★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/JN0-633-dumps.html
Q71. Which AppSecure module provides Quality of Service?
A. AppTrack
B. AppFW
C. AppID
D. AppQoS
Answer: D
Q72. Click the Exhibit button.
-- Exhibit --
[edit forwarding-options] user@srx240# show packet-capture {
file filename my-packet-capture; maximum-capture-size 1500;
}
-- Exhibit --
Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.
Which firewall filter must you apply to the necessary interface to collect data for the packet
capture?
A. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then packet-mode;
}
term allow-all { then accept;
}
}
[edit firewall family inet]
B. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then {
count packet-capture;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
C. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then {
routing-instance packet-capture;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
D. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then { sample; accept;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
Answer: D
Q73. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose.
Which configuration will accomplish this task?
A. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.
B. Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
C. Using source NAT, translate traffic from Site1's addresses to 172.16.1.0/24, and translate traffic from Site2's addresses to 172.16.2.0/24.
D. Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
Answer: D
Explanation:
To examine bidirectional communication you need multiple packet filters, one for each direction.
Reference
http://my.safaribooksonline.com/book/networking/junos/9781449381721/security-policy/troubleshooting_security_policy_and_traf
Q74. What is a secure key management protocol used by IPsec?
A. AH
B. ESP
C. TCP
D. IKE
Answer: D
Q75. What is the default action for an SRX device in transparent mode to determine the outgoing interface for an unknown destination MAC address?
A. Perform packet flooding.
B. Send an ARP query.
C. Send an ICMP packet with a TTL of 1.
D. Perform a traceroute request.
Answer: A
Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-interfaces-and-routing/understand-l2-forwarding-tables-section.html
Q76. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. While troubleshooting, you change your filter to forward all traffic to ISP1. However, no traffic is sent to ISP1.
What is causing this behavior?
A. The filter is applied to the wrong interface.
B. The filter should use the next-hop action instead of the routing-instance action.
C. The filter term does not have a required from statement.
D. The filter term does not have the accept statement.
Answer: A
Explanation: Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB24821
Q77. You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
A. Load your Web server’s private key in the IDP configuration.
B. Load your Web server’s public key in the IDP configuration.
C. Generate a root certificate on the SRX Series device for your Web servers.
D. Specify the number of sessions in the SSL sensor configuration.
Answer: A,D
Q78. You have initiated the download of the IPS signature database on your SRX Series device. Which command would you use to confirm the download has completed?
A. request security idp security-package install
B. request security idp security-package download
C. request security idp security-package install status
D. request security idp security-package download status
Answer: D
Q79. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You have been asked to block YouTube video streaming for internal users. You have implemented the configuration shown in the exhibit, however users are still able to stream videos.
What must be modified to correct the problem?
A. The application firewall rule needs to be applied to an IDP policy.
B. You must create a custom application to block YouTube streaming.
C. The application firewall rule needs to be applied to the security policy.
D. You must apply the dynamic application to the security policy
Answer: C
Explanation: Reference:http://www.redelijkheid.com/blog/2013/5/10/configure-application-firewalling-on
Q80. Click the Exhibit button.
[edit security application-firewall] user@host# show
rule-sets web { rule one { match {
dynamic-application junos:HTTP;
}
then { permit;
}
}
default-rule { reject;
}
}
What will happen to non-HTTP traffic that matches the application-firewall policy shown in the exhibit?
A. It will be denied because this is a blacklist policy.
B. It will be dropped and an error will be sent to the source.
C. It will be silently dropped.
D. It will be allowed because this is a whitelist policy.
Answer: C