Want to know Exambible JN0-633 Exam practice test features? Want to lear more about Juniper Security, Professional (JNCIP-SEC) certification experience? Study High quality Juniper JN0-633 answers to Most up-to-date JN0-633 questions at Exambible. Gat a success with an absolute guarantee to pass Juniper JN0-633 (Security, Professional (JNCIP-SEC)) test on your first attempt.

Q11. You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?

A. under the [edit security application-firewall] hierarchy

B. under the [edit security policies] hierarchy

C. under the [edit class-of-service] hierarchy

D. under the [edit firewall policer <policer-name>] hierarchy

Answer: D

Explanation:

Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth-uploading-downloading-polcier/td-p/146666


Q12. Click the Exhibit button.

user@host> show security flow session extensive Session ID: 1173, Status: Normal

Flag: Ox0

Policy name: two/6

Source NAT pool: interface, Application: junos-ftp/1 Dynamic application: junos:UNKNOWN,

Application traffic control rule-set: INVALID, Rule: INVALID Maximum timeout: 1800, Current timeout: 1756

Session State: Valid

Start time: 4859, Duration: 99

In: 172.20.103.10/56457 --> 10.210.14.130/21;tcp,

Interface: vlan.103,

Session token: Ox8, Flag: Ox21

Route: 0x100010, Gateway: 172.20.103.10, Tunnel: 0

Port sequence: 0, FIN sequence: 0, FIN state: 0,

Pkts: 12, Bytes: 549

Out: 10.210.14.130/21 --> 10.210.14.133/18698;tcp,

Interface: ge-0/0/0.0,

Session token: 0x7, Flag: Ox20

Route: Oxf0010, Gateway: 10.210 14.130, Tunnel: 0

Port sequence: 0, FIN sequence: 0,

FIN state: 0,

Pkts: 8, Bytes: 514

Total sessions: 1

A user complains that they are unable to download files using FTP. They are able to connect to the remote site, but cannot download any files. You investigate and execute the show security flow session extensive command to receive the result shown in the exhibit.

What is the cause of the problem?

A. The NAT translation is incorrect.

B. The FTP ALG has been disabled.

C. Passive mode FTP is not enabled.

D. The FTP session is using the wrong port number.

Answer: B


Q13. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit.

What are three configuration requirements? (Choose three.)

A. Disable SYN checking.

B. Enable IPv6 flow mode.

C. Configure proxy ARP.

D. Configure stateless filtering.

E. Configure proxy NDP.

Answer: B,C,E

Explanation: Reference:http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf


Q14. Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.

Referring to the exhibit, which statement is true?

A. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.

B. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

C. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

D. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.

Answer: C


Q15. Which statement is true regarding the dynamic VPN feature for Junos devices?

A. Only route-based VPNs are supported.

B. Aggressive mode is not supported.

C. Preshared keys for Phase 1 must be used.

D. It is supported on all SRX devices.

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway-pages/security/security-vpn-dynamic.pdf


Q16. You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices.Regarding this scenario, which statement is correct?

A. The NHTB table must be statically defined.

B. The NHTB table is automatically created during Phase 2.

C. The NHTB table is automatically created during Phase 1.

D. The NHTB table must be imported from each spoke.

Answer: A

Explanation: Referencehttp://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke- nhtb-example-configuring.html


Q17. A security administrator has configured an IPsec tunnel between two SRX devices. The

devices are configured with OSPF on the st0 interface and an external interface destined to the IPsec endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and down. Which action would resolve this issue?

A. Create a firewall filter on the st0 interface to permit IP protocol 89.

B. Configure the IPsec tunnel to accept multicast traffic.

C. Create a /32 static route to the IPsec endpoint through the external interface.

D. Increase the OSPF metric of the external interface.

Answer: C

Explanation: Reference: http://packetsneverlie.blogspot.in/2013/03/route-based-ipsec-vpn-with-ospf.html


Q18. You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)

A. security flow traceoptions

B. monitor interface traffic

C. show security flow session

D. monitor traffic interface

E. debug flow basic

Answer: A,B,C

Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110


Q19. Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)

A. IRB

B. bridge domain

C. interface family bridge

D. interface family ethernet-switching

Answer: B,C

Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21421


Q20. Click the Exhibit button.

-- Exhibit --

user@srx240< show route summary Router ID.

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active

StatiC.1 routes, 1 active

customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active StatiC.1 routes, 1 active

customer-B.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active OSPF.1 routes, 1 active StatiC.1 routes, 1 active

customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

Direct: 2 routes, 2 active

Local: 2 routes, 2 active StatiC.1 routes, 1 active

-- Exhibit --

In the output, how many user-configured routing instances have active routes?

A. 1

B. 2

C. 3

D. 4

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/command-summary/show-route-summary.html#jd0e185