Download Juniper Networks Certified Professional Security (JNCIP-SEC).JN0-633.PracticeTest.2018-08-17.99q.vcex

Vendor: Juniper
Exam Code: JN0-633
Exam Name: Juniper Networks Certified Professional Security (JNCIP-SEC)
Date: Aug 17, 2018
File Size: 2 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)
  1. virtual routing instance
  2. forwarding instance
  3. static NAT
  4. persistent NAT
Correct answer: AC
Explanation:
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
Question 2
You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500. 
How would you resolve this problem?
  1. Enable NAT-T.
  2. Disable NAT-T.
  3. Disable PAT.
  4. Enable PAT.
Correct answer: B
Explanation:
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue. Reference : https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F %2Fchimera.labs.oreilly.com%2Fbooks %2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNg ssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue. 
Reference : https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F %2Fchimera.labs.oreilly.com%2Fbooks 
%2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNg ssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk
Question 3
Given the following session output:
Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid
In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4, Bytes: 574
Out: 192.168.203.10/80 --> 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:
Which statement is correct about the security flow session output?
  1. This session is about to expire.
  2. NAT64 is used.
  3. Proxy NDP is used for this session.
  4. The IPv4 Web server runs services on TCP port 24770.
Correct answer: B
Explanation:
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB22391
Question 4
You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices. 
Which two statements about the new deployment are true? (Choose two.)
  1. The networks at the various sites must use NAT.
  2. The participating endpoints in the group VPN can belong to a chassis cluster.
  3. The networks at the various sites cannot use NAT.
  4. The participating endpoints in the group VPN cannot be part of a chassis cluster.
Correct answer: CD
Explanation:
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide_ v1.2.pdf
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf 
http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide_ v1.2.pdf
Question 5
You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office consists of a pair of SRX650s in a chassis cluster. Which two statements about the deployment are true? (Choose two.)
  1. The SRX650s must be separated as standalone devices to support the dynamic VPNs.
  2. The remote clients must install client software to establish a tunnel with the corporate network.
  3. The remote clients must reside behind an SRX device configured as the local tunnel endpoint.
  4. The SRX650 must have HTTP or HTTPS enabled to aid in the client software distribution process.
Correct answer: BD
Explanation:
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Question 6
You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed from two SRX240s. Which two statements about this deployment are true? (Choose two.)
  1. You must remove the SRX240s from the chassis cluster before enabling the dynamic VPNs.
  2. The remote clients can run Windows XP, Windows Vista, Windows 7, or OS X operating systems.
  3. If more than two dynamic VPN tunnels are required, you must purchase and install a new license.
  4. The remote users can be authenticated by the SRX240s or a configured RADIUS server.
Correct answer: CD
Explanation:
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf
Question 7
You are asked to implement IPsec tunnels between your SRX devices located at various locations. You will use the public key infrastructure (PKI) to verify the identification of the endpoints. What are two certificate enrollment options available for this deployment? (Choose two.)
  1. Manually generating a PKCS10 request and submitting it to an authorized CA.
  2. Dynamically generating and sending a certificate request to an authorized CA using OCSP.
  3. Manually generating a CRL request and submitting that request to an authorized CA.
  4. Dynamically generating and sending a certificate request to an authorized CA using SCEP.
Correct answer: AD
Explanation:
Reference: Page 9http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf- trouble/configuring-and-troubleshooting-public-key-infrastructure.pdf
Reference: Page 9
http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf- trouble/configuring-and-troubleshooting-public-key-infrastructure.pdf
Question 8
Which statement is true regarding the dynamic VPN feature for Junos devices?
  1. Only route-based VPNs are supported.
  2. Aggressive mode is not supported.
  3. Preshared keys for Phase 1 must be used.
  4. It is supported on all SRX devices.
Correct answer: C
Explanation:
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway- pages/security/security-vpn-dynamic.pdf
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/pathway- pages/security/security-vpn-dynamic.pdf
Question 9
You are asked to design a solution to verify IPsec peer reachability with data path forwarding. 
Which feature would meet the design requirements?
  1. DPD over Phase 1 SA
  2. DPD over Phase 2 SA
  3. VPN monitoring over Phase 1 SA
  4. VPN monitoring over Phase 2 SA
Correct answer: D
Explanation:
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS-VPN- monitor-in-IPSEC/td-p/176671
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/dead-peer-detection-VS-VPN- monitor-in-IPSEC/td-p/176671
Question 10
What are three advantages of group VPNs? (Choose three.)
  1. Supports any-to-any member connectivity.
  2. Provides redundancy with cooperative key servers.
  3. Eliminates the need for full mesh VPNs.
  4. Supports translating private to public IP addresses.
  5. Preserves original IP source and destination addresses.
Correct answer: ACE
Explanation:
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf
Reference : http://www.thomas-krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Configuring_Gro up_VPN_Juniper_SRX.pdf
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!