Juniper JN0-633 Free Practice Questions

Q1. Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts to be able to reach the internal resource using the DNS name of the resource.

How do you accomplish this goal?

A. Implement proxy ARP.

B. Implement NAT-Traversal.

C. Implement NAT hairpinning.

D. Implement persistent NAT.

View Answer

Q2. What are three advantages of group VPNs? (Choose three.)

A. Supports any-to-any member connectivity.

B. Provides redundancy with cooperative key servers.

C. Eliminates the need for full mesh VPNs.

D. Supports translating private to public IP addresses.

E. Preserves original IP source and destination addresses.

View Answer

Q3. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other.What is causing this behavior?

A. The interfaces must be in trunk mode.

B. The interfaces need to be configured for Ethernet switching.

C. The default security policy does not apply to transparent mode.

D. A bridge domain has not been defined.

View Answer

Q4. You are asked to ensure that your IPS engine blocks attacks. You must ensure that your system continues to drop additional malicious traffic without additional IPS processing for up to 30 minutes. You must ensure that the SRX Series device does send a notification packet when the traffic is dropped.

Which statement is correct?

A. Use the IP-Block action.

B. Use the Drop Packet action.

C. Use the Drop Connection action.

D. Use the IP-Close action.

View Answer

Q5. You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports.

Which type of persistent NAT is required?

A. any-remote-host

B. target-host

C. target-host-port

D. remote-host

View Answer

Q6. What is a benefit of using a group VPN?

A. It provides a layer of redundancy on top of a point-to-point VPN mesh architecture.

B. It eliminates the need for point-to-point VPN tunnels.

C. It provides a way to grant VPN access on a per-user-group basis.

D. It simplifies IPsec access for remote clients.

View Answer

Q7. Click the Exhibit button.

user@host# show interfaces ge-0/0/0 {

unit 1 {

family bridge { interface-mode trunk; vlan-id-list 20;

vlan-rewrite { translate 2 20;

}

}

}

}

Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)

A. An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.

B. An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.

C. An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.

D. An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.

View Answer

Q8. Your company is providing multi-tenant security services on an SRX5800 cluster. You have been asked to create a new logical system (LSYS) for a customer. The customer must be able to access and manage new resources within their LSYS.

How do you accomplish this goal?

A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.

B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.

C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.

D. Create the new LSYS, then request the required resources from the customer, and create the required resources.

View Answer

Q9. At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

A. When traffic matches the active IDP policy.

B. When traffic first matches an IDP rule with the terminal parameter.

C. When traffic uses the application layer gateway.

D. When traffic is established in the firewall session table.

View Answer

Q10. Click the Exhibit button

[edit security]

user@host# show policies global {

policy new-policy { match {

source-address any; destination-address any; application junos-https;

}

then { permit {

application-services { application-firewall { rule-set appfw;

}

}

}

}

}

}

[edit security]

user@host# show application-firewall rule-sets appfw {

rule 1 { match {

dynamic-application junos:SSL;

}

then { permit;

}

}

rule 2 { match {

dynamic-application junos:HTTP;

}

then { reject;

}

}

default-rule { permit;

}

}

Referring to the exhibit, which two statements are correct? (Choose two.)

A. HTTP traffic is permitted.

B. HTTP traffic is dropped.

C. HTTPS traffic is permitted.

D. HTTPS traffic is dropped.

View Answer

Q11. You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub.Which st0 interface configuration is correct for the hub device?

A. [edit interfaces] user@srx# show st0 {

multipoint unit 0 { family inet {

address 10.10.10.1/24;

}

}

}

B. [edit interfaces] user@srx# show st0 {

unit 0 { family inet {

address 10.10.10.1/24;

}

}

}

C. [edit interfaces] user@srx# show st0 {

unit 0 {

point-to-point; family inet {

address 10.10.10.1/24;

}

}

}

D. [edit interfaces] user@srx# show st0 {

unit 0 { multipoint; family inet {

address 10.10.10.1/24;

}

}

}

View Answer

Q12. When configuring AutoVPN, which two actions are required for an administrator to establish communication from the hub site to the spoke sites? (Choose two.)

A. Configure the next hop tunnel binding (NHTB).

B. Configure static routes from the hub to the spoke.

C. Configure a dynamic routing protocol such as BGP, OSPF, or RIP on the tunnel interfaces.

D. Create a multipoint secure tunnel interface on the hub device.

View Answer

Q13. Your company is using a dynamic VPN configuration on their SRX device. Your manager asks you to enforce password expiration policies for all VPN users.

Which authentication method meets the requirement?

A. local password database

B. TACACS+

C. RADIUS

D. LDAP

View Answer

Q14. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Referring to the exhibit, which two statements are true? (Choose two.)

A. Packets may get fragmented.

B. The tunnel automatically fragments packets based on MTU discovery.

C. The Phase 2 association will never expire.

D. The Phase 2 association will expire without traffic.

View Answer

Q15. Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

A. DNS ALG

B. dns-doctoring stanza

C. name-server

D. static NAT

View Answer