Download of JN0-633 exam price materials and braindump for Juniper certification for IT specialist, Real Success Guaranteed with Updated JN0-633 pdf dumps vce Materials. 100% PASS Security, Professional (JNCIP-SEC) exam Today!
2021 Mar JN0-633 sample question
Q81. You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances.Which two components are required? (Choose two.)
A. virtual routing instance
B. forwarding instance
C. static NAT
D. persistent NAT
Answer: A,C
Explanation:
Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
Q82. A local user complains that they cannot connect to an FTP server on the DMZ network. You investigate and confirm that the security policy allows FTP traffic from the trust zone to the DMZ zone.
What are two reasons for this problem? (Choose two.)
A. The FTP server has no route back to the local network.
B. No route is configured to the DMZ network.
C. No security policy exists for traffic from the DMZ zone to the trust zone.
D. The FTP ALG is disabled.
Answer: A,D
Q83. Click the Exhibit button.
-- Exhibit --
[edit forwarding-options] user@srx240# show packet-capture {
file filename my-packet-capture; maximum-capture-size 1500;
}
-- Exhibit --
Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.
Which firewall filter must you apply to the necessary interface to collect data for the packet
capture?
A. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then packet-mode;
}
term allow-all { then accept;
}
}
[edit firewall family inet]
B. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then {
count packet-capture;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
C. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then {
routing-instance packet-capture;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
D. user@srx240# show filter pkt-capture {
term pkt-capture-term { from {
protocol tcp; port ssh;
}
then { sample; accept;
}
}
term allow-all { then accept;
}
}
[edit firewall family inet]
Answer: D
Q84. You have recently deployed a dynamic VPN. Some remote users are complaining that they
cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN.What are two reasons for this problem? (Choose two.)
A. The supported number of users has been exceeded for the applied license.
B. The users are connecting to the portal using Windows Vista.
C. The SRX device does not have the required user account definitions.
D. The SRX device does not have the required access profile definitions.
Answer: A,D
Explanation:
Reference :https://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/syslog-messages/index.html?jd0e28566.html http://kb.juniper.net/InfoCenter/index?page=content&id=KB16477
Q85. You are asked to allow access to an external application for an internal host subject to address translation. The application requires multiple sessions initiated from the internal host and expects all the sessions to originate from the same source IP address.
Which Junos feature meets this objective?
A. destination NAT with address persistence
B. source NAT with address persistence
C. static NAT with port translation
D. interface-based persistent NAT
Answer: B
Latest JN0-633 dumps:
Q86. You have initiated the download of the IPS signature database on your SRX Series device. Which command would you use to confirm the download has completed?
A. request security idp security-package install
B. request security idp security-package download
C. request security idp security-package install status
D. request security idp security-package download status
Answer: D
Q87. You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
A. Load your Web server’s private key in the IDP configuration.
B. Load your Web server’s public key in the IDP configuration.
C. Generate a root certificate on the SRX Series device for your Web servers.
D. Specify the number of sessions in the SSL sensor configuration.
Answer: A,D
Q88. Click the Exhibit button.
user@host> show interfaces routing-instance all ge* terse InterfaceAdmin Link Proto LocalInstance
ge-0/0/0.0 up up inet 172.16.12.205/24 default ge-0/0/1.0 up up inet 5.0.0.5/24
iso A
ge-0/0/2.0 up up inet 25.0.0.5/24 iso B
user@host> show security flow session
Session ID: 82274, Policy name: default-policy-00/2, Timeout: 1770, Valid In: 5.0.0.25/61935 --> 25.0.0.25/23;tcp, If: ge-0/0/1.0, Pkts: 31, Bytes: 1781 Out: 25.0.0.25/23 --> 5.0.0.25/61935;tcp, If: ge-0/0/2.0, Pkts: 23, Bytes: 1452
Total sessions: 3 user@host> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, + = Both
0.0.0.0/0 *[Static/5] 04:08:52
> to 172.16.12.1 via ge-0/0/0.0 172.16.12.0/24 *[Direct/0] 04:08:52
via ge-0/0/0.0
172.16.12.205/32 *[Local/0] 4w4d 23:04:29
Loca1 via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 14:37:35, metric 1
MultiRecv
A. inet.0: 4 destinations, 4 routes {4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both 5.0.0.0/24 5 *[Direct/0] 00:05:04
> via ge-0/0/1.0
5.0.0.5/32 *[Local/0] 00:05:04
Local via ge-0/0/1.0 25.0.0.0/24 *[Direct/0] 00:02:37
> via ge-0/0/2.0
B. inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both 5.0.0.25/32 *[Static/5] 00:02:38
to table A.inet.0
25.0.0.0/24 *[Direct/0] 00:02:37
> via ge-0/0/2.0
25.0.0.5/32 *[Local/0] 00:02:37
Local via ge-0/0/2.0
Which statement is true about the outputs shown in the exhibit?
C. The routing instances A and B are connected using anltinterface.
D. Routing instance A’s routes are shared with routing instance B.
E. Routing instance B’s routes are shared with routing instance A.
F. The routing instances A and B are connected using avtinterface.
Answer: C
Q89. Which two statements are true about an interconnect logical system on an SRX Series device? (Choose two.)
A. VXLAN is used to switch inter-LSYS-traffic.
B. The root and user LSYSs connect to the interconnect LSYS usingvtinterfaces.
C. VPLS is used to switch inter-LSYS traffic.
D. The root and user LSYSs connect to the interconnect LSYS usingltinterfaces.
Answer: C,D
Q90. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. However, your configuration is not producing the expected results. Part of the configuration is shown in the exhibit. When you run the show route table isp1 command, you do not see the
default route listed.
What is causing this behavior?
A. The autonomous system number is incorrect, which is preventing the device from receiving a default route from ISP1.
B. The device is not able to resolve the next-hop.
C. The isp1 routing instance is configured with an incorrect instance-type.
D. The show route table isp1 command does not display the default route unless you add the exact 0.0.0.0/0 option.
Answer: B
Explanation: Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223