[Free] 2018(Jan) EnsurePass Testking Juniper JN0-633 Dumps with VCE and PDF 51-60

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-633
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-633.html

Security, Professional (JNCIP-SEC)

Question No: 51

What is a secure key management protocol used by IPsec?

  1. AH

  2. ESP

  3. TCP

  4. IKE

Answer: D

Question No: 52

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the

10.10.50.1 address for its tunnel endpoint. Referring to the exhibit, which statement is true?

  1. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.

  2. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

  3. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

  4. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.

Answer: C

Question No: 53

Click the Exhibit button.

– Exhibit –

Ensurepass 2018 PDF and VCE

– Exhibit –

Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP.

Why did the session close?

  1. The application identification engine was unable to determine which application was in use, which caused the SRX device to close the session.

  2. The host with the IP address of 192.168.1.123 received a TCP segment with the FIN flag set from the host with the IP address of 65.197.244.218.

  3. The SRX device was unable to determine the user and role in the allotted time, which caused the session to close.

  4. The host with the IP address of 192.168.1.123 sent a TCP segment with the FIN flag set to the host with the IP address of 65.197.244.218.

Answer: D

Reference: http://netscreen.com/techpubs/software/junos/junos92/syslog- messages/download/rt.pdf

Question No: 54

Click the Exhibit button.

user@hostgt; show log message

Feb4 00:04:17 host rpd[4516]: EVENT lt;UpDowmgt; st0.0 index 76 lt;Up Broadcast Multicastgt;

Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 –

gt; (null) lt;Up Broadcast Multicastgt;

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:

to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:

10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH

username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID:ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:11,[0..7]=0.0.0.0/0)

Feb4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539, ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:

to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:

Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,

XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)

Feb4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local: 192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available,

Remote Not-Available, VR-ID: 0

Referring to the exhibit, which statement is correct?

  1. The phase 1 security association for the to-spoke-3 VPN is failing.

  2. The phase 2 security association for the to-spoke-1 VPN is failing.

  3. The phase 2 security association for the to-spoke-3 VPN is failing.

  4. The phase 1 security association for the to-spoke-2 VPN is failing.

Answer: B

Question No: 55

Click the Exhibit button.

– Exhibit –

user@srx# show security datapath-debug capture-file pkt-cap-file format pcap size 5m; action-profile {

pkt-cap-profile { event np-ingress { packet-dump;

}

}

}

packet-filter pkt-filter { action-profile pkt-capture; source-prefix 1.2.3.4/32;

}

– Exhibit –

You want to capture transit traffic passing through your SRX3600. You add the configuration shown in the exhibit but do not see entries added to the capture file.

What is causing the problem?

  1. You are missing the configuration set security datapath-debug maximum-capture-size 1500.

  2. You are missing the configuration set security datapath-debug packet-filter pkt-filter destination-prefix 5.6.7.8/32.

  3. You must start the capture from operational mode with the command request security datapath-debug capture start.

  4. You must start the capture from operational mode with the command monitor start capture.

Answer: C

Question No: 56

Which two statements are true regarding DNS doctoring? (Choose two.)

  1. DNS doctoring translates the DNS CNAME payload.

  2. DNS doctoring for IPv4 is supported on SRX devices.

  3. DNS doctoring for IPv4 and IPv6 is supported on SRX devices.

  4. DNS doctoring translates the DNS A-record.

Answer: B,D Explanation:

Reference : http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic- collections/security/software-all/security/index.html?topic-61847.html

Question No: 57

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed from two SRX240s. Which two statements about this deployment are true? (Choose two.)

  1. You must remove the SRX240s from the chassis cluster before enabling the dynamic

    VPNs.

  2. The remote clients can run Windows XP, Windows Vista, Windows 7, or OS X operating systems.

  3. If more than two dynamic VPN tunnels are required, you must purchase and install a new license.

  4. The remote users can be authenticated by the SRX240s or a configured RADIUS server.

Answer: C,D Explanation:

Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf

Question No: 58

Click the Exhibit button.

– Exhibit –

Ensurepass 2018 PDF and VCE

– Exhibit –

Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route

to either ISP, based on source address?

  1. source NAT

  2. static NAT

  3. filter-based forwarding

  4. source-based routing

Answer: C

Reference: http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical- systems-filter-based-forwarding.html

Question No: 59

Click the Exhibit button.

– Exhibit –

Ensurepass 2018 PDF and VCE

– Exhibit –

Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A#39;s configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page.

What would cause this behavior on the SRX device in Company B#39;s network?

  1. DNS replication is enabled.

  2. DNS doctoring is enabled.

  3. DNS replication is disabled.

  4. DNS doctoring is disabled.

Answer: D

Reference: http://www.trapezenetworks.com/techpubs/en_US/junos12.2/topics/concept/dns-alg-nat- doctoring-overview.html

Question No: 60

In which situation is NAT proxy NDP required?

  1. when translated addresses belong to the same subnet as the ingress interface

  2. when filter-based forwarding and static NAT are used on the same interface

  3. when working with static NAT scenarios

  4. when the security device operates in transparent mode

Answer: C Explanation:

When IP addresses are in the same subnet of the ingress interface, NAT proxy ARP configured

Reference : http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-nat.pdf

Reference : http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html

100% Ensurepass Free Download!
Download Free Demo:JN0-633 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass JN0-633 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.