JN0-633 Exam Questions

You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?

You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no o...

You are asked to establish a baseline for your company's network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device...

Microsoft has altered the way their Web-based Hotmail application works. You want to update your application firewall policy to correctly identify the altered Hotmail application....

Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate...

You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique logical systems (LSYSs) on the same SRX5800. How would you accomplish this...

You are responding to a proposal request from an enterprise with multiple branch offices. All branch offices connect to a single SRX device at a centralized location. The request r...

Your company provides managed services for two customers. Each customer has been segregated within its own routing instance on your SRX device. Customer A and customer B inform you...

You are using logical systems to segregate customers. You have a requirement to enable communication between the logical systems. What are two ways to accomplish this goal? (Choose...

Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able...

Your company has added a connection to a new ISP and you have been asked to send specific traffic to the new ISP. You have decided to implement filter-based forwarding. You have co...

You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your custome...

You are asked to merge the corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX devi...

You want requests from the same internal transport address to be mapped to the same external transport address. Only internal hosts can initialize the session. Which Junos configur...

Which statement is true regarding dual-stack lite?

Which two statements are true regarding DNS doctoring? (Choose two.)

In which situation is NAT proxy NDP required?

Which statement is true about NAT?

You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able t...

Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

You want to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, without the internal resource having previ...

Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts...

You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only b...

You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in se...

You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 450...

Given the following session output: Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/...

You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices. Which two statements about t...

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office consists of a pair of SRX650s...

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed f...

You are asked to implement IPsec tunnels between your SRX devices located at various locations. You will use the public key infrastructure (PKI) to verify the identification of the...

Which statement is true regarding the dynamic VPN feature for Junos devices?

You are asked to design a solution to verify IPsec peer reachability with data path forwarding. Which feature would meet the design requirements?

What are three advantages of group VPNs? (Choose three.)

You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote user. Regarding this scenario, which three statements are correct? (Choose three.)

You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submis...

You have a group IPsec VPN established with a single key server and five client devices. Regarding this scenario, which statement is correct?

You are asked to implement an IPsec VPN between your main office and a new remote office. The remote office receives its IKE gateway address from their ISP dynamically. Regarding t...

You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different ve...

You have recently deployed a dynamic VPN. Some remote users are complaining that they cannot authenticate through the SRX device at the corporate network. The SRX device serves as...

You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. Th...

Your company is using a dynamic VPN configuration on their SRX device. Your manager asks you to enforce password expiration policies for all VPN users. Which authentication method...

You are asked to implement a monitoring feature that periodically verifies that the data plane is working across your IPsec VPN. Which configuration will accomplish this task?

You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub. Which st0 interface configuration is correct for the hub device?

You have an existing group VPN established in your internal network using the group-id 1. You have been asked to configure a second group using the group-id 2. You must ensure that...

What are the three types of attack objects used in an IPS engine? (Choose three.)

At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

Which three match condition objects are required when creating IPS rules? (Choose three.)

Which problem is introduced by setting the terminal parameter on an IPS rule?

You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the da...

You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack. Which two additional elements do you need...