Exam Code: JN0-633 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Security, Professional (JNCIP-SEC)
Certification Provider: Juniper
Free Today! Guaranteed Training- Pass JN0-633 Exam.
2021 Sep JN0-633 torrent
Q41. You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds.At which threshold will the bot clients no longer be classified as malicious?
A. 5000 hits in 60 seconds
B. 8000 hits in 60 seconds
C. 7500 hits in 60 seconds
D. 9999 hits in 60 seconds
Answer: B
Explanation: Reference :
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html
Q42. Which feature is used for layer 2 bridging on an SRX Series device?
A. route mode
B. packet mode
C. transparent mode
D. MPLS mode
Answer: C
Q43. You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?
A. under the [edit security application-firewall] hierarchy
B. under the [edit security policies] hierarchy
C. under the [edit class-of-service] hierarchy
D. under the [edit firewall policer <policer-name>] hierarchy
Answer: D
Explanation:
Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth-uploading-downloading-polcier/td-p/146666
Q44. Click the Exhibit button.
-- Exhibit -- [edit security]
user@srx# show idp {
idp-policy NewPolicy { rulebase-exempt { rule 1 {
description AllowExternalRule; match {
source-address any; destination-address
}
}
}
}
}
-- Exhibit --
You are performing the initial IDP installation on your new SRX device. You have configured the IDP exempt rulebase as shown in the exhibit, but the commit is not successful.
Referring to the exhibit, what solves the issue?
A. You must configure the destination zone match.
B. You must configure the IPS exempt accept action.
C. You must configure the IPS rulebase.
D. You must configure the IPS engine flow action to ignore.
Answer: C
Explanation: Reference:http://jncie-sec.exactnetworks.net/2013/01/srx-idp-overview-initial-setup.html
Q45. Click the Exhibit button.
-- Exhibit–
-- Exhibit --
An attacker is using a nonstandard port for HTTP for reconnaissance into your network. Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPS engine will not detect the application due to the nonstandard port.
B. The IPS engine will detect the application regardless of the nonstandard port.
C. The IPS engine will perform application identification until the session is established.
D. The IPS engine will perform application identification until it processes the first 256 bytes of the packet.
Answer: B,D
Explanation: Reference:https://www.juniper.net/techpubs/en_US/idp/topics/example/simple/intrusion-detection-prevention-idp-rulebase-default-service-usage.html
Up to date JN0-633 actual test:
Q46. What are two network scanning methods? (Choose two.)
A. SYN flood
B. ping of death
C. ping sweep
D. UDP scan
Answer: C,D
Explanation:
The question is about the network scanning. So correct answers are ping sweep and UDP scan as both are port scanning types.
Reference:URL:http://althing.cs.dartmouth.edu/local/Network_Scanning_Techniques.pdf
Q47. When configuring AutoVPN, which two actions are required for an administrator to establish communication from the hub site to the spoke sites? (Choose two.)
A. Configure the next hop tunnel binding (NHTB).
B. Configure static routes from the hub to the spoke.
C. Configure a dynamic routing protocol such as BGP, OSPF, or RIP on the tunnel interfaces.
D. Create a multipoint secure tunnel interface on the hub device.
Answer: C,D
Q48. You are asked to implement an IPsec VPN between your main office and a new remote office. The remote office receives its IKE gateway address from their ISP dynamically.
Regarding this scenario, which statement is correct?
A. Configure a fully qualified domain name (FQDN) as the IKE identity.
B. Configure the dynamic-host-address option as the IKE identity.
C. Configure the unnumbered option as the IKE identity.
D. Configure a dynamic host configuration name (DHCN) as the IKE identity.
Answer: A
Q49. Which statement is true regarding dual-stack lite?
A. The softwire is an IPv4 tunnel over an IPv6 network.
B. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.
C. The softwire concentrator (SC) decapsulates softwire packets.
D. SRX devices support the softwire concentrator and softwire initiator functionality.
Answer: C
Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos/topics/concept/ipv6-ds-lite- overview.html
Q50. A security administrator has configured an IPsec tunnel between two SRX devices. The
devices are configured with OSPF on the st0 interface and an external interface destined to the IPsec endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and down. Which action would resolve this issue?
A. Create a firewall filter on the st0 interface to permit IP protocol 89.
B. Configure the IPsec tunnel to accept multicast traffic.
C. Create a /32 static route to the IPsec endpoint through the external interface.
D. Increase the OSPF metric of the external interface.
Answer: C
Explanation: Reference: http://packetsneverlie.blogspot.in/2013/03/route-based-ipsec-vpn-with-ospf.html