Top Renewal JN0-633 question Reviews!

2021 Apr JN0-633 dumps

Q1. When configuring AutoVPN, which two actions are required for an administrator to establish communication from the hub site to the spoke sites? (Choose two.)

A. Configure the next hop tunnel binding (NHTB).

B. Configure static routes from the hub to the spoke.

C. Configure a dynamic routing protocol such as BGP, OSPF, or RIP on the tunnel interfaces.

D. Create a multipoint secure tunnel interface on the hub device.

Answer: C,D

Q2. Click the Exhibit button.

user@host# show interfaces ge-0/0/0 {

unit 1 {

family bridge { interface-mode trunk; vlan-id-list 20;

vlan-rewrite { translate 2 20;

}

}

}

}

Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)

A. An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.

B. An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.

C. An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.

D. An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.

Answer: C

Q3. You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500.

How would you resolve this problem?

A. Enable NAT-T.

B. Disable NAT-T.

C. Disable PAT.

D. Enable PAT.

Answer: B

Explanation:

NAT-T also uses UDP por4t 500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue.

Reference : https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F%2Fchimera.labs.oreilly.com%2Fbooks%2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNgssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk

Q4. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose.

Which configuration will accomplish this task?

A. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.

B. Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.

C. Using source NAT, translate traffic from Site1's addresses to 172.16.1.0/24, and translate traffic from Site2's addresses to 172.16.2.0/24.

D. Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.

Answer: D

Explanation:

To examine bidirectional communication you need multiple packet filters, one for each direction.

Reference

http://my.safaribooksonline.com/book/networking/junos/9781449381721/security-policy/troubleshooting_security_policy_and_traf

Q5. Click the Exhibit button.

-- Exhibit --

user@srx> show security flow session

Session ID.7724, Policy namE.default-permit/4, Timeout: 2 In: 1.1.70.6/17 --> 100.0.0.1/2326;icmp, IF.ge-0/0/3

Out: 10.1.10.5/2326 --> 1.1.70.6/17;icmp, IF.ge-0/0/2

Session ID.18408, Policy namE.default-permit/4, Timeout: 2 In: 10.1.10.5/64513 --> 1.1.70.6/512;icmp, IF.ge-0/0/2.0 Out: 1.1.70.6/512 --> 100.0.0.1/64513;icmp, IF.ge-0/0/3.10

-- Exhibit --

A user has reported a traffic drop issue between a host with the 10.1.10.5 internal IP address and a host with the 1.1.70.6 IP address. The traffic transits an SRX240 acting as a NAT translator. You are investigating the issue on the SRX240 using the output shown in the exhibit.

Regarding this scenario, which two statements are true? (Choose two.)

A. The sessions shown indicate interface-based NAT processing.

B. The sessions shown indicate static NAT processing.

C. ICMP traffic is passing in both directions.

D. ICMP traffic is passing in one direction.

Answer: B,C

Q6. You are working as a security administrator and must configure a solution to protect against distributed botnet attacks on your company's central SRX cluster.

How would you accomplish this goal?

A. Configure AppTrack to inspect and drop traffic from the malicious hosts.

B. Configure AppQoS to block the malicious hosts.

C. Configure AppDoS to rate limit connections from the malicious hosts.

D. Configure AppID with a custom application to block traffic from the malicious hosts.

Answer: C

Explanation:

Reference :Page No 2 Figure 1 http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

Q7. Which two configuration statements are used to share interface routes between routing instances? (Choose two.)

A. export-rib

B. static rib-group

C. interface-routes rib-group

D. import-rib

Answer: C,D

Q8. Click the Exhibit button.

[edit security application-firewall] user@host# show

rule-sets web { rule one { match {

dynamic-application junos:HTTP;

}

then { permit;

}

}

default-rule { reject;

}

}

What will happen to non-HTTP traffic that matches the application-firewall policy shown in the exhibit?

A. It will be denied because this is a blacklist policy.

B. It will be dropped and an error will be sent to the source.

C. It will be silently dropped.

D. It will be allowed because this is a whitelist policy.

Answer: C

Q9. What is a secure key management protocol used by IPsec?

A. AH

B. ESP

C. TCP

D. IKE

Answer: D

Q10. Click the Exhibit button.

-- Exhibit -- [edit security]

user@srx# show idp

…

application-ddos Webserver { service http;

connection-rate-threshold 1000; context http-get-url {

hit-rate-threshold 60000;

value-hit-rate-threshold 30000;

time-binding-count 10;

time-binding-period 25;

}

}

-- Exhibit --

You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.

What are two reasons for this behavior? (Choose two.)

A. The approved traffic results in 50,000 HTTP GET requests per minute.

B. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.

C. The active IDP policy has not been defined in the security configuration.

D. The IDP action is still in effect due to the timeout configuration.

Answer: A,D

Explanation: Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against