Download Juniper Networks Certified Professional Security (JNCIP-SEC).JN0-633.TestInside.2018-12-08.108q.vcex

Vendor: Juniper
Exam Code: JN0-633
Exam Name: Juniper Networks Certified Professional Security (JNCIP-SEC)
Date: Dec 08, 2018
File Size: 2 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
You are asked to change the configuration of your company's SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remain available to users. Which two methods will accomplish this goal? (Choose two.) 
  1. Enable the HTTP ALG.
  2. Implement a firewall filter for Web traffic.
  3. Use an IDP policy to inspect the Web traffic.
  4. Configure an application firewall rule set.
Correct answer: BD
Explanation:
Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them. ALGs are typically employed to support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)IDP policy defines the rule for defining the type of traffic permitted on network (http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig- security/enable-idp-security-policy-section.html)
Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them. ALGs are typically employed to support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)
IDP policy defines the rule for defining the type of traffic permitted on network (http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig- security/enable-idp-security-policy-section.html)
Question 2
You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds. At which threshold will the bot clients no longer be classified as malicious?
  1. 5000 hits in 60 seconds
  2. 8000 hits in 60 seconds
  3. 7500 hits in 60 seconds
  4. 9999 hits in 60 seconds
Correct answer: B
Explanation:
Reference :http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig- security/appddos-protection-overview.html
Reference :
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-swconfig- security/appddos-protection-overview.html
Question 3
You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified. 
Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)
  1. Enable heuristics to detect the encrypted traffic.
  2. Disable the application system cache.
  3. Use the junos:UNSPECIFIED-ENCRYPTED application signature.
  4. Use the junos:SPECIFIED-ENCRYPTED application signature.
Correct answer: AC
Explanation:
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/encrypted-p2p- heuristics-detection.html
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/encrypted-p2p- heuristics-detection.html
Question 4
You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules. 
Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)
  1. Use stateless firewall filtering to block the unwanted traffic.
  2. Implement AppQoS to drop the unwanted traffic.
  3. Implement screen options to block the unwanted traffic.
  4. Implement IPS to drop the unwanted traffic.
  5. Use security policies to block the unwanted traffic.
Correct answer: ACE
Explanation:
IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles. Reference : http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools- for-junos/
IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles. 
Reference : http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools- for-junos/
Question 5
You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols. How would you accomplish this goal?
  1. Use an IDP policy to identify the application regardless of the port used.
  2. Use a custom ALG to detect the application regardless of the port used.
  3. Use AppTrack to detect the application regardless of the port used.
  4. Use AppID to detect the application regardless of the port used.
Correct answer: A
Explanation:
AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack-aka-AppID/td- p/63029 An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols Reference : http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/id-79332.html
AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID 
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack-aka-AppID/td- p/63029 
An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols 
Reference : http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/id-79332.html
Question 6
You are asked to establish a baseline for your company's network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together. What are two ways to accomplish this goal? (Choose two.)
  1. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.
  2. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.
  3. Send SNMP traps with bandwidth usage to a central SNMP server.
  4. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.
Correct answer: AD
Explanation:
AppTrack is used for visibility for application usage and bandwidth Reference: http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf
AppTrack is used for visibility for application usage and bandwidth 
Reference: http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf
Question 7
Microsoft has altered the way their Web-based Hotmail application works. You want to update your application firewall policy to correctly identify the altered Hotmail application. Which two steps must you take to modify the application? (Choose two.)
  1. user@srx> request services application-identification application copy junos:HOTMAIL
  2. user@srx> request services application-identification application enable junos:HOTMAIL
  3. user@srx# edit services custom application-identification my:HOTMAIL
  4. user@srx# edit services application-identification my:HOTMAIL
Correct answer: AD
Explanation:
Reference: http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/request-services-application-identification-application.html
Reference: http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/request-services-application-identification-application.html
Question 8
You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique logical systems (LSYSs) on the same SRX5800. 
How would you accomplish this task?
  1. Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.
  2. Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.
  3. Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.
  4. Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.
Correct answer: C
Explanation:
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260
Reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260
Question 9
You are responding to a proposal request from an enterprise with multiple branch offices. All branch offices connect to a single SRX device at a centralized location. 
The request requires each office to be segregated on the central SRX device with separate IP networks and security considerations. No single office should be able to starve the CPU from other branch offices on the central SRX device due to the number of flow sessions. However, connectivity between offices must be maintained. Which three features are required to accomplish this goal? (Choose three.)
  1. Logical Systems
  2. Interconnect Logical System
  3. Virtual Tunnel Interface
  4. Logical Tunnel Interface
  5. Virtual Routing Instance
Correct answer: ABD
Explanation:
Reference : http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/logical-systems-interfaces.htmlhttp://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/logical-systems-config/index.html?topic-57390.html
Reference : http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/logical-systems-interfaces.html
http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/logical-systems-config/index.html?topic-57390.html
Question 10
Your company provides managed services for two customers. Each customer has been segregated within its own routing instance on your SRX device. Customer A and customer B inform you that they need to be able to reach certain hosts on each other's network. Which two configuration settings would be used to share routes between these routing instances? (Choose two.) 
  1. routing-group
  2. instance-import
  3. import-rib
  4. next-table
Correct answer: BD
Explanation:
Reference : http://aconaway.com/2013/03/02/junos-logical-tunnel-interfaces-with-virtual-routers/
Reference : http://aconaway.com/2013/03/02/junos-logical-tunnel-interfaces-with-virtual-routers/
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!