JN0-633 Online Practice Questions and Answers

What are two intrusion protection mechanisms available on SRX Series Services Gateways? (Choose two.)

A. routing update detection

B. traffic anomaly detection

C. NAT anomaly protection

D. DoS protection

You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified. Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)

A. Enable heuristics to detect the encrypted traffic.

B. Disable the application system cache.

C. Use the junos:UNSPECIFIED-ENCRYPTED application signature.

D. Use the junos:SPECIFIED-ENCRYPTED application signature.

You are using logical systems to segregate customers. You have a requirement to enable communication between the logical systems. What are two ways to accomplish this goal? (Choose two.)

A. Use a shared DMZ zone to connect the logical systems together.

B. Use a virtual tunnel (vt-) interface to connect the logical systems together.

C. Use an external cable to connect the ports from the two logical systems.

D. Use an interconnect LSYS to connect the logical systems together.

You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub. Which st0 interface configuration is correct for the hub device?

A. [edit interfaces] user@srx# show st0 { multipoint

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

B. [edit interfaces] user@srx# show st0 {

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

C. [edit interfaces] user@srx# show st0 {

unit 0 {

point-to-point;

family inet {

address 10.10.10.1/24;

}

}

}

D. [edit interfaces] user@srx# show st0 {

unit 0 {

multipoint;

family inet {

address 10.10.10.1/24;

}

}

}

What is the default action for an SRX device in transparent mode to determine the outgoing interface for an unknown destination MAC address?

A. Perform packet flooding.

B. Send an ARP query.

C. Send an ICMP packet with a TTL of 1.

D. Perform a traceroute request.

Which QoS function is supported in transparent mode?

A. 802.1p

B. DSCP

C. IP precedence

D. MPLS EXP

You are asked to configure class of service (CoS) on an SRX device running in transparent mode. Which command would you use?

A. set interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

B. set class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

C. set class-of-service interfaces ge-0/0/0 unit 0 classifiers ieee-802.1 priority-app

D. set interfaces ge-0/0/0 unit 0 classifiers inet-precedence priority-app

Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature.

Which command would you use to accomplish this task?

A. show security idp attack detail

B. show security idp attack table

C. show security idp memory

D. show security idp counters

Which two configuration statements are used to share interface routes between routing instances? (Choose two.)

A. export-rib

B. static rib-group

C. interface-routes rib-group

D. import-rib

What are three techniques to mark DSCP values on an SRX Series device? (Choose three.)

A. IDP attack action-based DSCP rewriters

B. 802.11Q

C. VLAN rewrite

D. ALG-based DSCP rewriters

E. Layer 7 application-based DSCP rewriters.