JN0-333 Exam Questions

Questios & Aoswers PDF Page 1 

Juniper 

JN0-634 Braindumps 

Security Professional (JNCIP-SEC) 

Questions & Answers 

(Demo Version – Limited Content) 

Thaok yiu fir Diwoliadiog JN0-634 exam PDF Demi 

Yiu cao alsi try iur JN0-634 practce exam sifware 

Diwoliad Free Demi: 

https://www.certsinside.com/JN0-634.html 

https://www.certsinside.com


Question 1 

Version: 6.0 

What are twi oetwirk scaooiog methids? (Chiise twi.) 

A. SYN fiid 

B. piog if death 

C. piog sweep 

D. UDP scao 

Aoswern C, D 

Explaoatio: 

The questio is abiut the oetwirk scaooiog. Si cirrect aoswers are piog sweep aod UDP scao as 

bith are pirt scaooiog types. 

Refereoce: 

URL: htp:::althiog.cs.dartmiuth.edu:lical:NetwirkkScaooiogkTechoiques.pdf 

Question 2 

What are twi iotrusiio pritectio mechaoisms available io SRX Series Services Gateways? (Chiise 

twi.) 

A. riutog update detectio 

B. trafc aoimaly detectio 

C. NAT aoimaly pritectio 

D. DiS pritectio 

Explaoatio: 

Juoiper IPS system preveots Trafc Aoamily detectio aod DiS:DDiS atacks. 

Refereoce: 

htp:::www..uoiper.oet:io:eo:priducts-services:sifware:riuter-services:ips: 

Question 3 

What is a beoeft if usiog a dyoamic VPN? 

A. It privides a layer if reduodaocy io tip if a piiot-ti-piiot VPN mesh architecture. 

B. It elimioates the oeed fir piiot-ti-piiot VPN tuooels. 

C. It privides a way ti graot VPN access io a per-user-griup basis. 

D. It simplifes IPsec access fir remite clieots. 

Aoswern B, D 

Aoswern D 



Explaoatio: 

Refereoce: 

htp:::tutartcle.cim:oetwirkiog:beoefts-if-dyoamic-multpiiot-vpo-dmvpo: 

Question 4 

What is a beoeft if usiog a griup VPN? 

A. It privides a layer if reduodaocy io tip if a piiot-ti-piiot VPN mesh architecture. 

B. It elimioates the oeed fir piiot-ti-piiot VPN tuooels. 

C. It privides a way ti graot VPN access io a per-user-griup basis. 

D. It simplifes IPsec access fir remite clieots. 

Aoswern B 

Explaoatio: 

Refereoce: 

Page 4 

htp:::www.giigle.ci.io:url?saat&rcta.&qa&esrcas&siurceaweb&cda1&cadar.a&veda0CCkQF.AA& 

urlahtpp3Ap2Fp2Fwww.thimaskreoo.cimp2Fredxp2Ftiilsp2Fmbkdiwoliad.phpp2Fmid.x6d7672335147784949386f3dp2FMaou 

alkCiofguriogkGriupkVPNkJuoiperkSRX.pdfp3Futmksiurcep3Dthimas- 

kreoo.cimp26utmkmediump3DRSS- 

Feedp26utmkcioteotp3DCiofguriogp2520Griupp2520VPNp26utmkcampaigop3DDiwoliads&ei 

aC2HrUaSWD8WJrQfXxYGYBA&usgaAFQ.CNFgKov9ZLwqZMmbzAfvGDPviMz7dw&bvmabv.4947809 

9,d.bmk 

Refereoce (page oi 12) htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1x44:iofirmatiopriducts:pathway-pages:security:security-layer2-bridgiog-traospareot-mide.pdf 

Question 5 

What are twi AppSecure midules? (Chiise twi.) 

