1. Home
  2. Juniper
  3. JN0-633

Security, Professional (JNCIP-SEC)

Exam Details

  • Exam Code
    :JN0-633
  • Exam Name
    :Security, Professional (JNCIP-SEC)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :175 Q&As
  • Last Updated
    :

Juniper Juniper Certifications JN0-633 Questions & Answers

  • Question 61:

    You want to query User Group membership directly using the integrated user firewall services from an Active Directory controller to an SRX Series device.

    Which two actions are required? (Choose two.)

    A. Configure the LDAP base distinguished name.

    B. Connect the SRX Series device and the MAG Series device in an enforcer configuration.

    C. Configure a domain name, the username and password of the domain, and the name and IP address of the domain controller in the domain.

    D. Configure the Access Control Service on the MAG Series device for local user authentication and verify that authentication information is transferred between the devices.

  • Question 62:

    Click the Exhibit button.

    user@host# show interfaces ge-0/0/0 { unit 1 {

    family bridge {

    interface-mode trunk;

    vlan-id-list 20;

    vlan-rewrite {

    translate 2 20; } } } }

    Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)

    A. An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.

    B. An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.

    C. An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.

    D. An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.

  • Question 63:

    You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode.

    What must be considered when accomplishing this task?

    A. Layer 2 interfaces must use the ethernet-switchingprotocol family.

    B. Security policies are not supported when operating in transparent mode.

    C. Screens are not supported in your security zones with transparent mode.

    D. You must reboot your device after configuring transparent mode.

  • Question 64:

    Which two statements are true about persistent NAT? (Choose two.)

    A. The permit target-host-port statement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.

    B. The permit target-host statement allows an external host to initiate a session to an internal host on any port, provided the internal host previously sent a packet to the external host.

    C. Port overloading must be enabled for Interface-based persistent NAT.

    D. Port overloading must be disabled for Interface-based persistent NAT.

  • Question 65:

    Which configuration statement would allow the SRX Series device to match a signature only on the first match, and not subsequent signature matches in a connection?

    A. user@host# set security idp idp-policy test rulebase-ips rule 1 then action recommended

    B. user@host# set security idp idp-policy test rulebase-ips rule 1 then action ignore-connection

    C. user@host# set security idp idp-policy test rulebase-ips rule 1 then action no-action

    D. user@host# set security idp idp-policy test rulebase-ips rule 1 then action drop-connection

  • Question 66:

    -- Exhibit -[edit forwarding-options] user@srx240# show packet-capture {

    file filename my-packet-capture;

    maximum-capture-size 1500; } -- Exhibit -

    Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.

    Which firewall filter must you apply to the necessary interface to collect data for the packet capture?

    A. user@srx240# show filter pkt-capture { term pkt-capture-term {

    from {

    protocol tcp;

    port ssh;

    }

    then packet-mode;

    }

    term allow-all {

    then accept;

    }

    }

    [edit firewall family inet]

    B. user@srx240# show filter pkt-capture { term pkt-capture-term {

    from {

    protocol tcp;

    port ssh;

    }

    then {

    count packet-capture;

    }

    }

    term allow-all {

    then accept;

    }

    }

    [edit firewall family inet]

    C. user@srx240# show filter pkt-capture { term pkt-capture-term {

    from {

    protocol tcp;

    port ssh;

    }

    then {

    routing-instance packet-capture;

    }

    }

    term allow-all {

    then accept;

    }

    }

    [edit firewall family inet]

    D. user@srx240# show

    filter pkt-capture {

    term pkt-capture-term {

    from {

    protocol tcp;

    port ssh;

    }

    then {

    sample;

    accept;

    }

    }

    term allow-all {

    then accept;

    }

    }

    [edit firewall family inet]

  • Question 67:

    Click the Exhibit button.

    A host is not able to communicate with a Web server. Based on the logs shown in the exhibit, what is the problem?

    Exhibit:

    A. A policy is denying the traffic between these two hosts.

    B. A session has not been created for this flow.

    C. A NAT policy is translating the address to a private address.

    D. The session table is running out of resources.

  • Question 68:

    Click the Exhibit button.

    Referring to the exhibit, which two statements are true? (Choose two.)

    Exhibit:

    A. Packets may get fragmented.

    B. The tunnel automatically fragments packets based on MTU discovery.

    C. The Phase 2 association will never expire.

    D. The Phase 2 association will expire without traffic.

  • Question 69:

    -- Exhibit -user@srx> show security flow session Session ID. 7724, Policy namE. default-permit/4, Timeout: 2

    In: 1.1.70.6/17 --> 100.0.0.1/2326;icmp, IF. ge-0/0/3

    Out: 10.1.10.5/2326 --> 1.1.70.6/17;icmp, IF. ge-0/0/2

    Session ID. 18408, Policy namE. default-permit/4, Timeout: 2 In: 10.1.10.5/64513 --> 1.1.70.6/512;icmp, IF. ge-0/0/2.0 Out: 1.1.70.6/512 --> 100.0.0.1/64513;icmp, IF. ge-0/0/3.10

    -- Exhibit -

    A user has reported a traffic drop issue between a host with the 10.1.10.5 internal IP address and a host with the 1.1.70.6 IP address. The traffic transits an SRX240 acting as a NAT translator. You are investigating the issue on the SRX240 using the output shown in the exhibit. Regarding this scenario, which two statements are true? (Choose two.)

    A. The sessions shown indicate interface-based NAT processing.

    B. The sessions shown indicate static NAT processing.

    C. ICMP traffic is passing in both directions.

    D. ICMP traffic is passing in one direction.

  • Question 70:

    Click the Exhibit button.

    Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent issues with their

    connection.

    Referring to the exhibit, what is the problem?

    Exhibit:

    A. The tunnel is down due to a configuration change.

    B. The do-not-fragment bit is copied to the tunnel header.

    C. The MSS option on the SYN packet is set to 1300.

    D. The TCP SYN check option is disabled for tunnel traffic.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-633 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.