Juniper JN0-633 실제 시험문제 및 답변

문제1
-- Exhibit -[edit] user@srx# run show route
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 01:09:08 > to 172.18.1.1 via ge-0/0/3.0 10.210.14.128/27 *[Direct/0] 8w6d 15:43:09 > via ge-0/0/0.0 10.210.14.135/32 *[Local/0] 11w0d 06:43:04 Local via ge-0/0/0.0 172.18.1.0/30 *[Direct/0] 8w6d 15:43:01 > via ge-0/0/3.0 172.18.1.2/32 *[Local/0] 11w0d 06:43:03 Local via ge-0/0/3.0 172.19.1.0/24 *[Direct/0] 03:46:56 > via ge-0/0/1.0 172.19.1.1/32 *[Local/0] 03:46:56 Local via ge-0/0/1.0 172.20.105.0/24 *[Direct/0] 03:46:56 > via ge-0/0/4.105 172.20.105.1/32 *[Local/0] 03:46:56 Local via ge-0/0/4.105 192.168.30.1/32 *[Direct/0] 4d 03:44:41 > via lo0.0
fbf.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:00:11 > to 172.19.1.2 via ge-0/0/1.0 172.19.1.0/24 *[Direct/0] 00:00:11 > via ge-0/0/1.0
[edit]
user@srx# show routing-instances
fbf {
routing-options {
static {
route 0.0.0.0/0 next-hop 172.19.1.2;
}
}
}
[edit]
user@srx# show routing-options
interface-routes {
rib-group inet fbf-int;
}
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
}
rib-groups {
fbf-int {
import-rib [ inet.0 fbf.inet.0 ];
import-policy fbf-pol;
}
}
[edit]
user@srx# show policy-options policy-statement fbf-pol
term 1 {
from interface ge-0/0/1.0;
to rib fbf.inet.0;
then accept;
}
term 2 {
then reject;
}
-- Exhibit -
Referring to the exhibit, you notice that filter-based forwarding is not working.
What is the reason for this behavior?

A. The routing policy is configured incorrectly.

B. The RIB group is configured incorrectly.

C. The routing instance is configured incorrectly.

D. The default static routes are configured incorrectly.

정답: C

설명: (ExamPassdump 회원만 볼 수 있음)

문제2
How does the SRX5800, in transparent mode, signal failover to the connected switches?

A. It initiates spanning-tree BPDUs.

B. It flaps the impaired interfaces.

C. It sends out gratuitous ARPs.

D. It uses an IP address monitoring configuration.

정답: C

문제3
What is a benefit of using a group VPN?

A. It simplifies IPsec access for remote clients.

B. It provides a layer of redundancy on top of a point-to-point VPN mesh architecture.

C. It eliminates the need for point-to-point VPN tunnels.

D. It provides a way to grant VPN access on a per-user-group basis.

정답: C

설명: (ExamPassdump 회원만 볼 수 있음)

문제4
Click the Exhibit button.
user@host> show log message
Feb4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast
Multicast>
Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 -
> (null) <Up Broadcast Multicast>
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPNto-spoke-1 from
192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name: to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:
10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH
username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector
local ID:ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID:
ipv4_subnet(any:11,[0..7]=0.0.0.0/0)
Feb4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539,
ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from
192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:
to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:
Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,
XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-
selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector
remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)
Feb4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No
proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local:
192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available,
Remote Not-Available, VR-ID: 0
Referring to the exhibit, which statement is correct?

A. The phase 1 security association for theto-spoke-3VPN is failing.

B. The phase 2 security association for theto-spoke-1VPN is failing.

C. The phase 2 security association for theto-spoke-3VPN is failing.

D. The phase 1 security association for theto-spoke-2VPN is failing.

정답: B

문제5
You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800.
Which two methods of forwarding, between virtual routers, would you recommend? (Choose two.)

A. Create static routes in each virtual router using thenext-tablecommand.

B. Use a static route to forward traffic across virtual routers using the next-table option. Enable the return route by using a RIB group.

C. Connect a direct cable between boo physical interfaces, one in each virtual router and use static routes with thenext-hopcommand.

D. Use a RIB group to share the internal routing protocol routes from the master routing instance.

정답: A

문제6
Which three match condition objects are required when creating IPS rules? (Choose three.)

A. attack objects

B. zone objects

C. IP action objects

D. address objects

E. terminal objects

정답: A,B,D

설명: (ExamPassdump 회원만 볼 수 있음)

문제7
You are asked to establish a hub-and-spoke IPsec VPN using your SRX Series device as the hub. All of your spoke devices are third-party devices.
Which statement is correct?

A. You must create a policy-based VPN on the hub device when peering with third-party devices.

B. You must statically configure the next-hop tunnel binding table entries for each of the third-party spoke devices.

C. You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.

D. You must always peer using loopback addresses when using non-Junos devices as your spokes.

정답: B

문제8
Click the Exhibit button.
[edit security nat static rule-set 12]
user@SRX2# show
from zone untrust;
rule 1 {
match {
destination-address 192.168.1.1/32;
}
then {
static-nat {
prefix {
10.60.60.1/32;
}
}
}
}
Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.
What is the result of the communication?

A. The 10.60.60.1 address is translated to the 192.168.1.1 address.

B. The 192.168.0.1 address is translated to the 10.60.60.1 address.

C. The 192.168.0.1 address is translated to the 192.168.1.1 address.

D. No translation occurs.

정답: A

문제9
Click the Exhibit button.
Traffic is flowing between the Host-1 and Host-2 devices through a hub-and-spoke IPsec VPN. All devices are SRX Series devices.
Referring to the exhibit, which two statements are correct? (Choose two.)

A. Traffic is not encrypted on the Hub device.

B. Traffic is not encrypted on the Spoke-2 device.

C. Traffic is encrypted on the Hub device.

D. Traffic is encrypted on the Spoke-2 device.

정답: A

문제10
Click the Exhibit button. -- Exhibit-

-- Exhibit -
Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP.
Why did the session close?

A. The SRX device was unable to determine the user and role in the allotted time, which caused the session to close.

B. The application identification engine was unable to determine which application was in use, which caused the SRX device to close the session.

C. The host with the IP address of 192.168.1.123 received a TCP segment with the FIN flag set from the host with the IP address of 65.197.244.218.

D. The host with the IP address of 192.168.1.123 sent a TCP segment with the FIN flag set to the host with the IP address of 65.197.244.218.

정답: D

설명: (ExamPassdump 회원만 볼 수 있음)

문제11
Your company is using a dynamic VPN configuration on their SRX device. Your manager asks you to enforce password expiration policies for all VPN users.
Which authentication method meets the requirement?

A. TACACS+

B. LDAP

C. RADIUS

D. local password database

정답: B

설명: (ExamPassdump 회원만 볼 수 있음)

문제12
You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique logical systems (LSYSs) on the same SRX5800.
How would you accomplish this task?

A. Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.

B. Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.

C. Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.

D. Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.

정답: A

설명: (ExamPassdump 회원만 볼 수 있음)

문제13
What are two AppSecure modules? (Choose two.)

A. AppDoS

B. AppNAT

C. AppFlow

D. AppTrack

정답: A,D

설명: (ExamPassdump 회원만 볼 수 있음)

최신Juniper Security, Professional (JNCIP-SEC) - JN0-633무료샘플문제

자격증의 중요성:

ExamPassdump 제품의 가치:

무료샘플 받아보기:

완벽한 서비스 제공: