100% Correct of JN0-633 exam prep materials and faq for Juniper certification for IT examinee, Real Success Guaranteed with Updated JN0-633 pdf dumps vce Materials. 100% PASS Security, Professional (JNCIP-SEC) exam Today!

2021 Apr JN0-633 practice exam

Q61. Click the Exhibit button.

-- Exhibit --

[edit security idp] user@srx# show | no-more idp-policy basic {

rulebase-ips { rule 1 { match {

from-zone untrust; source-address any; to-zone trust;

destination-address any; application default; attacks {

custom-attacks data-inject;

}

}

then { action {

recommended;

}

notification { log-attacks;

}

}

}

}

}

active-policy basic; custom-attack data-inject {

recommended-action close; severity critical;

attack-type { signature {

context mssql-query;

pattern "SELECT * FROM accounts"; direction client-to-server;

}

}

}

-- Exhibit --

You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you want to improve the efficiency and performance of your IDP.

Which two commands should you use? (Choose two.)

A. set custom attack data-inject recommended-action drop

B. set custom-attack data-inject attack-type signature protocol-binding tcp

C. set idp-policy basic rulebase-ips rule 1 match destination-address webserver

D. set idp-policy basic rulebase-ips rule 1 match application any

Answer: B,C


Q62. You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800.

Which two methods of forwarding, between virtual routers, would you recommend? (Choose two.)

A. Use a static route to forward traffic across virtual routers using the next-table option. Enable the return route by using a RIB group.

B. Create static routes in each virtual router using thenext-tablecommand.

C. Use a RIB group to share the internal routing protocol routes from the master routing instance. 

D. Connect a direct cable between boo physical interfaces, one in each virtual router and use static routes with thenext-hopcommand.

Answer: B


Q63. Your company has added a connection to a new ISP and you have been asked to send specific traffic to the new ISP. You have decided to implement filter-based forwarding. You have configured new routing instances with type forwarding. You must direct traffic into each instance.Which step would accomplish this goal?

A. Add a firewall filter to the ingress interface that specifies the intended routing instance as the action.

B. Create a routing policy to direct the traffic to the required forwarding instances.

C. Configure the ingress and egress interfaces in each forwarding instance.

D. Create a static default route for each ISP in inet.0, each pointing to a different forwarding instance.

Answer: A

Explanation:

Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223


Q64. You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules.

Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)

A. Use stateless firewall filtering to block the unwanted traffic.

B. Implement AppQoS to drop the unwanted traffic.

C. Implement screen options to block the unwanted traffic.

D. Implement IPS to drop the unwanted traffic.

E. Use security policies to block the unwanted traffic.

Answer: A,C,E

Explanation:

IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles.

Reference :http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools-for-junos/


Q65. Click the Exhibit button.

-- Exhibit --

user@srx240< show route summary Router ID.

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active

StatiC.1 routes, 1 active

customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active StatiC.1 routes, 1 active

customer-B.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

Direct: 1 routes, 1 active

Local: 1 routes, 1 active OSPF.1 routes, 1 active StatiC.1 routes, 1 active

customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

Direct: 2 routes, 2 active

Local: 2 routes, 2 active StatiC.1 routes, 1 active

-- Exhibit --

In the output, how many user-configured routing instances have active routes?

A. 1

B. 2

C. 3

D. 4

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/command-summary/show-route-summary.html#jd0e185


Up to date JN0-633 exam answers:

Q66. You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices.Regarding this scenario, which statement is correct?

A. The NHTB table must be statically defined.

B. The NHTB table is automatically created during Phase 2.

C. The NHTB table is automatically created during Phase 1.

D. The NHTB table must be imported from each spoke.

Answer: A

Explanation: Referencehttp://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke- nhtb-example-configuring.html


Q67. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit.

What are three configuration requirements? (Choose three.)

A. Disable SYN checking.

B. Enable IPv6 flow mode.

C. Configure proxy ARP.

D. Configure stateless filtering.

E. Configure proxy NDP.

Answer: B,C,E

Explanation: Reference:http://forums.juniper.net/jnet/attachments/jnet/srx/16228/1/NAT64-Overview.pdf


Q68. Which configurable SRX Series device feature allows you to capture transit traffic?

A. syslog

B. traceoptions

C. packet-capture

D. archival

Answer: B


Q69. You are using logical systems to segregate customers. You have a requirement to enable communication between the logical systems.What are two ways to accomplish this goal? (Choose two.)

A. Use a shared DMZ zone to connect the logical systems together.

B. Use a virtual tunnel (vt-) interface to connect the logical systems together.

C. Use an external cable to connect the ports from the two logical systems.

D. Use an interconnect LSYS to connect the logical systems together.

Answer: C,D

Explanation:

Reference :http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/logical-systems-config/index.html?topic-53861.html


Q70. Click the Exhibit button.

[edit security idp-policy test] user@host# show

rulebase-ips { rule R3 { match {

source-address any; destination-address any; attacks {

predefined-attacks FTP:USER:ROOT;

}

}

then { action {

recommended;

}

}

terminal;

}

rule R4 { match {

source-address any; destination-address any; attacks {

predefined-attacks HTTP:HOTMAIL:FILE-UPLOAD;

}

}

then { action {

recommended;

}

}

}

}

You have just committed the new IDP policy shown in the exhibit. However, you notice no action is taken on traffic matching the R4 IDP rule.

Which two actions will resolve the problem? (Choose two.)

A. Change the R4 rule to match on a predefined attack group.

B. Insert the R4 rule above the R3 rule.

C. Delete theterminalstatement from the R3 rule.

D. Change the IPS rulebase to an exempt rulebase.

Answer: C