[Free] 2017(Jan) EnsurePass Braindumps Juniper JN0-633 Dumps with VCE and PDF 41-50

Ensurepass.com : Ensure you pass the IT Exams
2017 Jan Juniper Official New Released JN0-633
100% Free Download! 100% Pass Guaranteed!

Security, Professional (JNCIP-SEC)

Question No: 41

You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption. Upon enabling the decryption, you notice sessions are not decrypted.

Which action resolves the problem?

  1. Replace the server SSL certificate to use the public address.

  2. Reboot the SRX Series device.

  3. Increase the SSL session-id-cache-timeout value to any value greater than 5000 seconds.

  4. Enable the IDP sensor-configuration detector to detect address translation.

Answer: D

Question No: 42

You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.

Which two actions are required to accomplish this task? (Choose two.)

  1. Load your Web server’s private key in the IDP configuration.

  2. Load your Web server’s public key in the IDP configuration.

  3. Generate a root certificate on the SRX Series device for your Web servers.

  4. Specify the number of sessions in the SSL sensor configuration.

Answer: A,D

Question No: 43

You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. The tunnel is stable and up, and communications with remote devices on

different subnets work without any issues. Which configuration setting would resolve this issue?

  1. adding local-redirect at the [edit security nat] hierarchy

  2. adding local-redirect at the [edit interfaces lt;interface-namegt;] hierarchy

  3. adding proxy-arp at the [edit security nat] hierarchy

  4. adding proxy-arp at the [edit interfaces lt;interface-namegt;] hierarchy

Answer: C Explanation:

Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf

Question No: 44

Click the Exhibit button.

– Exhibit – [edit security]

user@srx# show idp

application-ddos Webserver { service http;

connection-rate-threshold 1000; context http-get-url {

hit-rate-threshold 60000;

value-hit-rate-threshold 30000;

time-binding-count 10;

time-binding-period 25;



– Exhibit –

You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.

What are two reasons for this behavior? (Choose two.)

  1. The approved traffic results in 50,000 HTTP GET requests per minute.

  2. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.

  3. The active IDP policy has not been defined in the security configuration.

  4. The IDP action is still in effect due to the timeout configuration.

Answer: A,D

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.0/junos-security-swconfig-security/appddos-protection-overview.html

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security- swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against

Question No: 45

You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode.

What must be considered when accomplishing this task?

  1. Layer 2 interfaces must use the ethernet-switching protocol family.

  2. Security policies are not supported when operating in transparent mode.

  3. Screens are not supported in your security zones with transparent mode.

  4. You must reboot your device after configuring transparent mode.

Answer: D

Question No: 46

Given the following session output:

Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid

In: 2001:660:1000:8c00::b/1053 -gt; 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4,

Bytes: 574

Out: -gt;;tcp, IF. reth1.0, Pkts: 3, Bytes:

Which statement is correct about the security flow session output?

  1. This session is about to expire.

  2. NAT64 is used.

  3. Proxy NDP is used for this session.

  4. The IPv4 Web server runs services on TCP port 24770.

Answer: B Explanation:

Reference : http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB22391

Question No: 47

Click the Exhibit button.

Traffic is flowing between the Host-1 and Host-2 devices through a hub-and-spoke IPsec VPN. All devices are SRX Series devices.

Referring to the exhibit, which two statements are correct? (Choose two.)

  1. Traffic is encrypted on the Hub device.

  2. Traffic is encrypted on the Spoke-2 device.

  3. Traffic is not encrypted on the Spoke-2 device.

  4. Traffic is not encrypted on the Hub device.

Answer: D

Question No: 48

Click the Exhibit button.

user@hostgt; show security ike security-associations

Index State Initiator cookie Responder cookie ModeRemote Address 3271043 UP 7f42284089404673 95fd8408940438d8 Main

user@hostgt; show security ipsec security-associations Total active tunnels: 0

user@hostgt; show log phase2

Feb 2 14:21:18 host kmd[1088]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: vpn-1 Gateway: gate-1, Local:, Remote:, Local IKE-ID:, Remote IKE-ID:, VR-ID: 0

Feb 2 14:21:18 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1, Peer Proposed traffic-selector local-ip: ipv4(, Peer Proposed traffic-selector remote-ip: ipv4 (

Feb 2 14:21:54 host kmd[1088]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: vpn-1 Gateway: gate-1, Local:, Remote:, Local IKE-ID:, Remote IKE-ID:, VR-ID: 0

Feb 2 14:22:19 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1, Peer Proposed traffic-selector local-ip:

ipv4 (2.2.

2.2), Peer Proposed traffic-selector remote-ip: ipv4(

You have recently configured an IPsec VPN between an SRX Series device and another non-Junos security device. The phase one tunnel is up but the phase two tunnel is not present.

Referring to the exhibit, what is the cause of this problem?

  1. preshared key mismatch

  2. mode mismatch

  3. proposal mismatch

  4. proxy-ID mismatch

Answer: D

Question No: 49

What are three advantages of group VPNs? (Choose three.)

  1. Supports any-to-any member connectivity.

  2. Provides redundancy with cooperative key servers.

  3. Eliminates the need for full mesh VPNs.

  4. Supports translating private to public IP addresses.

  5. Preserves original IP source and destination addresses.

Answer: A,C,E Explanation:

Reference : http://www.thomas- krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf

Question No: 50

Click the Exhibit button.

Ensurepass 2017 PDF and VCE

– Exhibit –

Feb 8 10:39:40 Unable to find phase-1 policy as remote peer: is not recognized.

Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE. Policy lookup for Phase-1 [responder] failed for p1_local=ipv4(any:0,[0..3]= p1_remote=ipv4(any:0,[0..3]=

Feb 8 10:39:40 (Responder) lt;-gt; { dbe1d0af – a4d6d829 f9ed3bba [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

– Exhibit –

According to the log shown in the exhibit, you notice that the IPsec session is not establishing.

What are two reasons for this behavior? (Choose two.)

  1. mismatched preshared key

  2. mismatched proxy ID

  3. incorrect peer address

  4. mismatched peer ID

Answer: C,D Explanation:

If the peer was not matched with the peer ID, the line quot;Unable to find phase-1 policy as remote peer: is not recognized.quot; should be shown

Reference : http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB10097amp;pmv=print

100% Ensurepass Free Download!
Download Free Demo:JN0-633 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass JN0-633 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.