[Free] 2018(Jan) EnsurePass Passguide Juniper JN0-633 Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-633
100% Free Download! 100% Pass Guaranteed!

Security, Professional (JNCIP-SEC)

Question No: 11

Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

  1. DNS ALG

  2. dns-doctoring stanza

  3. name-server

  4. static NAT

Answer: A,D Explanation:

Reference : http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-alg-dns.pdf

Question No: 12

You have recently deployed a dynamic VPN. Some remote users are complaining that they cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this problem? (Choose two.)

  1. The supported number of users has been exceeded for the applied license.

  2. The users are connecting to the portal using Windows Vista.

  3. The SRX device does not have the required user account definitions.

  4. The SRX device does not have the required access profile definitions.

Answer: A,D Explanation:

Reference : https://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic- collections/syslog-messages/index.html?jd0e28566.html http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB16477

Question No: 13

You want to configure in-band management of an SRX device in transparent mode. Which command is required to enable this functionality?

  1. set interfaces irb unit 1 family inet address

  2. set interfaces vlan unit 1 family inet address

  3. set interfaces ge-0/0/0 unit 0 family inet address

  4. set interfaces ge-0/0/0 unit 0 family bridge address

Answer: A

Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB23823

Question No: 14

Click the Exhibit button.

– Exhibit – security { nat { destination {

pool Web-Server { address;


rule-set From-Internet { from zone Untrust;

rule To-Web-Server { match {

source-address; destination-address;


then {

destination-nat pool Web-Server;






zones {

security-zone Untrust { address-book {

address Web-Server-External;

address Web-Server-Internal;


interfaces { ge-0/0/0.0;



security-zone DMZ { address-book {

address Web-Server-External; address Web-Server-Internal;


interfaces { ge-0/0/1.0;





– Exhibit –

You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address

How do you accomplish this goal?

  1. Add address under [edit security nat destination pool Web-Server].

  2. Change the address Web-Server-Ext objects to be address-set objects that include both addresses.

  3. Change the destination address under [edit security nat destination rule-set From- Internet rule To-Web-Server match] to include both and

  4. Create a new rule for the new address in the [edit security nat destination rule-set From- Internet] hierarchy.

Answer: D

Reference: http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security- source-and-destination-nat-translation-configuring.html

Question No: 15

Click the Exhibit button.

– Exhibit –

Ensurepass 2018 PDF and VCE

– Exhibit –

Referring to the exhibit, the application firewall configuration fails to commit.

What must you do to allow the configuration to commit?

  1. Each firewall rule set must only have one rule.

  2. A firewall rule set cannot mix dynamic applications and dynamic application groups.

  3. The action in the rules must be different than the action in the default rule.

  4. The action in the default rule must be set to deny.

Answer: C

Reference: http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/application- firewall-overview.html

Question No: 16

Click the Exhibit button.

root@host# show system login user user {

uid 2000; class operator;

authentication {

encrypted-password quot;$1$4s7ePrk5$9S.MZTwmXTV7sovJZFFsw1quot;; ## SECRET-DATA



An SRX Series device has been configured for multiple certificate-based VPNs. The IPsec security association used for data replication is currently down . The administrator is a contractor and has the permissions on the SPX Series device as shown in the exhibit

Which command set would allow the administrator to troubleshoot the cause for the VPN being down?

  1. set security ipsec traceoptions file ipsec

    set security ipsec traceoptions flag security-associations

  2. set security ike traceoptions file ike

    set security ike traceoptions flag ike

  3. request security pki verify-integrity-status

  4. request security ike debug-enable local lt;ip of the local gatewaygt; remote lt;ip of the remote gateway鈥?/p>

Answer: C

Question No: 17

Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able to access and manage new resources within their LSYS.

How do you accomplish this goal?

  1. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.

  2. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.

  3. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.

  4. Create the new LSYS, then request the required resources from the customer, and create the required resources.

Answer: A Explanation: Reference :

http://www.juniper.net/techpubs/en_US/junos12.1/topics/task/configuration/logical-system- security-user-lsys-overview-configuring.html

Question No: 18

You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices.

Which two statements about the new deployment are true? (Choose two.)

  1. The networks at the various sites must use NAT.

  2. The participating endpoints in the group VPN can belong to a chassis cluster.

  3. The networks at the various sites cannot use NAT.

  4. The participating endpoints in the group VPN cannot be part of a chassis cluster.

Answer: C,D Explanation:

Reference : http://www.thomas- krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deplo yment_Guide_v1.2.pdf

Question No: 19

An external host is attacking your network. The host sends an HTTP request to a Web server, but does not include the version of HTTP in the request.

Which type of attack is being performed?

  1. signature-based attack

  2. application identification

  3. anomaly

  4. fingerprinting

Answer: C Explanation:

Reference; https://services.netscreen.com/restricted/sigupdates/nsm- updates/HTML/HTTP:INVALID:MSNG-HTTP-VER.html

Question No: 20

In the IPS packet processing flow on an SRX Series device, when does application identification occur?

  1. before fragmentation processing

  2. after protocol decoding

  3. before SSL decryption

  4. after attack signature matching

Answer: A

100% Ensurepass Free Download!
Download Free Demo:JN0-633 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-633 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No