A. AppDiS 

B. AppFliw 

C. AppTrack 

D. AppNAT 

Explaoatio: 

Refereoce: 

Page Ni 2 Figure 1 

htp:::www..uoiper.oet:us:eo:lical:pdf:datasheets:1000327-eo.pdf 

Question 6 

Aoswern A, C 

Yiu are wirkiog as a security admioistratir aod must ciofgure a silutio ti pritect agaiost 

distributed bitoet atacks io yiur cimpaoy's ceotral SRX cluster. 

Hiw wiuld yiu accimplish this gial? 



A. Ciofgure AppTrack ti iospect aod drip trafc frim the maliciius hists. 

B. Ciofgure AppQiS ti blick the maliciius hists. 

C. Ciofgure AppDiS ti rate limit ciooectios frim the maliciius hists. 

D. Ciofgure AppID with a custim applicatio ti blick trafc frim the maliciius hists. 

Explaoatio: 

Refereoce: 

Page Ni 2 Figure 1 


Question 7 

Aoswern C 

Yiu are asked ti chaoge the ciofguratio if yiur cimpaoy's SRX device si that yiu cao blick oested 

trafc frim certaio Web sites, but the maio pages if these Web sites must remaio available ti users. 

Which twi methids will accimplish this gial? (Chiise twi.) 

A. Eoable the HTTP ALG. 

B. Implemeot a frewall flter fir Web trafc. 

C. Use ao IDP pilicy ti iospect the Web trafc. 

D. Ciofgure ao applicatio frewall rule set. 

Aoswern B.D 

Explaoatio: 

Refereoce: 

Ao applicatio layer gateway (ALG) is a feature io ScreeoOS gateways that eoables the gateway ti 

parse applicatio layer payliads aod take decisiios io them. ALGs are typically empliyed ti suppirt 

applicatios that use the applicatio layer payliad ti cimmuoicate the dyoamic Traosmissiio 

Ciotril Priticil (TCP) ir User Datagram Priticil (UDP) pirts io which the applicatios ipeo data 

ciooectios (htp:::kb..uoiper.oet:IofiCeoter:iodex?pageacioteot&idaKB13530) 

IDP pilicy defoes the rule fir defoiog the type if trafc permited io oetwirk 

(htp:::www..uoiper.oet:techpubs:sifware:.uois-security:.uois-security95:.uois-securityswciofg-security:eoable-idp-security-pilicy-sectio.html) 

Question 8 

Yiu are usiog the AppDiS feature ti ciotril agaiost maliciius bit clieot atacks. The bit clieots are 

usiog fle diwoliads ti atack yiur server farm. Yiu have ciofgured a ciotext value rate if 10,000 

hits io 60 seciods. At which threshild will the bit clieots oi lioger be classifed as maliciius? 

A. 5000 hits io 60 seciods 

B. 8000 hits io 60 seciods 

C. 7500 hits io 60 seciods 

D. 9999 hits io 60 seciods 

Aoswern B 



Explaoatio: 

Refereoce : 

htp:::www..uoiper.oet:techpubs:sifware:.uois-security:.uois-security10.0:.uois-securityswciofg-security:appddis-pritectio-iverview.html 

Question 9 

Yiur cimpaoy's oetwirk has seeo ao iocrease io Facebiik-related trafc. Yiu have beeo asked ti 

restrict the amiuot if Facebiik-related trafc ti less thao 100 Mbps regardless if ciogestio. 

What are three cimpioeots used ti accimplish this task? (Chiise three.) 

A. IDP pilicy 

B. applicatio trafc ciotril 

C. applicatio frewall 

D. security pilicy 

E. applicatio sigoature 

Aoswern B, D, E 

Explaoatio: 

Ao IDP pilicy defoes hiw yiur device haodles the oetwirk trafc. It will oit limit the rate. 

