JNCIP JN0-633 (Security, Professional (JNCIP-SEC) Exam)시험은 IT인증시험중 가장 인기있는 시험입니다. JNCIP JN0-633 (Security, Professional (JNCIP-SEC) Exam) 시험패스는 모든 IT인사들의 로망입니다. Pass4Test의 완벽한 JNCIP JN0-633 (Security, Professional (JNCIP-SEC) Exam)덤프로 시험준비하여 고득점으로 자격증을 따보세요.학원등록 필요없이 다른 공부자료 필요없이 덤프에 있는 문제만 완벽하게 공부하신다면 JNCIP JN0-633 (Security, Professional (JNCIP-SEC) Exam)시험패스가 어렵지 않고 자격증취득이 쉬워집니다.
NO.1 Which problem is introduced by setting the terminal parameter on an IPS rule?
A. The SRX device will stop IDP processing for future sessions.
B. The SRX device might detect more false positives.
C. The SRX device will terminate the session in which the terminal rule detected the attack.
D. The SRX device might miss attacks.
Answer: D
NO.2 You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is
dropping
at the SRX240 in your network. Which three tools would you use to troubleshoot the issue?
(Choose three.)
A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic
Answer: A,B,C
NO.3 HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets
locally on the SRX240. Which configuration would you use to enable this capture?
A. [edit security flow]
user@srx# show
traceoptions {
file dump;
flag basic-datapath;
}
B. [edit security]
user@srx# show
application-tracking {
enable;
}
flow {
traceoptions {
file dump;
flag basic-datapath;
}
}
C. [edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
port-mirror;
accept;
}
D. [edit firewall filter capture term one]
user@srx# show
from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
sample;
accept;
}
Answer: D
NO.4 What is the default action for an SRX device in transparent mode to determine the outgoing
interface for an unknown destination MAC address?
A. Perform packet flooding.
B. Send an ARP query.
C. Send an ICMP packet with a TTL of 1.
D. Perform a traceroute request.
Answer: A
NO.5 Somebody has inadvertently configured several security policies with application firewall rule
sets
on an SRX device. These security policies are now dropping traffic that should be allowed. You
must find and remove the application firewall rule sets that are associated with these policies.
Which two commands allow you to view these associations? (Choose two.)
A. show security policies
B. show services application-identification application-system-cache
C. show security application-firewall rule-set all
D. show security policies application-firewall
Answer: A,D
NO.6 You are asked to establish a baseline for your company's network traffic to determine the
bandwidth usage per application. You want to undertake this task on the central SRX device that
connects all segments together. What are two ways to accomplish this goal? (Choose two.)
A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for
further investigation.
B. Use interface packet counters for all permitted and denied traffic and calculate the values using
Junos scripts.
C. Send SNMP traps with bandwidth usage to a central SNMP server.
D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack
messages.
Answer: A,D