Limited Time Discount Offer 30% Off - Ends in 02:00:00


Juniper JN0-633 Exam - Juniper Networks Certified Professional Security (JNCIP-SEC)

Download Free Juniper JN0-633 Exam Questions

File name






1.8 MB


Questions & Answers for Juniper JN0-633

Showing 1-15 of 175 Questions

Question #1

Where does the AppSecure suite of functions occur in the security flow process on an SRX
Series device?

A. services

B. security policy


D. session initiation

Question #2

Click the Exhibit button.
-- Exhibit

-- Exhibit --
You must configure two SRX devices to enable bidirectional communications between the
two networks shown in the exhibit. You have been allocated the and networks to use for this purpose.
Which configuration will accomplish this task?

A. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.

B. Using destination NAT, translate traffic destined to to Site1's addresses, and translate traffic destined to to Site2's addresses.

C. Using source NAT, translate traffic from Site1's addresses to, and translate traffic from Site2's addresses to

D. Using static NAT, translate traffic destined to to Site1's addresses, and translate traffic destined to to Site2's addresses.

To examine bidirectional communication you need multiple packet filters, one for each
Reference :

Question #3

Somebody has inadvertently configured several security policies with application firewall
rule sets on an SRX device. These security policies are now dropping traffic that should be
allowed. You must find and remove the application firewall rule sets that are associated
with these policies. Which two commands allow you to view these associations? (Choose

A. show security policies

B. show services application-identification application-system-cache

C. show security application-firewall rule-set all

D. show security policies application-firewall


Question #4

You are working as a security administrator and must configure a solution to protect
against distributed botnet attacks on your company's central SRX cluster.
How would you accomplish this goal?

A. Configure AppTrack to inspect and drop traffic from the malicious hosts.

B. Configure AppQoS to block the malicious hosts.

C. Configure AppDoS to rate limit connections from the malicious hosts.

D. Configure AppID with a custom application to block traffic from the malicious hosts.

Reference : Page No 2 Figure 1

Question #5

Click the Exhibit button.
Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can
only communicate with IPv4.
Which feature would you use to permit communication between Host-1 and Host-2?

A. 6rd

B. DS-Lite

C. NAT46

D. NAT444

Question #6

Which statement is true regarding the dynamic VPN feature for Junos devices?

A. Only route-based VPNs are supported.

B. Aggressive mode is not supported.

C. Preshared keys for Phase 1 must be used.

D. It is supported on all SRX devices.


Question #7

You must ensure that your Layer 2 traffic is secured on your SRX Series device in
transparent mode.
What must be considered when accomplishing this task?

A. Layer 2 interfaces must use the ethernet-switching protocol family.

B. Security policies are not supported when operating in transparent mode.

C. Screens are not supported in your security zones with transparent mode.

D. You must reboot your device after configuring transparent mode.

Question #8

You have recently deployed a dynamic VPN. Some remote users are complaining that they
cannot authenticate through the SRX device at the corporate network. The SRX device
serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this
problem? (Choose two.)

A. The supported number of users has been exceeded for the applied license.

B. The users are connecting to the portal using Windows Vista.

C. The SRX device does not have the required user account definitions.

D. The SRX device does not have the required access profile definitions.

Reference :

Question #9

You want to create a custom IDP signature for a new HTTP attack on your SRX device.
You have the exact string that identifies the attack. Which two additional elements do you
need to define your custom signature? (Choose two.)

A. service context

B. protocol number

C. direction

D. source IP address of the attacker


Question #10

Your company is providing multi-tenant security services on an SRX5800 cluster. You have
been asked to create a new logical system (LSYS) for a customer. The customer must be
able to access and manage new resources within their LSYS.
How do you accomplish this goal?

A. Create the new LSYS, allocate resources, and then create the user administrator role so that the customer can manage their allocated resources.

B. Create the new LSYS, and then create the user administrator role so that the customer can allocate and manage resources.

C. Create the new LSYS, and then create the master adminstrator role for the LSYS so that the customer can allocate and manage resources.