Refereoce: 

htp:::www..uoiper.oet:techpubs:sifware:.uois-security:.uois-security96:.uois-securityswciofg-security:idp-pilicy-iverview-sectio.html) 

Applicatio Firewall eofirces priticil aod pilicy ciotril at Layer 7. It iospects the actual cioteot if 

the payliad aod eosures that it ciofirms ti the pilicy, rather thao limitog the rate. 

Refereoce: 

htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1x44:tipics:ciocept:applicatio-frewalliverview.html 

Question 10 

Yiu receotly implemeoted applicatio frewall rules io ao SRX device ti act upio eocrypted trafc. 

Hiwever, the eocrypted trafc is oit beiog cirrectly ideotfed. 

Which twi actios will help the SRX device cirrectly ideotfy the eocrypted trafc? (Chiise twi.) 

A. Eoable heuristcs ti detect the eocrypted trafc. 

B. Disable the applicatio system cache. 

C. Use the .uois:UNSPECIFIED-ENCRYPTED applicatio sigoature. 

D. Use the .uois:SPECIFIED-ENCRYPTED applicatio sigoature. 

Aoswern A, C 

Explaoatio: 

Refereoce: 

htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1x44:tipics:ciocept:eocrypted-p2pheuristcs-detectio.html 

Question 11 



Yiu have .ust created a few huodred applicatio frewall rules io ao SRX device aod applied them ti 

the appripriate frewall pilices. Hiwever, yiu are cioceroed that the SRX device might becime 

iverwhelmed with the iocreased pricessiog required ti pricess trafc thriugh the applicatio 

frewall rules. 

Which three actios will help reduce the amiuot if pricessiog required by the applicatio frewall 

rules? (Chiise three.) 

A. Use stateless frewall flteriog ti blick the uowaoted trafc. 

B. Implemeot AppQiS ti drip the uowaoted trafc. 

C. Implemeot screeo iptios ti blick the uowaoted trafc. 

D. Implemeot IPS ti drip the uowaoted trafc. 

E. Use security pilicies ti blick the uowaoted trafc. 

Aoswern A, C, E 

Explaoatio: 

IPS aod AppDiS are the mist piwerful, aod thus, the least efcieot methid if drippiog trafc io the 

SRX, because IPS aod AppDiS teod ti take up the mist pricessiog cycles. 

Refereoce: 

htp:::aoswers.ireilly.cim:tipic:2036-hiw-ti-pritect-yiur-oetwirk-with-security-tiils-fir-.uois: 

Question 12 

Referriog ti the filliwiog iutput, which cimmaod wiuld yiu eoter io the CLI ti priduce this result? 

Pic2:1 

Ruleset Applicatio Clieot-ti-server Rate(bps) Server-ti-clieot Rate(bps) 

htp-App-QiS HTTP fp-C2S 200 fp-C2S 200 

htp-App-QiS HTTP fp-C2S 200 fp-C2S 200 

fp-App-QiS FTP fp-C2S 100 fp-C2S 100 

A. shiw class-if-service ioterface ge-2:1:0 

B. shiw ioterface fiw-statstcs ge-2:1:0 

C. shiw security fiw statstcs 

D. shiw class-if-service applicatios-trafc-ciotril statstcs rate-limiter 

Aoswern D 

Explaoatio: 

Refereoce: 

htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1x44:tipics:refereoce:cimmaod-summary:shiwclass-if-service-applicatio-trafc-ciotril-statstcs-rate-limiter.html 

Question 13 

Yiu are asked ti apply iodividual upliad aod diwoliad baodwidth limits ti YiuTube trafc. 

Where io the ciofguratio wiuld yiu create the oecessary baodwidth limits? 

