Top 10 paper JN0-633 for consumer (91 to 100)

It is more faster and easier to pass the Juniper JN0-633 exam by using Vivid Juniper Security, Professional (JNCIP-SEC) questuins and answers. Immediate access to the Updated JN0-633 Exam and find the same core area JN0-633 questions with professionally verified answers, then PASS your exam with a high score now.

2017 NEW RECOMMEND

Free VCE & PDF File for Juniper JN0-633 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW JN0-633 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/JN0-633-dumps.html

Q91. Click the Exhibit button

[edit security]

user@host# show policies global {

policy new-policy { match {

source-address any; destination-address any; application junos-https;

}

then { permit {

application-services { application-firewall { rule-set appfw;

}

}

}

}

}

}

[edit security]

user@host# show application-firewall rule-sets appfw {

rule 1 { match {

dynamic-application junos:SSL;

}

then { permit;

}

}

rule 2 { match {

dynamic-application junos:HTTP;

}

then { reject;

}

}

default-rule { permit;

}

}

Referring to the exhibit, which two statements are correct? (Choose two.)

A. HTTP traffic is permitted.

B. HTTP traffic is dropped.

C. HTTPS traffic is permitted.

D. HTTPS traffic is dropped.

Answer: B,C

Q92. Where does the AppSecure suite of functions occur in the security flow process on an SRX Series device?

A. services

B. security policy

C. NAT

D. session initiation

Answer: A

Q93. You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack.Which two additional elements do you need to define your custom signature? (Choose two.)

A. service context

B. protocol number

C. direction

D. source IP address of the attacker

Answer: A,C

Explanation: Reference: http://rtoodtoo.net/2011/09/22/how-to-write-srx-idp-custom-attacksignature/

Q94. Click the Exhibit button.

— Exhibit–

— Exhibit —

You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit.

What are three configuration requirements? (Choose three.)

A. Disable SYN checking.

B. Enable IPv6 flow mode.

C. Configure proxy ARP.

D. Configure stateless filtering.

E. Configure proxy NDP.

Answer: B,C,E

Explanation: Reference:http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf

Q95. What is a benefit of using a dynamic VPN?

A. It provides a layer of redundancy on top of a point-to-point VPN mesh architecture.

B. It eliminates the need for point-to-point VPN tunnels.

C. It provides a way to grant VPN access on a per-user-group basis.

D. It simplifies IPsec access for remote clients.

Answer: D

Explanation: Reference:http://tutarticle.com/networking/benefits-of-dynamic-multipoint-vpn-dmvpn/

Q96. You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the database fails to install.What are two reasons for the failure? (Choose two.)

A. The file system on the SRX device has insufficient free space to install the database.

B. The downloaded signature database is corrupt.

C. The previous version of the database must be uninstalled first.

D. The SRX device does not have the high memory option installed.

Answer: A,B

Explanation:

We don’t need to uninstall the previous version to install a new license, as we can update the same. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491. Also high memory option is licensed feature.

The only reason for failure is either there is no space left or downloaded file is corrupted due to incomplete download because of internet termination in between. Reference:http://kb.juniper.net/InfoCenter/index?page=content&id=KB23359

Q97. As an SRX administrator, you must find all encrypted sessions on an SRX Series device. Which command would you use to accomplish this task?

A. show security flow session tunnel

B. show security ike tunnel-map

C. show security ike security-associations

D. show security flow session encrypted

Answer: D

Q98. Click the Exhibit button.

— Exhibit–

— Exhibit —

An attacker is using a nonstandard port for HTTP for reconnaissance into your network. Referring to the exhibit, which two statements are true? (Choose two.)

A. The IPS engine will not detect the application due to the nonstandard port.

B. The IPS engine will detect the application regardless of the nonstandard port.

C. The IPS engine will perform application identification until the session is established.

D. The IPS engine will perform application identification until it processes the first 256 bytes of the packet.

Answer: B,D 

Explanation: Reference:https://www.juniper.net/techpubs/en_US/idp/topics/example/simple/intrusion-detection-prevention-idp-rulebase-default-service-usage.html

Q99. HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets locally on the SRX240. Which configuration would you use to enable this capture?

A. [edit security flow] user@srx# show traceoptions {

file dump;

flag basic-datapath;

}

B. [edit security] user@srx# show application-tracking { enable;

}

flow { traceoptions { file dump;

flag basic-datapath;

}

}

C. [edit firewall filter capture term one] user@srx# show

from {

source-address { 1.1.1.1;

}

destination-address { 2.2.2.2;

}

protocol tcp;

}

then {

port-mirror; accept;

}

D. [edit firewall filter capture term one] user@srx# show

from {

source-address { 1.1.1.1;

}

destination-address { 2.2.2.2;

}

protocol tcp;

}

then { sample; accept;

}

Answer: D

Explanation: Reference:http://khurramkhalid.wordpress.com/2012/05/22/packet-capture-on-srx-devices/

Q100. You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)

A. security flow traceoptions

B. monitor interface traffic

C. show security flow session

D. monitor traffic interface

E. debug flow basic

Answer: A,B,C

Explanation: Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.