Create a static route using the next-table action in both VRs.
Answer: A,D
Explanation:
Logical or physical connections between instances on the same Junos device and route between the connected instances
Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260
Q77. HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets locally on the SRX240. Which configuration would you use to enable this capture?
A. [edit security flow] user@srx# show traceoptions {
file dump;
flag basic-datapath;
}
B. [edit security] user@srx# show application-tracking { enable;
}
flow { traceoptions { file dump;
flag basic-datapath;
}
}
C. [edit firewall filter capture term one] user@srx# show
from {
source-address { 1.1.1.1;
}
destination-address { 2.2.2.2;
}
protocol tcp;
}
then {
port-mirror; accept;
}
D. [edit firewall filter capture term one] user@srx# show
from {
source-address { 1.1.1.1;
}
destination-address { 2.2.2.2;
}
protocol tcp;
}
then { sample; accept;
}
Answer: D
Explanation: Reference:http://khurramkhalid.wordpress.com/2012/05/22/packet-capture-on-srx-devices/
Q78. You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules.
Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)
A. Use stateless firewall filtering to block the unwanted traffic.
B. Implement AppQoS to drop the unwanted traffic.
C. Implement screen options to block the unwanted traffic.
D. Implement IPS to drop the unwanted traffic.
E. Use security policies to block the unwanted traffic.
Answer: A,C,E
Explanation:
IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles.
Reference :http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools-for-junos/
Q79. Which two are required for the SRX device to perform DNS doctoring? (Choose two.)
A. DNS ALG
B. dns-doctoring stanza
C. name-server
D. static NAT
Answer: A,D
Explanation:
Reference :http://www.juniper.net/techpubs/en_US/junos12.1x44/information-products/pathway-pages/security/security-alg-dns.pdf
Q80. Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)
A. IRB
B. bridge domain
C. interface family bridge
D. interface family ethernet-switching
Answer: B,C
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21421