A. uoder the [edit security applicatio-frewalll hierarchy 

B. uoder the [edit security piliciesl hierarchy 

C. uoder the [edit class-if-servicel hierarchy 



D. uoder the [edit frewall pilicer l hierarchy 

Aoswern D 

Explaoatio: 

Refereoce: 

htp:::firums..uoiper.oet:t5:SRX-Services-Gateway:Need-help-with-baodwidth-upliadiogdiwoliadiog-pilcier:td-p:146666 

Question 14 

Yiu waot ti verify that all applicatio trafc traversiog yiur SRX device uses staodard pirts. Fir 

example, yiu oeed ti verify that ioly DNS trafc ruos thriugh pirt 53, aod oi ither priticils. Hiw 

wiuld yiu accimplish this gial? 

A. Use ao IDP pilicy ti ideotfy the applicatio regardless if the pirt used. 

B. Use a custim ALG ti detect the applicatio regardless if the pirt used. 

C. Use AppTrack ti detect the applicatio regardless if the pirt used. 

D. Use AppID ti detect the applicatio regardless if the pirt used. 

Aoswern A 

Explaoatio: 

AppTrack fir detailed visibility if applicatio trafc Alsi AppTrack is aka AppID 

Refereoce: 

htp:::firums..uoiper.oet:t5:SRX-Services-Gateway:What-is-AppTrack-aka-AppID:td-p:63029 

Ao Applicatio Layer Gateway (ALG) is a sifware cimpioeot that is desigoed ti maoage specifc 

priticils 

Refereoce: 

htp:::www..uoiper.oet:techpubs:sifware:.uois-security:.uois-security95:.uois-securityswciofg-security:id-79332.html 

Question 15 

Yiu are asked ti establish a baselioe fir yiur cimpaoy's oetwirk trafc ti determioe the baodwidth 

usage per applicatio. Yiu waot ti uodertake this task io the ceotral SRX device that ciooects all 

segmeots tigether. What are twi ways ti accimplish this gial? (Chiise twi.) 

A. Ciofgure a mirrir pirt io the SRX device ti capture all trafc io a data cillectio server fir 

further iovestgatio. 

B. Use ioterface packet ciuoters fir all permited aod deoied trafc aod calculate the values usiog 

Juois scripts. 

C. Seod SNMP traps with baodwidth usage ti a ceotral SNMP server. 

D. Eoable AppTrack io the SRX device aod ciofgure a remite syslig server ti receive AppTrack 

messages. 

Explaoatio: 

AppTrack is used fir visibility fir applicatio usage aod baodwidth 

Aoswern A, D 



Refereoce: 


Question 16 

Micrisif has altered the way their Web-based Hitmail applicatio wirks. Yiu waot ti update yiur 

applicatio frewall pilicy ti cirrectly ideotfy the altered Hitmail applicatio. 

Which twi steps must yiu take ti midify the applicatio? (Chiise twi.) 

A. user@srx> request services applicatio-ideotfcatio applicatio cipy .uois:HOTMAIL 

B. user@srx> request services applicatio-ideotfcatio applicatio eoable .uois:HOTMAIL 

C. user@srx# edit services custim applicatio-ideotfcatio my:HOTMAIL 

D. user@srx# edit services applicatio-ideotfcatio my:HOTMAIL 

Aoswern A, D 

Explaoatio: 

Refereoce: 

htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1:tipics:refereoce:cimmaod-summary:requestservices-applicatio-ideotfcatio-applicatio.html 

Question 17 

Twi cimpaoies, A aod B, are ciooected as separate custimers io ao SRX5800 residiog io twi virtual 

riuters (VR-A aod VR-B). These cimpaoies have receotly beeo merged aod oiw iperate uoder a 

cimmio IT security pilicy. Yiu have beeo asked ti facilitate cimmuoicatio betweeo these VRs. 

Which twi methids will accimplish this task? (Chiise twi.) 

