Juniper JN0-633 - Juniper Networks Certified Professional Security (JNCIP-SEC) Exam
Page: 1 / 35
Total 175 questions
Question #1 (Topic: )
Click the Exhibit button.
-- Exhibit
[Juniper-JN0-633-1, VPN: to-spoke-2 Gateway: spoke-2, Local:/Juniper-JN0-633-2_2.png]
-- Exhibit --
Referring to the topology shown in the exhibit, which two configuration tasks will allow Host
A to telnet to the public IP address associated with Server B? (Choose two.)
-- Exhibit
[Juniper-JN0-633-1, VPN: to-spoke-2 Gateway: spoke-2, Local:/Juniper-JN0-633-2_2.png]
-- Exhibit --
Referring to the topology shown in the exhibit, which two configuration tasks will allow Host
A to telnet to the public IP address associated with Server B? (Choose two.)
A. Configure transparent mode to bypass the NAT processing of Server B's public IP address.
B. Configure a stateless filter redirecting local traffic destined to Server B's public IP address.
C. Configure a destination NAT rule that matches local traffic destined to Server B's public IP address.
D. Configure a source NAT rule that matches local traffic destined to Server B's public IP address.
Answer: C,D
Question #2 (Topic: )
Your SRX device is performing NAT to provide an internal resource with a public address.
Your DNS server is on the same network segment as the server. You want your internal
hosts to be able to reach the internal resource using the DNS name of the resource.
How do you accomplish this goal?
Your DNS server is on the same network segment as the server. You want your internal
hosts to be able to reach the internal resource using the DNS name of the resource.
How do you accomplish this goal?
A. Implement proxy ARP.
B. Implement NAT-Traversal.
C. Implement NAT hairpinning.
D. Implement persistent NAT.
Answer: A
Question #3 (Topic: )
Which action will allow an administrator to connect in band to an SRX Series device in
transparent mode over SSH?
transparent mode over SSH?
A. Use a VLAN interface.
B. Use the loopback interface.
C. Use a logical interface.
D. Use an irb interface.
Answer: D
Question #4 (Topic: )
You want to create a custom IDP signature for a new HTTP attack on your SRX device.
You have the exact string that identifies the attack. Which two additional elements do you
need to define your custom signature? (Choose two.)
You have the exact string that identifies the attack. Which two additional elements do you
need to define your custom signature? (Choose two.)
A. service context
B. protocol number
C. direction
D. source IP address of the attacker
Answer: A,C
Question #5 (Topic: )
Click the Exhibit button.
-- Exhibit
[Juniper-JN0-633-1, VPN: to-spoke-2 Gateway: spoke-2, Local:/Juniper-JN0-633-4_2.png]
-- Exhibit --
TCP traffic sourced from Host A destined for Host B is being redirected using filter-based
forwarding to use the Red network. However, return traffic from Host B destined for Host A
is using the Blue network and getting dropped by the SRX device.
Which action will resolve the issue?
-- Exhibit
[Juniper-JN0-633-1, VPN: to-spoke-2 Gateway: spoke-2, Local:/Juniper-JN0-633-4_2.png]
-- Exhibit --
TCP traffic sourced from Host A destined for Host B is being redirected using filter-based
forwarding to use the Red network. However, return traffic from Host B destined for Host A
is using the Blue network and getting dropped by the SRX device.
Which action will resolve the issue?
A. Enable asyncronous-routing under the Blue zone.
B. Configure ge-0/0/1 to belong to the Red zone.
C. Disable RPF checking.
D. Disable TCP sequence checking.
Answer: B
