Juniper JN0-633 Exam Practice Questions (P. 3)
- Full Access (181 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified.
Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)
Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)
- AEnable heuristics to detect the encrypted traffic.
- BDisable the application system cache.
- CUse the junos:UNSPECIFIED-ENCRYPTED application signature.
- DUse the junos:SPECIFIED-ENCRYPTED application signature.
Correct Answer:
AC
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/encrypted-p2p- heuristics-detection.html
AC
Reference: http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/encrypted-p2p- heuristics-detection.html
send
light_mode
delete
Question #12
You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules.
Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)
Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)
- AUse stateless firewall filtering to block the unwanted traffic.
- BImplement AppQoS to drop the unwanted traffic.
- CImplement screen options to block the unwanted traffic.
- DImplement IPS to drop the unwanted traffic.
- EUse security policies to block the unwanted traffic.
Correct Answer:
ACE
IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles.
Reference : http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools- for-junos/
ACE
IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles.
Reference : http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools- for-junos/
send
light_mode
delete
Question #13
Referring to the following output, which command would you enter in the CLI to produce this result?
Ruleset Application Client-to-server Rate(bps) Server-to-client Rate(bps) http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200 http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200 ftp-App-QoS FTP ftp-C2S 100 ftp-C2S 100
Ruleset Application Client-to-server Rate(bps) Server-to-client Rate(bps) http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200 http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200 ftp-App-QoS FTP ftp-C2S 100 ftp-C2S 100
- Ashow class-of-service interface ge-2/1/0
- Bshow interface flow-statistics ge-2/1/0
- Cshow security flow statistics
- Dshow class-of-service applications-traffic-control statistics rate-limiter
Correct Answer:
D
Reference : http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/reference/command- summary/show-class-of-service-application-traffic-control-statistics- rate-limiter.html
D
Reference : http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/reference/command- summary/show-class-of-service-application-traffic-control-statistics- rate-limiter.html
send
light_mode
delete
Question #14
You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?
- Aunder the [edit security application-firewall] hierarchy
- Bunder the [edit security policies] hierarchy
- Cunder the [edit class-of-service] hierarchy
- Dunder the [edit firewall policer <policer-name>] hierarchy
Correct Answer:
D
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth- uploading-downloading-polcier/td-p/146666
D
Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth- uploading-downloading-polcier/td-p/146666
send
light_mode
delete
Question #15
You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols. How would you accomplish this goal?
- AUse an IDP policy to identify the application regardless of the port used.
- BUse a custom ALG to detect the application regardless of the port used.
- CUse AppTrack to detect the application regardless of the port used.
- DUse AppID to detect the application regardless of the port used.
Correct Answer:
A
AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack- aka-AppID/td- p/63029
An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols
Reference : http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/id-79332.html
A
AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack- aka-AppID/td- p/63029
An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols
Reference : http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos- security-swconfig-security/id-79332.html
send
light_mode
delete
All Pages