Proper study guides for Refresh Juniper Security, Professional (JNCIP-SEC) certified begins with Juniper JN0-633 preparation products which designed to deliver the Validated JN0-633 questions by making you pass the JN0-633 test at your first time. Try the free JN0-633 demo right now.

2021 Oct JN0-633 test

Q61. Which statement is true regarding dual-stack lite?

A. The softwire is an IPv4 tunnel over an IPv6 network.

B. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.

C. The softwire concentrator (SC) decapsulates softwire packets.

D. SRX devices support the softwire concentrator and softwire initiator functionality.

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos/topics/concept/ipv6-ds-lite- overview.html


Q62. You are asked to ensure traffic from your executive staff does not use the same ISP connection as your other traffic.

Which three actions are required to accomplish this task? (Choose three)

A. Create a firewall filter to match this traffic and send this traffic to the routing instance.

B. Create a routing instance and define the type asno-forwarding.

C. Assign the outgoing interface to theno-forwardinginstance.

D. Create a routing instance and define the type asforwarding.

E. Create a RIB group to share routes between the main instance and the routing instance.

Answer: A,D,E


Q63. Click the Exhibit button.

Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can only communicate with IPv4.

Which feature would you use to permit communication between Host-1 and Host-2?

A. 6rd

B. DS-Lite

C. NAT46

D. NAT444

Answer: B


Q64. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP.

Why did the session close?

A. The application identification engine was unable to determine which application was in use, which caused the SRX device to close the session.

B. The host with the IP address of 192.168.1.123 received a TCP segment with the FIN flag set from the host with the IP address of 65.197.244.218.

C. The SRX device was unable to determine the user and role in the allotted time, which caused the session to close.

D. The host with the IP address of 192.168.1.123 sent a TCP segment with the FIN flag set to the host with the IP address of 65.197.244.218.

Answer:

Explanation: 

Reference:http://netscreen.com/techpubs/software/junos/junos92/syslog- messages/download/rt.pdf


Q65. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?

A. source NAT

B. static NAT

C. filter-based forwarding

D. source-based routing

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical-systems-filter-based-forwarding.html


Abreast of the times JN0-633 practice exam:

Q66. Click the Exhibit button.

-- Exhibit -- security { nat { destination {

pool Web-Server { address 10.0.1.5/32;

}

rule-set From-Internet { from zone Untrust;

rule To-Web-Server { match {

source-address 0.0.0.0/0; destination-address 172.16.1.7/32;

}

then {

destination-nat pool Web-Server;

}

}

}

}

}

zones {

security-zone Untrust { address-book {

address Web-Server-External 172.16.1.7/32; address Web-Server-Internal 10.0.1.5/32;

}

interfaces { ge-0/0/0.0;

}

}

security-zone DMZ { address-book {

address Web-Server-External 172.16.1.7/32; address Web-Server-Internal 10.0.1.5/32;

}

interfaces { ge-0/0/1.0;

}

}

}

}

-- Exhibit --

You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address 192.168.1.1.

How do you accomplish this goal?

A. Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].

B. Change the address Web-Server-Ext objects to be address-set objects that include both addresses.

C. Change the destination address under [edit security nat destination rule-set From- Internet rule To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.

D. Create a new rule for the new address in the [edit security nat destination rule-set From- Internet] hierarchy.

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security- source-and-destination-nat-translation-configuring.html


Q67. Click the Exhibit button.

-- Exhibit -- [edit security]

user@srx# show idp

application-ddos Webserver { service http;

connection-rate-threshold 1000; context http-get-url {

hit-rate-threshold 60000;

value-hit-rate-threshold 30000;

time-binding-count 10;

time-binding-period 25;

}

}

-- Exhibit --

You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.

What are two reasons for this behavior? (Choose two.)

A. The approved traffic results in 50,000 HTTP GET requests per minute.

B. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.

C. The active IDP policy has not been defined in the security configuration.

D. The IDP action is still in effect due to the timeout configuration.

Answer: A,D

Explanation: Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-protection-overview.html

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against


Q68. Click the Exhibit button.

user@host# run show security flow session

Session ID: 28, Policy name: allow/5, Timeout: 2, Valid

In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40

Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.

Referring to the exhibit, what is causing this problem?

A. The traffic is originated with incorrect IP address from the customer.

B. The traffic is translated with the incorrect IP address for the HTTP server.

C. The traffic is translated with the incorrect port number for the HTTP server.

D. The traffic is originated with the incorrect port number from the customer.

Answer: C


Q69. Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate under a common IT security policy. You have been asked to facilitate communication between these VRs. Which two methods will accomplish this task? (Choose two.)

A. Use instance-import to share the routes between the two VRs.

B. Create logical tunnel interfaces to interconnect the two VRs.

C. Use a physical connection between VR-A and VR-B to interconnect them.

D. Create a static route using the next-table action in both VRs.

Answer: A,D

Explanation:

Logical or physical connections between instances on the same Junos device and route between the connected instances

Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260


Q70. Microsoft has altered the way their Web-based Hotmail application works. You want to update your application firewall policy to correctly identify the altered Hotmail application.

Which two steps must you take to modify the application? (Choose two.)

A. user@srx> request services application-identification application copy junos:HOTMAIL

B. user@srx> request services application-identification application enable junos:HOTMAIL

C. user@srx# edit services custom application-identification my:HOTMAIL

D. user@srx# edit services application-identification my:HOTMAIL

Answer: A,D 

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/request-services-application-identification-application.html