JN0-633 Exam
Top Exact JN0-633 free samples Tips!
Youd better have a test just before buying our JN0-633 products. This kind of step can make you conscious of your weak along with strong factors of the JN0-633 exam preparation. Spend more occasion on the weak factors. We supply free downloadable Pdf files along with Test Serp software. You can download them on your PC along with make total preparation for the Juniper JN0-633 genuine exam.
2021 Mar JN0-633 exams
Q11. What is a benefit of using a dynamic VPN?
A. It provides a layer of redundancy on top of a point-to-point VPN mesh architecture.
B. It eliminates the need for point-to-point VPN tunnels.
C. It provides a way to grant VPN access on a per-user-group basis.
D. It simplifies IPsec access for remote clients.
Answer: D
Explanation: Reference:http://tutarticle.com/networking/benefits-of-dynamic-multipoint-vpn-dmvpn/
Q12. Which QoS function is supported in transparent mode?
A. 802.1p
B. DSCP
C. IP precedence
D. MPLS EXP
Answer: A
Explanation: Reference: http://chimera.labs.oreilly.com/books/1234000001633/ch06.html
Q13. You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote user.Regarding this scenario, which three statements are correct? (Choose three.)
A. You must use preshared keys.
B. IKE aggressive mode must be used.
C. Only predefined proposal sets can be used.
D. Only policy-based VPNs are supported.
E. You can use all methods of encryption.
Answer: A,B,D
Explanation: Reference
http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn-appnote-v12.pdf
Q14. Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able to access and manage new resources within their LSYS.
How do you accomplish this goal?
A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.
B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.
C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.
D. Create the new LSYS, then request the required resources from the customer, and create the required resources.
Answer: A
Explanation:
Reference
http://www.juniper.net/techpubs/en_US/junos12.1/topics/task/configuration/logical-system-security-user-lsys-overview-configuring.html
Q15. Which three match condition objects are required when creating IPS rules? (Choose three.)
A. attack objects
B. address objects
C. terminal objects
D. IP action objects
E. zone objects
Answer: A,B,E
Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-42453.html#understand-rule-match- cond-section
Improve JN0-633 rapidshare:
Q16. You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds.At which threshold will the bot clients no longer be classified as malicious?
A. 5000 hits in 60 seconds
B. 8000 hits in 60 seconds
C. 7500 hits in 60 seconds
D. 9999 hits in 60 seconds
Answer: B
Explanation: Reference :
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html
Q17. Click the Exhibit button.
[edit security application-firewall] user@host# show
rule-sets web { rule one { match {
dynamic-application junos:HTTP;
}
then { permit;
}
}
default-rule { reject;
}
}
What will happen to non-HTTP traffic that matches the application-firewall policy shown in the exhibit?
A. It will be denied because this is a blacklist policy.
B. It will be dropped and an error will be sent to the source.
C. It will be silently dropped.
D. It will be allowed because this is a whitelist policy.
Answer: C
Q18. Which configuration statement would allow the SRX Series device to match a signature only on the first match, and not subsequent signature matches in a connection?
A. user@host# set security idp idp-policy test rulebase-ips rule 1 then action recommended
B. user@host# set security idp idp-policy test rulebase-ips rule 1 then action ignore- connection
C. user@host# set security idp idp-policy test rulebase-ips rule 1 then action no-action
D. user@host# set security idp idp-policy test rulebase-ips rule 1 then action drop-connection
Answer: B
Q19. Which feature is used for layer 2 bridging on an SRX Series device?
A. route mode
B. packet mode
C. transparent mode
D. MPLS mode
Answer: C
Q20. Click the Exhibit button.
[edit] user@host# run show log debug
Feb3 22:04:31 22:04:31.824294:CID-0:RT:flow_first_policy_search: policy search from zone host-> zone attacker (Ox0,0xe4089404,0x17)
Feb3 22:04:31 22:04:31.824297:CID-0:RT:Policy lkup: vsys 0 zone(9:host) -> zone(10:attacker) scope: 0
Feb3 22:04:31 22:04:31.824770:CID-0:RT:5.0.0.25/59028 -> 25.0.0.25/23 proto 6
Feb3 22:04:31 22:04:31.824778:CID-0:RT:Policy lkup: vsys 0 zone(5:Umkmowm) -> zone(5:Umkmowm) scope: 0
Feb3 22:04:31 22:04:31.824780:CID-0:RT:5.0.0.25/59028 -> 25.0.0.25/23 proto 6
Feb3 22:04:31 22:04:31.824783:CID-0:RT: app 10, timeout 1800s, curr ageout 20s Feb3 22:04:31 22:04:31.824785:CID-0:RT: permitted by policy default-policy-00(2)
Feb3 22:04:31 22:04:31.824787:CID-0:RT: packet passed, Permitted by policy.
Feb3 22:04:31 22:04:31.824790:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed; False
Feb3 22:04:31 22:04:31.824834:CID-0:RT:flow_first_src_xlate: incoming src port is: 38118 Which two statements are true regarding the output shown in the exhibit? (Choose two.)
A. The packet does not match any user-configured security policies.
B. The user has configured a security policy to allow the packet.
C. The log is showing the first path packet flow.
D. The log shows the reverse flow of the session.
Answer: C