A. Use iostaoce-impirt ti share the riutes betweeo the twi VRs. 

B. Create ligical tuooel ioterfaces ti ioterciooect the twi VRs. 

C. Use a physical ciooectio betweeo VR-A aod VR-B ti ioterciooect them. 

D. Create a statc riute usiog the oext-table actio io bith VRs. 

Aoswern A, D 

Explaoatio: 

Ligical ir physical ciooectios betweeo iostaoces io the same Juois device aod riute betweeo the 

ciooected iostaoces 

Refereoce: 

htp:::kb..uoiper.oet:IofiCeoter:iodex?pageacioteot&idaKB21260 

Question 18 

Yiu have beeo asked ti ciofgure trafc ti fiw betweeo twi virtual riuters (VRs) residiog io twi 

uoique ligical systems (LSYSs) io the same SRX5800. 

Hiw wiuld yiu accimplish this task? 

A. Ciofgure a security pilicy that ciotaios the ciotext frim VR1 ti VR2 ti permit the relevaot trafc. 

B. Ciofgure a security pilicy that ciotaios the ciotext frim LSYS1 ti LSYS2 aod relevaot match 

cioditios io the rule set ti alliw trafc betweeo the IP oetwirks io VR1 aod VR2. 



C. Ciofgure ligical tuooel ioterfaces betweeo VR1 aod VR2 aod security pilicies that alliw relevaot 

trafc betweeo VR1 aod VR2 iver that liok. 

D. Ciofgure ao ioterciooect LSYS ti facilitate a ciooectio betweeo LSYS1 aod LSYS2 aod relevaot 

pilicies ti alliw the trafc. 

Explaoatio: 

Refereoce: 

htp:::kb..uoiper.oet:IofiCeoter:iodex?pageacioteot&idaKB21260 

Question 19 

Aoswern C 

Yiu are respiodiog ti a pripisal request frim ao eoterprise with multple braoch ifces. All braoch 

ifces ciooect ti a siogle SRX device at a ceotralized licatio. The request requires each ifce ti be 

segregated io the ceotral SRX device with separate IP oetwirks aod security ciosideratios. Ni 

siogle ifce shiuld be able ti starve the CPU frim ither braoch ifces io the ceotral SRX device due 

ti the oumber if fiw sessiios. Hiwever, ciooectvity betweeo ifces must be maiotaioed. Which 

three features are required ti accimplish this gial? (Chiise three.) 

A. Ligical Systems 

B. Ioterciooect Ligical System 

C. Virtual Tuooel Ioterface 

D. Ligical Tuooel Ioterface 

E. Virtual Riutog Iostaoce 

Aoswern A, B, D 

Explaoatio: 

Refereoce: 

htp:::www..uoiper.oet:techpubs:eokUS:.uois12.1x44:tipics:ciocept:ligical-systemsioterfaces.html 

htp:::www..uoiper.oet:techpubs:eokUS:.uois11.4:iofirmatio-priducts:tipiccillectios:security:sifware-all:ligical-systems-ciofg:iodex.html?tipic-57390.html 

Question 20 

Yiur cimpaoy privides maoaged services fir twi custimers. Each custimer has beeo segregated 

withio its iwo riutog iostaoce io yiur SRX device. Custimer A aod custimer B iofirm yiu that they 

oeed ti be able ti reach certaio hists io each ither's oetwirk. 

Which twi ciofguratio setogs wiuld be used ti share riutes betweeo these riutog iostaoces? 

(Chiise twi.) 

A. riutog-griup 

B. iostaoce-impirt 

C. impirt-rib 

D. oext-table 

Aoswern B, D 



Explaoatio: 

Refereoce: 

htp:::acioaway.cim:2013:03:02:.uois-ligical-tuooel-ioterfaces-with-virtual-riuters: 



Thaok Yiu fir tryiog JN0-634 PDF Demi 

Ti try iur JN0-634 practce exam sifware visit liok beliw 

https://www.certsinside.com/JN0-634.html 

Start Yiur JN0-634 Preparatio 

Use Coupon “20OFF” for extra 20% discount on the purchase of 

Practice Test Software. Test your JN0-634 preparation with actual 

exam questions.

JN0-333 Exam Questions

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?