JN0-633 tutorials(71 to 80) for candidates: Jul 2017 Edition

We provide real JN0-633 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Juniper JN0-633 Exam quickly & easily. The JN0-633 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Juniper JN0-633 dumps pdf and vce product and material, you can easily pass the JN0-633 exam.

2017 NEW RECOMMEND

Free VCE & PDF File for Juniper JN0-633 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/JN0-633-dumps.html

Q71. Click the Exhibit button.

[edit security nat static rule-set 12] user@SRX2# show

from zone untrust; rule 1 {

match {

destination-address 192.168.1.1/32;

}

then { static-nat { prefix {

10.60.60.1/32;

}

}

}

}

Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.

What is the result of the communication?

A. The 192.168.0.1 address is translated to the 10.60.60.1 address.

B. The 10.60.60.1 address is translated to the 192.168.1.1 address.

C. No translation occurs.

D. The 192.168.0.1 address is translated to the 192.168.1.1 address.

Answer: B

Q72. You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique logical systems (LSYSs) on the same SRX5800.

How would you accomplish this task?

A. Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.

B. Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.

C. Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.

D. Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.

Answer: C

Explanation:

Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260

Q73. You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able to reach the Web server using its DNS name. External users receive an error message from their browser.

Which action would solve this problem?

A. Modify the security policy.

B. Disable Web filtering.

C. Use destination NAT instead of static NAT.

D. Use DNS doctoring.

Answer: D

Explanation:

Reference :http://www.networker.co.in/2013/03/dns-doctoring.html

Q74. The IPsec VPN on your SRX Series device establishes both the Phase 1 and Phase 2 security associations. Users are able to pass traffic through the VPN. During peak VPN usage times, users complain about decreased performance. Network connections outside of the VPN are not seriously impacted.

Which two actions will resolve the problem? (Choose two.)

A. Lower the MTU size on the interface to reduce the likelihood of packet fragmentation.

B. Verify that NAT-T is not disabled in the properties of the phase 1 gateway.

C. Lower the MSS setting in the security flow stanza for IPsec VPNs.

D. Verify that the PKI certificate used to establish the VPN is being properly verified using either the CPL or OCSP.

Answer: A,C

Q75. Which AppSecure module provides Quality of Service?

A. AppTrack

B. AppFW

C. AppID

D. AppQoS

Answer: D

Q76. Which two statements about AppQoS are true? (Choose two.)

A. AppQoS remarking supersedes interface remarking.

B. AppQoS supports forwarding class assignment.

C. AppQoS supports rate limiting.

D. AppQoS supports bandwidth reservation.

Answer: B,C

Q77. What are two network scanning methods? (Choose two.)

A. SYN flood

B. ping of death

C. ping sweep

D. UDP scan

Answer: C,D

Explanation:

The question is about the network scanning. So correct answers are ping sweep and UDP scan as both are port scanning types.

Reference:URL:http://althing.cs.dartmouth.edu/local/Network_Scanning_Techniques.pdf

Q78. Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able to access and manage new resources within their LSYS.

How do you accomplish this goal?

A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.

B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.

C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.

D. Create the new LSYS, then request the required resources from the customer, and create the required resources.

Answer: A

Explanation:

Reference

http://www.juniper.net/techpubs/en_US/junos12.1/topics/task/configuration/logical-system-security-user-lsys-overview-configuring.html

Q79. You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your customer's network.Which two statements are true about this scenario? (Choose two.)

A. The SRX device will serve as the softwire initiator and the customer CPE device will serve as the softwire concentrator.

B. The SRX device will serve as the softwire concentrator and the customer CPE device will serve as the softwire initiator.

C. The infrastructure network supporting the tunnel will be based on IPv4.

D. The infrastructure network supporting the tunnel will be based on IPv6.

Answer: B,D

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ipv6-ds-lite-overview.html

Q80. Click the Exhibit button.

[edit security idp-policy test] user@host# show

rulebase-ips { rule R3 { match {

source-address any; destination-address any; attacks {

predefined-attacks FTP:USER:ROOT;

}

}

then { action {

recommended;

}

}

terminal;

}

rule R4 { match {

source-address any; destination-address any; attacks {

predefined-attacks HTTP:HOTMAIL:FILE-UPLOAD;

}

}

then { action {

recommended;

}

}

}

}

You have just committed the new IDP policy shown in the exhibit. However, you notice no action is taken on traffic matching the R4 IDP rule.

Which two actions will resolve the problem? (Choose two.)

A. Change the R4 rule to match on a predefined attack group.

B. Insert the R4 rule above the R3 rule.

C. Delete theterminalstatement from the R3 rule.

D. Change the IPS rulebase to an exempt rulebase.

Answer: C

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.