JN0-333 Online Practice Questions and Answers
What are the maximum number of redundancy groups that would be used on a chassis cluster?
A. The maximum number of redundancy groups use is equal to the number of configured physical interfaces.
B. The maximum number of redundancy groups use is equal to one more than the number of configured physical interfaces.
C. The maximum number of redundancy groups use is equal to the number of configured logical interfaces.
D. The maximum number of redundancy groups use is equal to one more than the number of configured logical interfaces.
What are two valid zones available on an SRX Series device? (Choose two.)
A. security zones
B. policy zones
C. transit zones
D. functional zones
Clients at a remote office are accessing a website that is against your company Internet policy. You change the action of the security policy that controls HTTP access from permit to deny on the remote office SRX Series device. After committing the policy change, you notice that new users cannot access the website but users that have existing sessions on the device still have access. You want to block all user sessions immediately.
Which change would you make on the SRX Series device to accomplish this task?
A. Add the set security flow tcp-session rst-invalidate-session option to the configuration and commit the change.
B. Add the set security policies policy-rematch parameter to the configuration and commit the change.
C. Add the security flow tcp-session strict-syn-check option to the configuration and commit the change.
D. Issue the commit full command from the top of the configuration hierarchy.
Which two statements are true when implementing source NAT on an SRX Series device? (Choose two.)
A. Source NAT is applied before the security policy search.
B. Source NAT is applied after the route table lookup.
C. Source NAT is applied before the route table lookup.
D. Source NAT is applied after the security policy search.
What are three defined zone types on an SRX Series device?
A. dynamic
B. junos-host
C. null
D. functional
E. routing
Which statement is true about Perfect Forward Secrecy (PFS)?
A. PFS is used to resolve compatibility issues with third-party IPsec peers.
B. PFS is implemented during Phase 1 of IKE negotiations and decreases the amount of time required for IKE negotiations to complete.
C. PFS increases security by forcing the peers to perform a second DH exchange during Phase 2.
D. PFS increases the IPsec VPN encryption key length and uses RSA or DSA certificates.
Which UDP port is used in Ipsec tunneling when NAT-T is in use?
A. 50
B. 4500
C. 500
D. 51
Click the Exhibit button.
You are configuring an OSPF session between two SRX Series devices. The session will not come up.
Referring to the exhibit, which configuration change will solve this problem?
A. Configure a loopback interface and add it to the trust zone.
B. Configure the host-inbound-traffic protocols ospf parameter in the trust security zone.
C. Configure the application junos-ospf parameter in the allow-trusted-traffic security policy.
D. Configure the host-inbound-traffic system-services any-service parameter in the trust security zone.
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)
A. Verify that the IKE gateway proposals on the initiator and responder are the same.
B. Verify that the VPN tunnel configuration references the correct IKE gateway.
C. Verify that the IKE initiator is configured for main mode.
D. Verify that the IPsec policy references the correct IKE proposals.
Click the Exhibit button.
Which two statements describe the output shown in the exhibit? (Choose two.)
A. Node 0 is controlling traffic for redundancy group 1.
B. Node 1 is controlling traffic for redundancy group 1.
C. Redundancy group 1 experienced an operational failure.
D. Redundancy group 1 was administratively failed over.