10 Tips For JN0-633 IT specialist

Our pass rate is high to 98.9% and the similarity percentage between our JN0-633 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Juniper JN0-633 exam in just one try? I am currently studying for the Juniper JN0-633 exam. Latest Juniper JN0-633 Test exam practice questions and answers, Try Juniper JN0-633 Brain Dumps First.


Free VCE & PDF File for Juniper JN0-633 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:

Q81. Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature.

Which command would you use to accomplish this task?

A. show security idp attack detail

B. show security idp attack table

C. show security idp memory

D. show security idp counters

Answer: B

Q82. Click the Exhibit button.

user@key-server> show security group-vpn server ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address

97 UP bb224408940cc5d 435b9404284083c2 Main

98 UP 242c840089404d15 ab19284089408ba8 Main

user@key-server> show security group-vpn server ipsec security-associations Group: group-1, Group Id: 1

Total IPsec SAs: 1

IPsec SA Algorithm SPI Lifetime

group-l-sa ESP:3des/shal 1343991c 2736 Group: group-2, Group id: 2

Total IPsec SAs: 1

IPsec SA Algorithm SPI Lifetime

group-2-sa ESP:3des/shal 13be9e9 2741 Group: group-3, Group Id: 3

Total IPsec SAs: 1

IPsec SA Algorithm SPI Lifetime

group-3-sa ESP:3des/shal 20709057 2741 Group: group-4, Group Id: 4

Total IPsec SAs: 1

IPsec SA Algorithm SPI Lifetime

group-4-sa ESP:3des/shal 5111c2e1 2741

Which statement is correct regarding the outputs shown in the exhibit?

A. Two established peers are in the group VPNs.

B. One established peer is in the group VPNs.

C. No established peer is in the group VPNs.

D. Four established peers are in the group VPNs.

Answer: A

Q83. You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols.How would you accomplish this goal?

A. Use an IDP policy to identify the application regardless of the port used.

B. Use a custom ALG to detect the application regardless of the port used.

C. Use AppTrack to detect the application regardless of the port used.

D. Use AppID to detect the application regardless of the port used.

Answer: A


AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack-aka- AppID/td-p/63029

An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols

Reference :http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/id-79332.html

Q84. You are troubleshooting an IPsec session and see the following IPsec security associations:

ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys

< 500 ESP:aes-256/sha1 d6393645 26/ unlim – 0

> 500 ESP:aes-256/sha1 153ec235 26/ unlim – 0

< 500 ESP:aes-256/sha1 f9a2db9a 3011/ unlim – 0

> 500 ESP:aes-256/sha1 153ec236 3011/ unlim – 0

What are two reasons for this behavior? (Choose two.)

A. Both peers are trying to establish IKE Phase 1 but are not successful.

B. Both peers have established SAs with one another, resulting in two IPsec tunnels.

C. The lifetime of the Phase 2 negotiation is close to expiration.

D. Both peers have establish-tunnels immediately configured.

Answer: C,D

Explanation: Reference: http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swcmdref/show-security-ipsec-security-associations.html

Q85. In which situation is NAT proxy NDP required?

A. when translated addresses belong to the same subnet as the ingress interface

B. when filter-based forwarding and static NAT are used on the same interface

C. when working with static NAT scenarios

D. when the security device operates in transparent mode

Answer: C


WhenIP addressesarein the same subnet of the ingressinterface,NAT proxy ARPconfigured

Reference :http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-nat.pdf

Reference :http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html

Q86. You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority.Regarding this scenario, which statement is correct?

A. You can use SCEP to accomplish this behavior.

B. You can use OCSP to accomplish this behavior.

C. You can use CRL to accomplish this behavior.

D. You can use SPKI to accomplish this behavior.

Answer: A

Explanation: Reference: Page 9

http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf-trouble/configuring-and-troubleshooting-public-key- infrastructure.pdf

Q87. You are asked to change the configuration of your company's SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remain available to users.Which two methods will accomplish this goal? (Choose two.)

A. Enable the HTTP ALG.

B. Implement a firewall filter for Web traffic.

C. Use an IDP policy to inspect the Web traffic.

D. Configure an application firewall rule set.

Answer: B,D

Explanation: Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them.ALGs are typically employedto support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)

IDP policy defines the rule for defining the type of traffic permittedon network(http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/enable-idp-security-policy-section.html)

Q88. You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network.

Which two statements are true in this scenario? (Choose two.)

A. You must add at least one PKI certificate.

B. Junos does not support more than 5000 sessions in this scenario.

C. You must enable SSL decoding.

D. You must enable SSL inspection.

Answer: C,D

Q89. Click the Exhibit button.

user@host> show services application-identification application-system—cache Application System Cache Configurations:

Application-cache: off nested-application-cache: on cache-unknown-result: on

cache-entry-timeout: 3600 seconds

You are using the application identification feature on your SRX Series device. The help desk reports that users are complaining about slow Internet connectivity. You issue the command shown in the exhibit.

What must you do to correct the problem?

A. Modify the configuration with thedelete services application-identification no-application- system-cachecommand and commit the change.

B. Modify the configuration with thedelete services application-identification no-clear- application-system-cachecommand and commit the change.

C. Reboot the SRX Series device.

D. Modify the configuration with thedelete services application-identification no-application

–identificationcommand and commit the change.

Answer: B

Q90. What are the three types of attack objects used in an IPS engine? (Choose three.)

A. signature

B. chargen

C. compound

D. component

E. anomaly

Answer: A,C,E 

Explanation: Reference:http://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion-detection-prevention-idp-rulebase-attack-object-using.html