JN0-633 Exam Questions

An external host is attacking your network. The host sends an HTTP request to a Web server, but does not include the version of HTTP in the request. Which type of attack is being p...

You configured a custom signature attack object to match specific components of an attack: HTTP-request Pattern .*\x90 90 90 ... 90 Direction: client-to-server Which client traffic...

You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security poli...

Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)

You want to configure in-band management of an SRX device in transparent mode. Which command is required to enable this functionality?

For an SRX chassis cluster in transparent mode, which action occurs to signal a high availability failover to neighboring switches?

What is the default action for an SRX device in transparent mode to determine the outgoing interface for an unknown destination MAC address?

Which QoS function is supported in transparent mode?

You are asked to configure class of service (CoS) on an SRX device running in transparent mode. Which command would you use?

A security administrator has configured an IPsec tunnel between two SRX devices. The devices are configured with OSPF on the st0 interface and an external interface destined to the...

You are asked to troubleshoot ongoing problems with IPsec tunnels and security policy processing. Your network consists of SRX240s and SRX5600s. Regarding this scenario, which two...

You are troubleshooting an IPsec session and see the following IPsec security associations: ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys < 192.168.224.1 500 ESP:aes-256/sha1...

HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets locally on the SRX240. Which configuration would you use to enable this capture?

You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network. Which three tools would you use to troubleshoot...

Somebody has inadvertently configured several security policies with application firewall rule sets on an SRX device. These security policies are now dropping traffic that should b...

[edit security] user@srx# show idp ... application-ddos Webserver { service http; connection-rate-threshold 1000; context http-get-url { hit-rate-threshold 60000; value-hit-rate-th...

Click the Exhibit button.You have been asked to block YouTube video streaming for internal users. You have implemented the configuration shown in the exhibit, however users are sti...

Click the Exhibit button. Referring to the exhibit, AppTrack is only logging the session closure messages for sessions that last 1 to 3 minutes. What is causing this behavior?

Click the Exhibit button. Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP. Why did the session close?

Click the Exhibit button. Referring to the exhibit, the application firewall configuration fails to commit. What must you do to allow the configuration to commit?

Click the Exhibit button. TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from...

Click the Exhibit button. In the output, how many user-configured routing instances have active routes?

Click the Exhibit button. In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all...

Click the Exhibit button. Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?

Click the Exhibit button. In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all...

Click the Exhibit button. Referring to the exhibit, you notice that filter-based forwarding is not working. What is the reason for this behavior?

Click the Exhibit button. As shown in the exhibit, Host A's configured DNS server and the Web server hosting the reachability between Host A and the Web server hosting the Web page...

Click the Exhibit button. You are asked to implement NAT to translate addresses between the IPv4 and IPv6 networks shown in the exhibit. What are three configuration requirements?...

Click the Exhibit button. Referring to the topology shown in the exhibit, which two configuration tasks will allow Host A to telnet to the public IP address associated with Server...

Click the Exhibit button. You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.1...

Click the Exhibit button. Based on the output shown in the exhibit, what are two results? (Choose two.)

Click the Exhibit button. security { nat { destination { pool Web-Server { address 10.0.1.5/32; } rule-set From-Internet { from zone Untrust; rule To-Web-Server { match { source-ad...

Click the Exhibit button. According to the log shown in the exhibit, you notice that the IPsec session is not establishing. What are two reasons for this behavior? (Choose two.)

Click the Exhibit button. An attacker is using a nonstandard port for HTTP for reconnaissance into your network. Referring to the exhibit, which two statements are true? (Choose tw...

Click the Exhibit button. You have configured an IDP policy as shown in the exhibit. The configuration commits successfully. Which traffic will be examined for attacks?

Click the Exhibit button. [edit security] user@srx# show idp { idp-policy NewPolicy { rulebase-exempt { rule 1 { description AllowExternalRule; match { source-address any; destinat...

[edit security idp] user@srx# show security-package { url https://services.netscreen.com/cgi-bin/index.cgi; automatic { start-time "2012-12-11.01:00:00 +0000"; interval 120; enable...

[edit security idp] user@srx# show | no-more idp-policy basic { rulebase-ips { rule 1 { match { from-zone untrust; source-address any; to-zone trust; destination-address any; appli...

Click the Exhibit button. You receive complaints from users that their Web browsing sessions keep dropping prematurely. Upon investigation, you find that the IDP policy shown in th...

Click the Exhibit button. In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other. What is causing this b...

Click the Exhibit button. Referring to the exhibit, a pair of SRX3600s is in an active/passive chassis cluster configured for transparent mode. Which type of traffic would traverse...

user@srx# show security datapath-debug capture-file pkt-cap-file format pcap size 5m; action-profile { pkt-cap-profile { event np-ingress { packet-dump; } } } packet-filter pkt-fil...

Click the Exhibit button. Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent issues with their connection. Referring to the exhibit, what is...

Click the Exhibit button. A host is not able to communicate with a Web server. Based on the logs shown in the exhibit, what is the problem?

user@srx> show security flow session Session ID. 7724, Policy namE. default-permit/4, Timeout: 2 In: 1.1.70.6/17 --> 100.0.0.1/2326;icmp, IF. ge-0/0/3 Out: 10.1.10.5/2326 --> 1.1.7...

Click the Exhibit button. Referring to the exhibit, which two statements are true? (Choose two.)

[edit forwarding-options] user@srx240# show packet-capture { file filename my-packet-capture; maximum-capture-size 1500; } Referring to the exhibit, you are attempting to perform a...

What are two network scanning methods? (Choose two.)

What are two intrusion protection mechanisms available on SRX Series Services Gateways? (Choose two.)

What is a benefit of using a dynamic VPN?