JN0-633 Exam Questions

What is a benefit of using a group VPN?

Which statement is true about Layer 2 zones when implementing transparent mode security?

What are two AppSecure modules? (Choose two.)

You are working as a security administrator and must configure a solution to protect against distributed botnet attacks on your company's central SRX cluster. How would you accompl...

You are asked to change the configuration of your company's SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remai...

You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context...

Your company's network has seen an increase in Facebook-related traffic. You have been asked to restrict the amount of Facebook-related traffic to less than 100 Mbps regardless of...

You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified. Which two acti...

You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device...

Referring to the following output, which command would you enter in the CLI to produce this result? Pic2/1 Ruleset Application Client-to-server Rate(bps) Server-to-client Rate(bps)...

Which two configuration tasks should you use to implement filter-based forwarding? (Choose two.)

Your corporate network consists of a central office and four branch offices. You are responsible for coming up with an effective solution to provide secure connectivity between the...

In a group VPN topology, you have three members A, B, and C. You want A lo communicate with B using a different encryption key from the one it uses to communicate with C. How do yo...

What is the primary function of Junos Intrusion Prevention System (IPS)?

Your company plans to increase the security level for VPNs in its network by using certificates instead of preshared keys The company wants to introduce its own centrally administe...

You want to allow users from routing-instance Juniper1 to route to the destination 2.2.2.2, reached through routing-instance Juniper2 without sharing all the routes between the two...

You configured all the required parameters to allow IPv6 address book entries. You successfully committed the configuration. You noticed that IPv4 traffic is still working as expec...

Given the session shown below: Which statement is true?

What are two implementations of NAT? (Choose two.)

After implementing a chassis cluster for active/active clustering, you have identified a congestion issue with traffic traversing the data link between the two nodes. Which solutio...

In which order are the stages of an attack?

Which three scans can an attacker use to probe your network for open TCP ports? (Choose three.)

Click the Exhibit button. Which statement is true regarding the session displayed in the exhibit?

Click the Exhibit button. In the exhibit, which two commands should you use to ping 10.1.1.100 from me SRX Series device's command line? (Choose two)

Click the Exhibit button. The NHTB configuration excerpt shown in the exhibit is applied on an SRX Series device that is a hub in a hub-and-spoke VPN. Which statement is true about...

Your company has VPNs that connect to other companies. The company wants to use certificates with a recognized third-patty certificate authority. Which two steps are required to us...

Your company wants to deploy IPv6. The deployment on core routers has been completed. You now must enable your firewalls with the new protocol, but you must configure the SRX Serie...

You have a VoIP application that requires external sessions to be initiated into your environment. The internal host has not sent an initial packet to the external host's reflexive...

You recently added NAT in your environment and now users are complaining about not being able to access the Internet. Which two parameters would you configure to verify that NAT is...

Click the Exhibit button. Referring to the exhibit, which parameter can be applied under the destination-address hierarchy?

Which statement accurately describes an idle scan?

You must protect your network against Layer 4 scans. Which two actions help you achieve this objective? (Choose two)

Your company is in the process of deploying a VPN network 10 connects its sites Traffic will predominantly access resources at the central site. However, on occasion, traffic must...

You want to implement an IPS rule base action in which matching traffic is dropped. Which configuration parameter meets this requirement?

Which two protocols are supported by Application Layer Gateways (ALGs) on SRX Series devices? (Choose two.)

You are troubleshooting a problem with a chassis cluster, and you issue the show log jsrpd command. What information would be helpful in the generated output? (Choose two)

You have a problem with an FTP session that will not establish through your SRX240 device. You confirmed that routing and security policies are correct. You want to capture packets...

You have been asked to add a dynamic VPN to your SRX650. This dynamic VPN must be able to support five users at the same time. What are two primary requirements? (Choose two.)

You have been asked to configure a signature to block an attack released by a security vulnerability reporting agency. Which two characteristics of the attack must you understand t...

In a group VPN the members rekey with the server using the Unicast PUSH method. This rekey mechanism is protected by which secure channel?

Company A and Company B are using the same IP address space. You are using static NAT to provide dual translation between the two networks. Which two additional requirements are ne...

You are asked to configure an IPsec tunnel to securely connect from the headquarters office to a remote office. You are required to use ESP and to disable NAT traversal between off...

You initiated the installation of the attack database. The system indicates that it will run asynchronously and returns you to a command prompt in the CLI. You want to know if the...

How many components can a compound attack object contain?

Click the Exhibit button. [edit security nat static rule-set 12] user@SRX2# show from zone untrust; rule 1 { match { destination-address 192.168.1.1/32; } then { static-nat { prefi...

You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be working properly. What are two reasons for the problem? (Choose two.)

Click the Exhibit button. user@host> show services application-identification application-system- -cache Application System Cache Configurations: Application-cache: off nested-appl...

Click the Exhibit button. user@host# run show security flow session ... Session ID: 28, Policy name: allow/5, Timeout: 2, Valid In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp,...

Click the Exhibit button. user@host> monitor traffic interface ge-0/0/3 verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is ON. Us...

Which configuration statement would allow the SRX Series device to match a signature only on the first match, and not subsequent signature matches in a connection?