Exambible offers free demo for JN0-633 exam. "Security, Professional (JNCIP-SEC)", also known as JN0-633 exam, is a Juniper Certification. This set of posts, Passing the Juniper JN0-633 exam, will help you answer those questions. The JN0-633 Questions & Answers covers all the knowledge points of the real exam. 100% real Juniper JN0-633 exams and revised by experts!

Q41. You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed from two SRX240s.Which two statements about this deployment are true? (Choose two.)

A. You must remove the SRX240s from the chassis cluster before enabling the dynamic VPNs.

B. The remote clients can run Windows XP, Windows Vista, Windows 7, or OS X operating systems.

C. If more than two dynamic VPN tunnels are required, you must purchase and install a new license.

D. The remote users can be authenticated by the SRX240s or a configured RADIUS server.

Answer: C,D

Explanation:

Reference :http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf


Q42. Click the Exhibit button.

user@host# run show security flow session

Session ID: 28, Policy name: allow/5, Timeout: 2, Valid

In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40

Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.

Referring to the exhibit, what is causing this problem?

A. The traffic is originated with incorrect IP address from the customer.

B. The traffic is translated with the incorrect IP address for the HTTP server.

C. The traffic is translated with the incorrect port number for the HTTP server.

D. The traffic is originated with the incorrect port number from the customer.

Answer: C


Q43. You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security policies and perform other various configurations.Where would you configure a Layer 3 interface to meet this requirement?

A. fxp0.0

B. vlan.1

C. irb.1

D. ge-0/0/0.0

Answer: C

Reference: http://safetynet.trapezenetworks.com/techpubs/en_US/junos12.1/information-products/topic-collections/security/software-all/layer-2/index.html?topic-52755.html


Q44. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A's configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page.

What would cause this behavior on the SRX device in Company B's network?

A. DNS replication is enabled.

B. DNS doctoring is enabled.

C. DNS replication is disabled.

D. DNS doctoring is disabled.

Answer: D

Explanation: Reference:http://www.trapezenetworks.com/techpubs/en_US/junos12.2/topics/concept/dns-alg-nat-doctoring-overview.html


Q45. You have initiated the download of the IPS signature database on your SRX Series device. Which command would you use to confirm the download has completed?

A. request security idp security-package install

B. request security idp security-package download

C. request security idp security-package install status

D. request security idp security-package download status

Answer: D


Q46. For an SRX chassis cluster in transparent mode, which action occurs to signal a high availability failover to neighboring switches?

A. the SRX chassis cluster generates Spanning Tree messages

B. the SRX chassis cluster generates gratuitous ARPs

C. the SRX chassis cluster flaps the former active interfaces

D. the SRX chassis cluster uses IP address monitoring

Answer: C

Reference: http://books.google.co.in/books?id=2HSLsTJIgEQC&pg=PA246&lpg=PA246&dq=the+SRX+chassis+cluster+flaps+the+former+active+interfaces&source=bl&ots=_eDe_vRMyw&sig= x-Px98kZEi4hZvGflcoybABdMRQ&hl=en&sa=X&ei=iMLzUcDSLcfRrQeQw4CYCA&ved=0CEAQ6AEwBA#v=onepage&q=flap&f=false


Q47. You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able to reach the Web server using its DNS name. External users receive an error message from their browser.

Which action would solve this problem?

A. Modify the security policy.

B. Disable Web filtering.

C. Use destination NAT instead of static NAT.

D. Use DNS doctoring.

Answer: D

Explanation:

Reference :http://www.networker.co.in/2013/03/dns-doctoring.html


Q48. Which two statements about AppQoS are true? (Choose two.)

A. AppQoS remarking supersedes interface remarking.

B. AppQoS supports forwarding class assignment.

C. AppQoS supports rate limiting.

D. AppQoS supports bandwidth reservation.

Answer: B,C


Q49. Which feature is used for layer 2 bridging on an SRX Series device?

A. route mode

B. packet mode

C. transparent mode

D. MPLS mode

Answer: C


Q50. Somebody has inadvertently configured several security policies with application firewall rule sets on an SRX device. These security policies are now dropping traffic that should be allowed.You must find and remove the application firewall rule sets that are associated with these policies.Which two commands allow you to view these associations? (Choose two.)

A. show security policies

B. show services application-identification application-system-cache

C. show security application-firewall rule-set all

D. show security policies application-firewall

Answer: A,D 

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/application-firewall-configuring.html