Download Juniper.JN0-633.PracticeTest.2018-08-17.99q.vcex

Download Exam

File Info

Exam Juniper Networks Certified Professional Security (JNCIP-SEC)
Number JN0-633
File Name Juniper.JN0-633.PracticeTest.2018-08-17.99q.vcex
Size 2 MB
Posted Aug 17, 2018
Download Juniper.JN0-633.PracticeTest.2018-08-17.99q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)


  1. virtual routing instance
  2. forwarding instance
  3. static NAT
  4. persistent NAT
Correct answer: AC
Explanation:
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286



Question 2

You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500. 
How would you resolve this problem?


  1. Enable NAT-T.
  2. Disable NAT-T.
  3. Disable PAT.
  4. Enable PAT.
Correct answer: B
Explanation:
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue. Reference : https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F %2Fchimera.labs.oreilly.com%2Fbooks %2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNg ssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue. 
Reference : https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F %2Fchimera.labs.oreilly.com%2Fbooks 
%2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNg ssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk



Question 3

Given the following session output:
Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid
In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4, Bytes: 574
Out: 192.168.203.10/80 --> 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:
Which statement is correct about the security flow session output?


  1. This session is about to expire.
  2. NAT64 is used.
  3. Proxy NDP is used for this session.
  4. The IPv4 Web server runs services on TCP port 24770.
Correct answer: B
Explanation:
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391



Question 4

You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices. 
Which two statements about the new deployment are true? (Choose two.)


  1. The networks at the various sites must use NAT.
  2. The participating endpoints in the group VPN can belong to a chassis cluster.
  3. The networks at the various sites cannot use NAT.
  4. The participating endpoints in the group VPN cannot be part of a chassis cluster.
Correct answer: CD
Explanation:
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide_ v1.2.pdf
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf 
http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide_ v1.2.pdf



Question 5

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office consists of a pair of SRX650s in a chassis cluster. Which two statements about the deployment are true? (Choose two.)


  1. The SRX650s must be separated as standalone devices to support the dynamic VPNs.
  2. The remote clients must install client software to establish a tunnel with the corporate network.
  3. The remote clients must reside behind an SRX device configured as the local tunnel endpoint.
  4. The SRX650 must have HTTP or HTTPS enabled to aid in the client software distribution process.
Correct answer: BD
Explanation:
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf



Question 6

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed from two SRX240s. Which two statements about this deployment are true? (Choose two.)


  1. You must remove the SRX240s from the chassis cluster before enabling the dynamic VPNs.
  2. The remote clients can run Windows XP, Windows Vista, Windows 7, or OS X operating systems.
  3. If more than two dynamic VPN tunnels are required, you must purchase and install a new license.
  4. The remote users can be authenticated by the SRX240s or a configured RADIUS server.
Correct answer: CD
Explanation:
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf



Question 7

You are asked to implement IPsec tunnels between your SRX devices located at various locations. You will use the public key infrastructure (PKI) to verify the identification of the endpoints. What are two certificate enrollment options available for this deployment? (Choose two.)


  1. Manually generating a PKCS10 request and submitting it to an authorized CA.
  2. Dynamically generating and sending a certificate request to an authorized CA using OCSP.
  3. Manually generating a CRL request and submitting that request to an authorized CA.
  4. Dynamically generating and sending a certificate request to an authorized CA using SCEP.
Correct answer: AD
Explanation:
Reference: Page 9http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf- trouble/configuring-and-troubleshooting-public-key-infrastructure.pdf
Reference: Page 9
http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf- trouble/configuring-and-troubleshooting-public-key-infrastructure.pdf



Question 8

Which statement is true regarding the dynamic VPN feature for Junos devices?


  1. Only route-based VPNs are supported.
  2. Aggressive mode is not supported.
  3. Preshared keys for Phase 1 must be used.
  4. It is supported on all SRX devices.
Correct answer: C
Explanation:
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway- pages/security/security-vpn-dynamic.pdf
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway- pages/security/security-vpn-dynamic.pdf



Question 9

You are asked to design a solution to verify IPsec peer reachability with data path forwarding. 
Which feature would meet the design requirements?


  1. DPD over Phase 1 SA
  2. DPD over Phase 2 SA
  3. VPN monitoring over Phase 1 SA
  4. VPN monitoring over Phase 2 SA
Correct answer: D
Explanation:
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS-VPN- monitor-in-IPSEC/td-p/176671
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS-VPN- monitor-in-IPSEC/td-p/176671



Question 10

What are three advantages of group VPNs? (Choose three.)


  1. Supports any-to-any member connectivity.
  2. Provides redundancy with cooperative key servers.
  3. Eliminates the need for full mesh VPNs.
  4. Supports translating private to public IP addresses.
  5. Preserves original IP source and destination addresses.
Correct answer: ACE
Explanation:
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files