D. Create the new LSYS, then request the required resources from the customer, and create the required resources.

Reference :

Question #11

Click the Exhibit button.
-- Exhibit --
[edit security]
[email protected]# show idp

application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
-- Exhibit --
You are using AppDoS to protect your network against a bot attack, but noticed an
approved application has falsely triggered the configured IDP action of drop. You adjusted
your AppDoS configuration as shown in the exhibit. However, the approved traffic is still
What are two reasons for this behavior? (Choose two.)

A. The approved traffic results in 50,000 HTTP GET requests per minute.

B. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.

C. The active IDP policy has not been defined in the security configuration.

D. The IDP action is still in effect due to the timeout configuration.


Question #12

You configured a custom signature attack object to match specific components of an
Pattern .*\x90 90 90 90
Direction: client-to-server
Which client traffic would be identified as an attack?

A. HTTP GET .*\x90 90 90 … 90

B. HTTP POST .*\x90 90 90 … 90

C. HTTP GET .*x909090 … 90

D. HTTP POST .*x909090 … 90


Question #13

Click the Exhibit button.
[email protected]> show interfaces routing-instance all ge* terse
InterfaceAdmin Link Proto Local Instance
ge-0/0/0.0 up up inet default
ge-0/0/1.0 up up inet
iso A
ge-0/0/2.0 up up inet
iso B
[email protected]> show security flow session
Session ID: 82274, Policy name: default-policy-00/2, Timeout: 1770, Valid
In: -->;tcp, If: ge-0/0/1.0, Pkts: 31, Bytes: 1781
Out: -->;tcp, If: ge-0/0/2.0, Pkts: 23, Bytes: 1452
Total sessions: 3
[email protected]> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, + = Both *[Static/5] 04:08:52
> to via ge-0/0/0.0 *[Direct/0] 04:08:52
via ge-0/0/0.0 *[Local/0] 4w4d 23:04:29
Loca1 via ge-0/0/0.0 *[OSPF/10] 14:37:35, metric 1

A. inet.0: 4 destinations, 4 routes {4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5 *[Direct/0] 00:05:04 > via ge-0/0/1.0 *[Local/0] 00:05:04 Local via ge-0/0/1.0 *[Direct/0] 00:02:37 > via ge-0/0/2.0

B. inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both *[Static/5] 00:02:38 to table A.inet.0 *[Direct/0] 00:02:37 > via ge-0/0/2.0 *[Local/0] 00:02:37 Local via ge-0/0/2.0 Which statement is true about the outputs shown in the exhibit?

C. The routing instances A and B are connected using an lt interface.

D. Routing instance A’s routes are shared with routing instance B.

E. Routing instance B’s routes are shared with routing instance A.

F. The routing instances A and B are connected using a vt interface.

Question #14

Microsoft has altered the way their Web-based Hotmail application works. You want to
update your application firewall policy to correctly identify the altered Hotmail application.
Which two steps must you take to modify the application? (Choose two.)

A. [email protected]> request services application-identification application copy junos:HOTMAIL

B. [email protected]> request services application-identification application enable junos:HOTMAIL

C. [email protected]# edit services custom application-identification my:HOTMAIL

D. [email protected]# edit services application-identification my:HOTMAIL


Question #15

Click the Exhibit button.
-- Exhibit

-- Exhibit --
Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent
issues with their connection.
Referring to the exhibit, what is the problem?

A. The tunnel is down due to a configuration change.

B. The do-not-fragment bit is copied to the tunnel header.

C. The MSS option on the SYN packet is set to 1300.

D. The TCP SYN check option is disabled for tunnel traffic.

Try Our Special 30% Discount Offer for
Premium JN0-633 VCE File

  • Verified by experts

JN0-633 Premium File

  • Real Questions
  • Last Update: Feb 20, 2020
  • 100% Accurate Answers
  • Fast Exam Update




You save

Enter Your Email Address to Receive Your 30% Discount Code


You save

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from [email protected] and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

  • Realistic exam simulation and exam editor with preview functions
  • Whole exam in a single file with several different question types
  • Customizable exam-taking mode & detailed score reports