JN0-333 Online Practice Questions and Answers

You are asked to change when your SRX high availability failover occurs. One network interface is considered more important than others in the high availability configuration. You want to prioritize failover based on the state of that interface.

Which configuration would accomplish this task?

A. Create a VRRP group configuration that lists the reth's IP address as the VIP while using each physical interface that make up the reth definition of each SRX HA pair.

B. Configure IP monitoring of the important interface's IP address and adjust the heartbeat interval and heartbeat threshold to the shortest settings.

C. Create a separate redundancy group to isolate the important interface; set the priority of the new redundancy group to 255.

D. Configure interface monitor inside the redundancy group that contains the important physical interface; adjust the weight associated with the monitored interface to 255.

Which two modes are supported during the Phase 1 IKE negotiations used to establish an IPsec tunnel? (Choose two.)

A. transport mode

B. aggressive mode

C. main mode

D. tunnel mode

After an SRX Series device processes the first packet of a session, how are subsequent packets for the same session processed?

A. They are processed using fast-path processing.

B. They are forwarded to the control plane for deep packet inspection.

C. All packets are processed in the same manner.

D. They are queued on the outbound interface until a matching security policy is found.

You are asked to support source NAT for an application that requires that its original source port not be changed.

Which configuration would satisfy the requirement?

A. Configure a source NAT rule that references an IP address pool with interface proxy ARP enabled.

B. Configure the egress interface to source NAT fixed-port status.

C. Configure a source NAT rule that references an IP address pool with the port no-translation parameter enabled.

D. Configure a source NAT rule that sets the egress interface to the overload status.

Click the Exhibit button.

Host A is attempting to connect to Host B using the domain name, which is tied to a public IP address. All attempts to connect to Host B have failed. You have examined the configuration on your SRX340 and determined that a NAT policy is required.

Referring to the exhibit, which two NAT types will allow Host A to connect to Host B? (Choose two.)

A. source NAT

B. NAT-T

C. destination NAT

D. static NAT

Click the exhibit button.

Referring to the exhibit, which statement is true?

A. Packets entering the interface are being dropped because of a stateless filter.

B. Packets entering the interface matching an ALG are getting dropped.

C. TCP packets entering the interface are failing the TCP sequence check.

D. Packets entering the interface are getting dropped because the interface is not bound to a zone.

Click the Exhibit button.

A customer would like to monitor their VPN using dead peer detection.

Referring to the exhibit, for how many minutes was the peer down before the customer was notified?

A. 5

B. 3

C. 4

D. 2

Which host-inbound-traffic security zone parameter would allow access to the REST API configured to listen on custom TCP port 5080?

A. http

B. all

C. xnm-clear-text

D. any-service

Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?

A. Implement a firewall filter on the security zone trust.

B. Implement a security policy from security zone junos-host to security zone trust.

C. Implement host-inbound-traffic system-services to allow SSH.

D. Implement a security policy from security zone trust to security zone junos-host.

What are the maximum number of supported interfaces on a vSRX hosted in a VMware environment?

A. 12

B. 3

C. 10

D. 4