Want to know Exambible JN0-633 Exam practice test features? Want to lear more about Juniper Security, Professional (JNCIP-SEC) certification experience? Study High quality Juniper JN0-633 answers to Most up-to-date JN0-633 questions at Exambible. Gat a success with an absolute guarantee to pass Juniper JN0-633 (Security, Professional (JNCIP-SEC)) test on your first attempt.
Q11. You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?
A. under the [edit security application-firewall] hierarchy
B. under the [edit security policies] hierarchy
C. under the [edit class-of-service] hierarchy
D. under the [edit firewall policer <policer-name>] hierarchy
Answer: D
Explanation:
Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth-uploading-downloading-polcier/td-p/146666
Q12. Click the Exhibit button.
user@host> show security flow session extensive Session ID: 1173, Status: Normal
Flag: Ox0
Policy name: two/6
Source NAT pool: interface, Application: junos-ftp/1 Dynamic application: junos:UNKNOWN,
Application traffic control rule-set: INVALID, Rule: INVALID Maximum timeout: 1800, Current timeout: 1756
Session State: Valid
Start time: 4859, Duration: 99
In: 172.20.103.10/56457 --> 10.210.14.130/21;tcp,
Interface: vlan.103,
Session token: Ox8, Flag: Ox21
Route: 0x100010, Gateway: 172.20.103.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0, FIN state: 0,
Pkts: 12, Bytes: 549
Out: 10.210.14.130/21 --> 10.210.14.133/18698;tcp,
Interface: ge-0/0/0.0,
Session token: 0x7, Flag: Ox20
Route: Oxf0010, Gateway: 10.210 14.130, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 514
Total sessions: 1
A user complains that they are unable to download files using FTP. They are able to connect to the remote site, but cannot download any files. You investigate and execute the show security flow session extensive command to receive the result shown in the exhibit.
What is the cause of the problem?
A. The NAT translation is incorrect.
B. The FTP ALG has been disabled.
C. Passive mode FTP is not enabled.
D. The FTP session is using the wrong port number.
Answer: B
Q13. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit.
What are three configuration requirements? (Choose three.)
A. Disable SYN checking.
B. Enable IPv6 flow mode.
C. Configure proxy ARP.
D. Configure stateless filtering.
E. Configure proxy NDP.
Answer: B,C,E
Explanation: Reference:http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf
Q14. Click the Exhibit button.
Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.
Referring to the exhibit, which statement is true?
A. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.
B. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.
C. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.
D. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.
Answer: C
Q15. Which statement is true regarding the dynamic VPN feature for Junos devices?
A. Only route-based VPNs are supported.
B. Aggressive mode is not supported.
C. Preshared keys for Phase 1 must be used.
D. It is supported on all SRX devices.
Answer: C
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway-pages/security/security-vpn-dynamic.pdf
Q16. You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices.Regarding this scenario, which statement is correct?
A. The NHTB table must be statically defined.
B. The NHTB table is automatically created during Phase 2.
C. The NHTB table is automatically created during Phase 1.
D. The NHTB table must be imported from each spoke.
Answer: A
Explanation: Referencehttp://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke- nhtb-example-configuring.html
Q17. A security administrator has configured an IPsec tunnel between two SRX devices. The
devices are configured with OSPF on the st0 interface and an external interface destined to the IPsec endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and down. Which action would resolve this issue?
A. Create a firewall filter on the st0 interface to permit IP protocol 89.
B. Configure the IPsec tunnel to accept multicast traffic.
C. Create a /32 static route to the IPsec endpoint through the external interface.
D. Increase the OSPF metric of the external interface.
Answer: C
Explanation: Reference: http://packetsneverlie.blogspot.in/2013/03/route-based-ipsec-vpn-with-ospf.html
Q18. You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)
A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic
Answer: A,B,C
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
Q19. Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)
A. IRB
B. bridge domain
C. interface family bridge
D. interface family ethernet-switching
Answer: B,C
Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21421
Q20. Click the Exhibit button.
-- Exhibit --
user@srx240< show route summary Router ID.
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active
StatiC.1 routes, 1 active
customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active StatiC.1 routes, 1 active
customer-B.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active OSPF.1 routes, 1 active StatiC.1 routes, 1 active
customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
Direct: 2 routes, 2 active
Local: 2 routes, 2 active StatiC.1 routes, 1 active
-- Exhibit --
In the output, how many user-configured routing instances have active routes?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/command-summary/show-route-summary.html#jd0e185