JN0_633 questions • Exam prepare

Exam contains 178 questions

Page 21 of 30

Question 121 🔥

You are asked to implement the AppFW feature on an SRX Series device.Which three tasks must be performed to make the feature work? (Choose three.)

Which database solution meets these requirements?

A. Configure a firewall filter that includes the application-firewall policy.

B. Install an IPS license.

C. Install an AppSecure license.

D. Configure a security policy that includes the application-firewall policy.

E. Configure an application-firewall policy.

Discussion of the question

Question 122 🔥

Click the Exhibit button.{primarynode0}[edit security idp idp-policy test-ips-policy]user@host# showrulebase-ips {rule r1 {match {source-address any;attacks {predefined-attack-groups "HTTP - All";}}then {action {drop-packet;}}terminal;}rule r2 {match {source-address 172.16.0.0/12;attacks {predefined-attack-groups "FTP - All";}then {action {no-action;}}}rule r3 {match {source-address 172.16.0.0/12;attacks {predefined-attack-groups "TELNET - All";}}then {action {no-action;}}}rule r4 {match {source-address any;attacks {predefined-attack-groups "FTP - All";}}then {action {drop-packet;}}}}A user with IP address 172.301.100 initiates an FTP session to a host with IP address 10.100.1.50 through an SRX Series device and is subject to the IPS policy shown in the exhibit. cd ~root command, which statement is correct?If the user tries to execute the

Which database solution meets these requirements?

A. The FTP command will be denied with the offending packet dropped and the session will be closed by the SRX device.

B. The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be inspected by the IPS policy.

C. The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS policy.

D. The FTP command will be allowed to execute but any other attacks executed during the session will be inspected.

Discussion of the question

Question 123 🔥

You are asked to establish a hub-and-spoke IPsec VPN using your SRX Series device as the hub. All of your spoke devices are third-party devices.Which statement is correct?

Which database solution meets these requirements?

A. You must create a policy-based VPN on the hub device when peering with third-party devices.

B. You must always peer using loopback addresses when using non-Junos devices as your spokes.

C. You must statically configure the next-hop tunnel binding table entries for each of the third- party spoke devices.

D. You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.

Discussion of the question

Question 124 🔥

Click the Exhibit button.user@host# run show security flow session...Session ID: 28, Policy name: allow/5, Timeout: 2, ValidIn: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.Referring to the exhibit, what is causing this problem?

Which database solution meets these requirements?

A. The traffic is originated with incorrect IP address from the customer.

B. The traffic is translated with the incorrect IP address for the HTTP server.

C. The traffic is translated with the incorrect port number for the HTTP server.

D. The traffic is originated with the incorrect port number from the customer.

Discussion of the question

Question 125 🔥

Click the Exhibit button.[edit] user@host# run show log debugFeb 3 22:04:31 22:04:31.824294:CID-0:RT:flow_first_policy_search: policy search from zone host-> zone attacker (Ox0,0xe4089404,0x17)Feb 3 22:04:31 22:04:31.824297:CID-0:RT:Policy lkup: vsys 0 zone(9:host) -> zone(10:attacker) scope: 0Feb 3 22:04:31 22:04:31.824770:CID-0:RT: 5.0.0.25/59028 -> 25.0.0.25/23 proto 6Feb 3 22:04:31 22:04:31.824778:CID-0:RT:Policy lkup: vsys 0 zone(5:Umkmowm) -> zone(5:Umkmowm) scope: 0Feb 3 22:04:31 22:04:31.824780:CID-0:RT: 5.0.0.25/59028 -> 25.0.0.25/23 proto 6Feb 3 22:04:31 22:04:31.824783:CID-0:RT: app 10, timeout 1800s, curr ageout 20sFeb 3 22:04:31 22:04:31.824785:CID-0:RT: permitted by policy default-policy-00(2)Feb 3 22:04:31 22:04:31.824787:CID-0:RT: packet passed, Permitted by policy.Feb 3 22:04:31 22:04:31.824790:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed; FalseFeb 3 22:04:31 22:04:31.824834:CID-0:RT:flow_first_src_xlate: incoming src port is: 38118Which two statements are true regarding the output shown in the exhibit? (Choose two.)

Which database solution meets these requirements?

A. The packet does not match any user-configured security policies.

B. The user has configured a security policy to allow the packet.

C. The log is showing the first path packet flow.

D. The log shows the reverse flow of the session.

Discussion of the question

Question 126 🔥

Which two statements are true about an interconnect logical system on an SRX Series device? (Choose two.)

Which database solution meets these requirements?

A. VXLAN is used to switch inter-LSYS-traffic.

B. The root and user LSYSs connect to the interconnect LSYS using vt interfaces.

C. VPLS is used to switch inter-LSYS traffic.

D. The root and user LSYSs connect to the interconnect LSYS using lt interfaces.

Discussion of the question

Ready to Pass Your Certification Test

juniper JN0_633

Exam contains 178 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us