JN0-633 Exam Questions

Click the Exhibit button. [edit] user@host# run show log debug Feb3 22:04:31 22:04:31.824294:CID-0:RT:flow_first_policy_search: policy search from zone host-> zone attacker (Ox0,0x...

You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network. Which two statements are...

Click the Exhibit button. [edit] user@host# show interfaces ge-0/0/1 { unit 0 { family bridge { interface-mode access; vlan-id 20; } } } ge-0/0/10 { unit 0 { family bridge { interf...

In the IPS packet processing flow on an SRX Series device, when does application identification occur?

Click the Exhibit button. user@host> show security flow session extensive Session ID: 1173, Status: Normal Flag: Ox0 Policy name: two/6 Source NAT pool: interface, Application: jun...

What are three techniques to mark DSCP values on an SRX Series device? (Choose three.)

Which two statements are true about an interconnect logical system on an SRX Series device? (Choose two.)

Which feature is used for layer 2 bridging on an SRX Series device?

Click the Exhibit button. Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can only communicate with IPv4. Which feature would you use to perm...

You are asked to secure your company's Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ. Which two actions are req...

What are two configurable routing instance types? (Choose two.)

Which two configuration statements are used to share interface routes between routing instances? (Choose two.)

How does the SRX5800, in transparent mode, signal failover to the connected switches?

An SRX Series device is configured for inline tap mode. What will occur if Drop Packet is selected?

Click the Exhibit button. [edit security application-firewall] user@host# show rule-sets web { rule one { match { dynamic-application junos:HTTP; } then { permit; } } default-rule...

When configuring AutoVPN, which two actions are required for an administrator to establish communication from the hub site to the spoke sites? (Choose two.)

Where does the AppSecure suite of functions occur in the security flow process on an SRX Series device?

Click the Exhibit button. [edit security idp-policy test] user@host# show rulebase-ips { rule R3 { match { source-address any; destination-address any; attacks { predefined-attacks...

Click the Exhibit button. [edit] useu@host# run show log debug Feb3 22:04:32 22:04:31.983991:CID-0:RT:ge-0/0/1.0:5.0.0.25/59028- >25.0.0.25/23, tcp, flag 18 Feb3 22:04:32 22:04:31....

Click the Exhibit button. user@host> show log message Feb4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast> Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA E...

Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over SSH?

You want to query User Group membership directly using the integrated user firewall services from an Active Directory controller to an SRX Series device. Which two actions are requ...

Your management has a specific set of Web-based applications that certain employees are allowed to use. Which two SRX Series device features would be used to accomplish this task?...

Click the Exhibit button. Traffic is flowing between the Host-1 and Host-2 devices through a hub- and-spoke IPsec VPN. All devices are SRX Series devices. Referring to the exhibit,...

Click the Exhibit button. user@host> show security ike security-associations Index State Initiator cookie Responder cookie ModeRemote Address 3271043 UP7f42284089404673 95fd8408940...

Which statement is true regarding destination NAT?

Click the Exhibit button. {primarynode0}[edit security idp idp-policy test-ips-policy] user@host# show rulebase-ips { rule r1 { match { source-address any; attacks { predefined-att...

Which AppSecure module provides Quality of Service?

Click the Exhibit button. root@host# show system login user user { uid 2000; class operator; authentication { encrypted-password "$1$4s7ePrk5$9S.MZTwmXTV7sovJZFFsw1"; ## SECRET-DAT...

Click the Exhibit button. user@host# show interfaces ge-0/0/0 { unit 1 { family bridge { interface-mode trunk; vlan-id-list 20; vlan-rewrite { translate 2 20; } } } } Referring to...

Click the Exhibit button. Feb 2 09:00:02 09:00:00.1872004:CID- 0:RT:<1.1.1.100/51303->1.1.1.30/3389;6> matched filter MatchTraffic: Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:packet...

A branch SRX Series device in flow mode is forwarding between two virtual routers using a paired set of logical tunnel interfaces. You have a server connected to one virtual router...

Which two statements are true about persistent NAT? (Choose two.)

You are asked to ensure traffic from your executive staff does not use the same ISP connection as your other traffic. Which three actions are required to accomplish this task? (Cho...

You are asked to allow access to an external application for an internal host subject to address translation. The application requires multiple sessions initiated from the internal...

Click the Exhibit button.Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192....

Click the Exhibit button. user@host> show interfaces routing-instance all ge* terse InterfaceAdmin Link Proto LocalInstance ge-0/0/0.0 up up inet 172.16.12.205/24 default ge-0/0/1....

Click the Exhibit button. [edit security] user@host# show policies global { policy new-policy { match { source-address any; destination-address any; application junos-https; } then...

The IPsec VPN on your SRX Series device establishes both the Phase 1 and Phase 2 security associations. Users are able to pass traffic through the VPN. During peak VPN usage times,...

You have initiated the download of the IPS signature database on your SRX Series device. Which command would you use to confirm the download has completed?

You are asked to implement a Dynamic IPsec VPN on your new SRX240. You are required to facilitate up to 5 simultaneous users. Which two statements must be considered when accomplis...

Click the Exhibit button. user @host> show bgp summary logical-system LSYS1 Groups : 11 Peers : 10 Down peers: 1 Table Tot. Paths Act Paths Suppressed History Damp State Pending in...

Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature. Which command would you use to accomplish this task?

Click the Exhibit button. user@key-server> show security group-vpn server ike security- associations Index State Initiator cookie Responder cookie Mode Remote Address 97 UP bb22440...

You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption. Upon e...

You are asked to ensure that your IPS engine blocks attacks. You must ensure that your system continues to drop additional malicious traffic without additional IPS processing for u...

You are asked to implement the AppFW feature on an SRX Series device. Which three tasks must be performed to make the feature work? (Choose three.)

You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode. What must be considered when accomplishing this task?

What is a secure key management protocol used by IPsec?

You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800. Which two methods of forwardi...