JN0-633 Online Practice Questions and Answers

What are two network scanning methods? (Choose two.)

A. SYN flood

B. ping of death

C. ping sweep

D. UDP scan

Which statement is true about NAT?

A. When you implement destination NAT, the router does not apply ALG services.

B. When you implement destination NAT, the router skips source NAT rules for the initiating traffic flow.

C. When you implement static NAT, each packet must go through a route lookup.

D. When you implement static NAT, the router skips destination NAT rules for the initiating traffic flow.

Which problem is introduced by setting the terminal parameter on an IPS rule?

A. The SRX device will stop IDP processing for future sessions.

B. The SRX device might detect more false positives.

C. The SRX device will terminate the session in which the terminal rule detected the attack.

D. The SRX device might miss attacks.

-- Exhibit -[edit security idp]

user@srx# show | no-more

idp-policy basic {

rulebase-ips {

rule 1 {

match {

from-zone untrust;

source-address any;

to-zone trust;

destination-address any;

application default;

attacks {

custom-attacks data-inject;

}

}

then {

action {

recommended;

}

notification {

log-attacks; } } } } }

active-policy basic;

custom-attack data-inject { recommended-action close; severity critical; attack-type {

signature {

context mssql-query;

pattern "SELECT * FROM accounts";

direction client-to-server;

}

} } -- Exhibit -

You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you

want to improve the efficiency and performance of your IDP.

Which two commands should you use? (Choose two.)

A. set custom attack data-inject recommended-action drop

B. set custom-attack data-inject attack-type signature protocol-binding tcp

C. set idp-policy basic rulebase-ips rule 1 match destination-address webserver

D. set idp-policy basic rulebase-ips rule 1 match application any

You are asked to implement the AppFW feature on an SRX Series device.

Which three tasks must be performed to make the feature work? (Choose three.)

A. Configure a firewall filter that includes the application-firewall policy.

B. Install an IPS license.

C. Install an AppSecure license.

D. Configure a security policy that includes the application-firewall policy.

E. Configure an application-firewall policy.

Click the Exhibit button.

{primarynode0}[edit security idp idp-policy test-ips-policy]

user@host# show

rulebase-ips {

rule r1 {

match {

source-address any;

attacks {

predefined-attack-groups “HTTP - All”;

}

}

then {

action {

drop-packet;

}

}

terminal;

}

rule r2 {

match {

source-address 172.16.0.0/12;

attacks {

predefined-attack-groups “FTP - All”;

}

then {

action {

no-action;

}

}

}

rule r3 {

match {

source-address 172.16.0.0/12;

attacks {

predefined-attack-groups “TELNET - All”;

}

}

then {

action {

no-action;

}

}

}

rule r4 {

match {

source-address any;

attacks {

predefined-attack-groups “FTP - All”;

}

}

then {

action {

drop-packet;

}

}

}

}

A user with IP address 172.301.100 initiates an FTP session to a host with IP address 10.100.1.50 through

an SRX Series device and is subject to the IPS policy shown in the exhibit.

cd ~root command, which statement is correct?

If the user tries to execute the

A. The FTP command will be denied with the offending packet dropped and the session will be closed by the SRX device.

B. The FTP command will be denied with the offending packet dropped and the rest of the FTP session will be inspected by the IPS policy.

C. The FTP command will be allowed to execute and the rest of the FTP session will be ignored by the IPS policy.

D. The FTP command will be allowed to execute but any other attacks executed during the session will be inspected.

You are asked to establish a hub-and-spoke IPsec VPN using your SRX Series device as the hub. All of your spoke devices are third-party devices.

Which statement is correct?

A. You must create a policy-based VPN on the hub device when peering with third-party devices.

B. You must always peer using loopback addresses when using non-Junos devices as your spokes.

C. You must statically configure the next-hop tunnel binding table entries for each of the third- party spoke devices.

D. You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.

How does the SRX5800, in transparent mode, signal failover to the connected switches?

A. It initiates spanning-tree BPDUs.

B. It sends out gratuitous ARPs.

C. It flaps the impaired interfaces.

D. It uses an IP address monitoring configuration.

Click the Exhibit button.

[edit security idp-policy test] user@host# show rulebase-ips {

rule R3 {

match {

source-address any;

destination-address any;

attacks {

predefined-attacks FTP:USER:ROOT;

}

}

then {

action {

recommended;

}

}

terminal;

}

rule R4 {

match {

source-address any;

destination-address any;

attacks {

predefined-attacks HTTP:HOTMAIL:FILE-UPLOAD;

}

}

then {

action { recommended; } } } }

You have just committed the new IDP policy shown in the exhibit. However, you notice no action is taken on traffic matching the R4 IDP rule. Which two actions will resolve the problem? (Choose two.)

A. Change the R4 rule to match on a predefined attack group.

B. Insert the R4 rule above the R3 rule.

C. Delete the terminal statement from the R3 rule.

D. Change the IPS rulebase to an exempt rulebase.

Which configurable SRX Series device feature allows you to capture transit traffic?

A. syslog

B. traceoptions

C. packet-capture

D. archival